About us

Who we are and why you might work with us

Company overview

4ARMED is a privately held UK Limited company that began trading in 2013 with a simple mission:

To be our clients' application and cloud security go-to

Not sure what a go-to is? Dictionary.com sums it up pretty well:

  • being a person who can be turned to for expert knowledge, advice, or reliable performance, especially in a crucial situation
  • noting something that can always be relied on to bring satisfaction, success, or good results

We achieve this through consistently providing meaningful, effective advice, high quality engagements, listening and adapting to our clients needs and feeding all of this back through our quality management processes to make sure we are continually improving.

We’re hackers…

Who better to help you improve your application security? We’re the good guys but we’ve got the same tricks up our sleeves as the bad guys.

All our consultants have been hacking for so long they don’t remember a time when they didn’t but, crucially, they are all great communicators. If you want the classic IT geek in the corner who doesn’t speak to anyone, we’re not the company for you. If you want a team of consultants who know how to engage senior management, who’ve worked in the wider IT industry and had to worry about defending networks, software development priorities, compliance requirements, user needs and all the other great day-to-day challenges security teams face and who have the technical skills to assess, advise, educate and respond to your requirements, you’ve just found the right company.

…Qualified Hackers

All our consultants have attained professional qualifications including CREST Certified Tester (CCT-APP), GIAC Web Application Penetration Tester (GWAPT) and CISSP, demonstrating the high standard to which we operate. We don’t rest on our laurels though. Just as security threats evolve, so must our knowledge of them. We invest significantly in our staff with ongoing training and regular attendance at events across the IT industry, not just IT security.

Our consultants are also active members of various security organisations including OWASP and can often be found speaking at various events on both technical and non-technical information security topics.

Our Values

Our company values are very straightforward but very important to us.

When you’re thinking about working with an organisation to help with your application and cloud security, we think it’s important to choose a company like ours who are open, honest and value trust.

No nonsense

Do the right thing

Be part of the solution

Have fun

Give back

Our Accreditations


CREST is a not for profit organisation that serves the needs of a technical information security marketplace that requires the services of a regulated professional services industry.

CREST provides organisations wishing to buy penetration testing services, threat intelligence or incident response services with confidence that the work will be carried out by qualified individuals with up to date knowledge, skill and competence of the latest vulnerabilities and techniques used by real attackers.

4ARMED is a full member company of CREST. Further information on CREST can be found at www.crest-approved.org.


ISO27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.

4ARMED has been certified by UKAS accredited British Assessment Bureau as meeting the requirements of ISO27001 demonstrating our strong commitment to practising what we preach.


ISO9001 is the international quality management standard that ensures compliant organisations have a customer-centric approach to the services they provide and a culture of continual improvement.

4ARMED has been certified by UKAS accredited British Assessment Bureau as meeting the requirements of ISO9001 showing high quality is at the core of everything we do.

Company Ethos

Tired of the Fear, Uncertainty and Doubt?

The information security industry continues to use FUD as its primary marketing lever. It’s hard to put into words just how much this gets our goat. So much that our Technical Director - Marc Wickenden - founded this entire company to deliver high quality information security services without using FUD to do it.

No nonsense Application and Cloud Security

Information security is just one part of your business agenda so we act like it. There is no doom-mongering, sky is falling nonsense from us. You get effective, no-nonsense engagements delivered by experienced, professional consultants.

We keep things simple and clear throughout our engagements. We listen to your requirements and develop a work package to meet it. There are no one-size-fits-all solutions when it comes to security so our recommendations and advice are tailored to your organisation and your needs.

Risky Business

Aren’t security breaches a concern? Well of course there’s a risk but that’s the whole point. It is not inevitable that you will suffer a security breach, there’s a risk.

Security decisions should be risk-based and threat-led, regardless of your company size, sector or culture. The key ingredient is awareness, awareness of where the value in your organisation comes from, what’s technically possible for an attacker to achieve, what’s happening to similar companies to yours, where your weak points are. Armed with this information you can start to make sensible decisions about whether to implement controls to reduce your risk.

Forewarned is forearmed

Advance warning provides an advantage.

Which is what it’s all about really. By helping organisations understand their current risk and providing specialised assistance where needed, our clients can prepare for threats should they arise.