Case Study

Totally Money

What we did for Totally Money

Wingman Virtual Chief Information Security Officer (vCISO)

Industry: Finance

Published: 30/08/2021

Project Overview

SEP2 provide TotallyMoney with a Virtual CISO (Chief Information Security Officer) service, as well as technical tools and policy advisory and vulnerability management.

TotallyMoney is a business operating in the financial technology (FinTech) sector, offering their customers free credit reports and scores. By translating credit data and presenting it meaningfully, TotallyMoney delivers its mission: To improve the UK’s credit score and help people move on up to a better future.

The Challenge

CISO role left vacant
Risk of rehiring too quickly and ending up with the wrong person in the role

The Solution

SEP2’s vCISO functioned as a member of the Totally Money team
All the benefit of the SEP2 24/7/365 SOC

The Challenge

In 2020, TotallyMoney were receiving support from SEP2 for penetration testing and other tasks. Soon after this successful intervention, TotallyMoney was left with a challenge when their Chief Information Security Officer moved on leaving the role vacant. As a regulated business, the role of a CISO must be always filled. However, as a conscientious business, they recognised that a quick fix could result in employing the wrong individual. Mark Durrand, Chief Technology Officer at TotallyMoney already had a good working relationship in place with SEP2 and SEP2 were quick to respond when asked for help, Mark said “We needed to fill the position urgently, and we liked everything we saw.”

The Solution

This partnership ensures that TotallyMoney can focus on empowering customers with better credit information while maintaining robust security. With SEP2’s expert guidance, TotallyMoney is well-equipped to navigate the evolving digital landscape confidently and securely.

Client Testimonial

“We wanted someone we could embed in our team. Someone who understands how we fix vulnerabilities and respond to threats. Paul works like a normal TotallyMoney team member.”
Mark Durrand, Chief Technology Officer

Testimonials

Hear From Those We Protect

You’re vendor agnostic, which is key for growth, and your team are providing really good insights in terms of the alerts raised. They also provide meaningful context behind them, which is great for us as an organisation,”

When we hit the limits of our knowledge, it’s having SEP2 there to say, ‘Try these things first.’ That expertise on hand is really important to us.

To have people like that around our account that we can pick the phone up to and ask questions was refreshing. Ultimately, we trusted SEP2 and we trust you with our cyber security.

Often the term used is ‘you can’t see the wood for the trees’. Most organisations implement security tooling tools and you’ve got different dashboards. The idea is you put them into a single place, and leverage expert resource such as the SEP2 SOC that actually understands that data and work with it on a daily basis. They can assess it case-by-case and escalate it back to us at Funding Circle only when necessary. And that whole process has been really, really smooth.

They are phenomenal: both personable and very knowledgeable. Our main contact is like a fountain of knowledge. If you ask him a question, he always comes back with ten answers – all the shades of grey, not just a ‘Yes’ or ‘No.’ To me that shows the level of passion he has, and that he really wants to do things properly.

The original group of people who founded SEP2 were very deep in their knowledge of this type of technology, which can be complicated. It’s become the whole field of firewalls, intrusion prevention, antivirus, ransomware, etc. Cyber security as a whole has really ballooned, and there’s lots of dimensions to it, but you’ve managed to keep up.

During the evaluation process it was clear to me that SEP2 were the strongest candidate from a technical standpoint. During our first meeting, their ability to give immediate solutions to ongoing issues we were experiencing at the time was a breath of fresh air.

SEP2 are knowledgeable, motivated and switched on; they take ownership and they have a drive for resolution. They know their stuff! They are not merely a firewall partner, they are a cyber security partner. They take a strategic approach. They are approachable and offer additional value outside of their support contract. Working with SEP2 means we are no longer fire-fighting; rather we can now take a step back and proactively get things sorted. SEP2 say they are tech driven and people powered, and that’s exactly what they are! It all comes down to the people you are dealing with.

They live and breathe the technology. It comes from the top, however, everyone is an expert within SEP2, from sales through to the service desk. We don’t want to wait to be told what more we can get from vendors’ products. SEP2 are great in pro-actively helping us achieve value-add solutions. They aren’t about chasing revenues, they are about providing best possible value.