What we do

When you mix a fierce intelligence with curiosity and the highest level of cyber security experience you get a team that is able to address the most complex and fast moving cyber risks in new ways. Ways that combine clarity and understanding with a forthright and pragmatic approach towards containment and balance.

We use a mix of tools to achieve this: Risk Analysis, Security Review, Security Architecture and Security Monitoring.

“2T Security took on board my mission and internalised it. Conversations were about what did we need to do, not what I was paying them to do or what they were contracted to do!”

Why 2T Security?

We are the independent experts on your side. We exist to tackle the most complex and critical situations. In the midst of constantly changing risk we bring calm and understanding, solid experience and the safest pair of hands.

CPU 5G Circuit Board Background


RiskTree puts you on the front foot. It is a unique piece of software that distills complex evolving risks into clear components that can be analysed, understood and balanced.


Our experience has shaped our expertise. We pride ourselves on turning the most complex critical risks into clear, actionable processes. Much of the high level work we do for government departments isn’t sharable online. Here are a few case studies that we are allowed to talk about publicly.


Test and Trace

Supporting the Test and Trace Programme.


Security programme

Enabling DWP to operate its business and online services securely as part of a multi-million transformation.

Latest Insights

Change is constant in our world. Keeping pace with new thinking and practices is a given. This is a chance to explore a range of different ideas from industry experts.

If you manage risk, one vital part of your job is reporting your project’s status and results to other groups: the board, management, and external auditors. And when building reports, risk managers must pay careful attention to the relationships of the intended audiences.
We typically don't divulge much of our work, partly because we're security professionals, but also because we've been focused on building an exceptional business. Nevertheless, we are incredibly proud of our team, clients, and delivery. We want to express our gratitude to all those who have been a part of our journey.
Recently we discussed the security of RiskTree with a client, who ran through the NCSC Cloud Security Principles. Since RiskTree is delivered as software-as-a-service, this made sense. One point that arose was the lack of Multi-Factor Authentication (MFA) in use: CSP Principle 10 states that 2FA is ‘considered good practice’, using either a hardware or software token or out-of-band challenge.