Skills & Scenarios
Skills & Scenarios
Skills & Scenarios
Leadership & Governance
Leadership & Governance
Clients, Partners & the Supply Chain
Our valued clients, end clients, partners and suppliers include HMG Departments and their Supply Chains
CLIENTS
EXAMPLE CASE STUDIES
2004 - 2021
CEO
Evidence of Compliance
We are a major UK Government supplier. I need to provide evidence of compliance with our contract and the Schedules including 2.4, following a partner organisation's widely-publicised breach.
Breach of Contract
Contractual clauses
Our largest client has advised us we are in breach of contract due to a lack of evidence of compliance with contractual cyber security requirements. I need a review of our contractual obligations.
Supply Chain Lead
Review and assessment
I'm accountable for security in our supply chain. I need a trusted expert to lead a complex programme to determine the current level of risk from our suppliers' level of security compliance including Cyber Essentials controls, NCSC's 10 Steps and ISO27001.
CFO
Certification
I'm accountable for our cyber security and data protection risks. I'm aware we have achieved ISO27001 certification but a potential client has questioned the scope of our SOA and GDPR compliance. I need a trusted review of our current position.
Global Risk Owner
Serious incident
I've been summoned to our HQ following a serious incident. I need a trusted expert to help me understand the potential consequences of what happened, what should have prevented it, what risk mitigation we have in place today and what changes we can implement relatively quickly.
Cyber Risk Owner
Governance
I'm now responsible for cyber security in our department. I need to understand what we should be doing (mandatory requirements) and who should be doing it (roles and responsibilities).
CISO
Supply Chain Securiy
One of our suppliers has advised us of a recent security incident. I need someone to liaise with all key stakeholders in the supply chain, lead the investigation at a senior executive level and explain to me what has happened, what the potential impact is and what our options are going forward.
Investigation Owner
Internal investigation
I'm responsible for cyber security risk for our department. A member of staff recently reported an internal security breach to me and I need assistance from a trusted expert. We may need to report the incident to the police and initiate legal proceedings.
Accountable & Liable
Compliance and investigation
I've been advised a member of staff is responsible for a breach of security which must be reported to our Government client, the ICO and potentially law enforcement. I need a second opinion.
CONSULTANCY
Lockcode's CEO and Founder, Samantha, started her specialist infosec career as a Research Scientist for the UK Defence and Evaluation Research Agency (DERA) over 21 years ago, and has over 38 years’ experience in science, technology and engineering.
Samantha Sanderson
BSc (Hons), LCCP, MIET
HMG CERTIFIED PROFESSIONAL CONSULTANCY SERVICES
Sam has provided specialist technical security consultancy and coaching services to Government departments and their supply chains in the defence, intelligence, central government, law enforcement and the regulatory environment. She also provides specialist coaching and mentoring services for existing and aspiring information and cyber security leaders.
NCSC CCP LEAD SIRA | CLAS | ITPC
She has achieved specialist HMG security certifications during her infosec career including CESG (formerly part of GCHQ) Listed Advisor Scheme (CLAS) and is one of the few National Cyber Security Centre (NCSC) Certified Professional Security and Information Risk Advisors (SIRA) at the Lead level.
HMG CYBER SECURITY COMMERCIAL GROWTH
In 2015 and 2016 Samantha delivered the HMG-funded role of Cyber Security Small Business Champion, delivered through techUK, addressing the barriers faced by small cyber security businesses in the supply chain.
NCSC CERTIFIED TRAINING (GCT)
Through her company, Lockcode, Samantha also authors online NCSC Certified Training courses and packages, designed to help busy executives understand and tackle the challenges of cyber security leadership and governance.
SOUTH EAST CYBER | COMMUNITY
She is also the founder of South East Cyber (SECyber), a not-for-profit organisation providing free cyber security training, education and awareness workshops to SME business leaders in the South East of England. SeCyber speakers and advisors have included DCMS and other Government departments, techUK, Surrey and Sussex Cyber Crime Unit, South East Regional Organised Crime Unit, Cyber Security Challenge, Barclays Bank, Knowledge Transfer Network, investors and industry.
