We are able to deliver some of our courses on client sites, please let us know if you are interested in hearing more about this. Are you interested in any of our other services? (Tick as needed)


Thanks you for your enquiry.
One of our team will be in touch shortly.

Consultancy Services

Our Services

Penetration Testing Services

Penetration testing is a form of security assessment designed to expose vulnerabilities within your IT systems. Penetration testing is carried out by experienced penetration testers, otherwise known as ethical hackers, who follow a methodical process of reconnaissance, enumeration, vulnerability assessment and exploitation. This culminates in the production of a report detailing any vulnerabilities found, the level of risk you are exposed to and the steps you should consider taking to reduce the threat.

Penetration testing is often required when seeking compliance with security standards such as ISO/IEC 27001 and PCI DSS. Under the General Data Protection Regulation, the Information Commissioners Office can levy fines up to 4% of annual global turnover or €20 million; whichever is greater. Periodic penetration testing can serve to protect your business from these fines by uncovering vulnerabilities and resolve them before they are used against your business. It is good practice to conduct a penetration to ensure the security of new applications or changes to business processes.

Through our CREST accredited penetration testing consultants we offer a variety of services ranging from unobtrusive high-level reconnaissance, to advanced result focused testing.

Web Application Penetration Testing

Covering both internal and external web application security assessments, website security testing and source code reviews.

External Network Penetration Testing

Testing your company’s digital perimeter services for security vulnerabilities in servers, hosts, devices and network services.

Internal Network Penetration Testing

Simulating either a disgruntled employee or someone gaining physical access to your company and assessing vulnerabilities and exploits from both an authenticated and non-authenticated perspective.

Wireless Penetration Testing

Assessing the security of your company’s wireless networks, weak encryption algorithms and ensuring rogue wireless access points do not exist.

Phishing Campaigns

Phishing is a method of attack that criminals use to attempt to acquire sensitive information from people. This could be in the form of someone’s username, email, password, credit card number or even where they live.

Phishing via email is the most common attack vector but attacks can also come from malicious phone calls, text messages and social media. The main types of attack include:

Spear Phishing

Spear phishing is professional phishing. The attackers take their time to learn about the victim or victims. They craft emails that create emotional responses, build personas to trick people into believing they are talking to someone they know; they essentially target the victim. Normally, when this occurs, the extra effort is put in because the rewards are greater and it increases the chance of success.

Spam Phishing

This type of phishing is what you see nearly everyday in your email inbox. These are the emails from people saying they want to invest vast sums of money with you, they are often time sensitive, require you to verify accounts and often have a lot of spelling mistakes. Most of the time they end up in your junk folder but when they don’t, they are hopefully the easiest to spot.


Whaling are phishing attempts targeting the executives or top decision makers of a business. They try and impersonate the CEO, CFO or someone of similar rank. The motivation behind this is that these people have the authority to make important decisions. For example, they can sign off on large payments. Attackers will claim to be these individuals, send emails to members of staff asking for payments to be made to new bank accounts in the hope that the con goes unnoticed or when it does its too late.


Vishing is voice phishing. Basically, the attacker calls up his victim looking to extract personal information from the victim. This is normally in the form of bank details, usernames and passwords. Phone phishing is usually conducted without caller ID or the caller ID is spoofed to make it look like it is coming from someone genuine.


Smishing is text messaging phishing. This attack involves the attacker using SMS text services to either impersonate or entice the victim into clicking on a link within the message, which leads to a malicious site, with the sole aim to extract personal information from them.

Physical Phishing

Physical phishing is where an attacker actually engages with the victim face-to-face to gain the information they require. This could be for example, posing as a charity worker outside a targeted business trying to gain employees email addresses, it could be frequenting bars near to the business to eavesdrop on conversations or it could be just physically scoping out infrastructure as a delivery man to try and see what operating system the business uses or what printer make and models are in the office.

Search Engine Phishing

Search Engine phishing is a type of attack where criminals create fake website pages, like your social media login pages, in the hope that you will land on these pages, not notice they are impersonations and you input your personal data.

Crucial’s Advanced Phishing Campaigns

Crucial’s Advanced Phishing campaign service is not your usual send email to employees in the hope they pick out and report the phish. Our service is more about actually stepping into the shoes of an attacker and delivering a full phishing campaign against your business, much like how it happens in real life. 

Our service is outlined below in full, but essentially, we will conduct full reconnaissance against your business and employees, looking for vulnerabilities, data leakage and weaknesses. We will build infrastructure, like an attacker would, allowing us to build landing pages as an example of what could be used in an attack. We will utilise all manner of the attacks mentioned above to try and gain information from the business. If you feel you and your employees are tired of the usual mundane email phishing simulations, why not try something a bit more challenging?

Gold Package
  • Full Week reconnaissance on business and employees (inc. infrastructure build)
  • Phishing campaign (spaced over a defined period)
  • Methods utilised:
  • Email (Spear, Whaling etc)
  • Physical (Mailing/other)
  • Vishing (Voice)
  • Smishing (SMS)
  • Full Analysis of campaign
  • On-site report and recommendations presentation 
Silver Package
  • 3 Day reconnaissance on business and employees (inc. infrastructure build)
  • Phishing campaign (spaced over a defined period) 
  • Methods utilised:
  • Email (Spear, Whaling etc)
  • Vishing (Voice)
  • Smishing (SMS)
  • Full Analysis of campaign
  • On-site report and recommendations presentation 
Bronze Package
  • 2 Day reconnaissance on business and employees (inc. infrastructure build)
  • Phishing campaign (spaced over a defined period)
  • Methods utilised:
  • Email (Spear, Whaling etc)
  • Smishing (SMS)
  • Full Analysis
  • Report and Recommendations sent via email

Employee Training

A number of our courses can be delivered remotely on site to your employees, the courses are interactive and encourage participation in order to get the most out of the experience.

Crucial Academy can also help to develop a bespoke course for your customers around your latest product offering to ensure that your customers are getting the most out of the service. If you are interested in hearing more about our employee training services please get in touch with us or alternatively, check out our training services page for more info about our current courses.

Hire Military Talent

There is a good chance you already know why hiring military talent is good for business. If not, let us tell you about some of the qualities that your organisation can benefit from. They are highly trainable, they can make great leaders, take constructive criticism, are used to working in a team and able to operate to deadlines and perform whilst under pressure. The list goes on!

Our Military Programme handpicks the most talented service leavers and ex-military before putting them through our rigorous application and selection process. If successful, they will then attend one of our globally accredited vocational courses in their chosen field of cyber security and information assurance (see training services for our course list).

We understand you are busy, and that recruitment can be time consuming and expensive. For those reasons we have two simple commercial models to choose from.

1. Flat fee per hire


2. A small monthly retainer (offering huge savings versus a standard recruitment model)

If you are interested in hiring military talent or finding out more about our service, please get in touch via the enquiry button.

What our customers say about us

“I was lucky enough to be on the first offensive course. The training and qualification gained from the Crucial Academy allowed me to step straight into a career as a penetration tester. I cannot recommend the Crucial Academy highly enough to those starting their new cyber career”

Context IS

"I attended the Defensive Course in July 2018 and I would urge anyone with an interest in a cyber career to attend. A professionally run team with a wealth of knowledge, that helped me expand my military cyber experience and gain new qualifications that secured me a new career route"

MWR InfoSecurity

"I attended the Crucial Academy Information Assurance course in July 2018. The organisation provides great opportunities, helping to advance your career into cyber. I would recommend this company to others"


"I attended the Crest Registered Threat Intelligence Analyst course at the Crucial Academy in November 2018. I can't thank Crucial Academy enough, the instructors, guest speakers and the mentors were all truly fantastic. They enabled me to gain a deeper understanding about cyber security, helped me to focus on what was relevant, gave me plenty of useful links and self study tutorials"


"I attended Crucial Academy's first Information Assurance and Cyber Threat Intelligence courses. The content and instruction on both were of a very high standard. The Crucial offer is an incredible opportunity, not to be missed, for current and ex-military hoping to transition into Information/Cyber Security"


"Crucial Academy provided an impressive fusion of real-world experience with subject matter expertise. This training ensured that the students not only passed their exam but came away with the information to be better information security professionals. I recommend Crucial Academy to anyone looking to improve their understanding of cyber security"


"I attended Crucial Academy's Cyber Threat Intelligence course and was incredibly pleased with the quality of instruction. I struggled in one or two areas and the instructor went out of his way to sit with me and run through everything after hours until I was happy. Great bunch of people and a fantastic offering"