According to Peter Wood, First Base's founder, after building up a healthy client based mainly in the financial services sector, his company is now moving into penetration testing for other types of companies, including public sector businesses.
As part of this diversification, First Base is expanding its staff from seven to nine, all of whom with be fully employed by the company.
"We prefer to employ people directly, because of the confidential and highly technical nature of what we do," said Wood, adding that, as part of pitching for new clients, his company is going for GCHQ/CESG Check compliance certification.
The Check scheme – the IT health check service – which is administered by the CESG, formerly known as the Communications and Electronic Security Group section of GCHQ, is a pre-requisite for central government IT testing.
Subscriber (accredited) organisations in the scheme are required to maintain strict ethical standards, and certified individuals are automatically vetted to at least 'confidential clearance' status on government files and, subject to GCHQ agreement, 'secret clearance' levels.
Wood told Infosecurity that as part of the changes, he will become CEO of First Base, with Keiron Northmore his chief of operations and Didi Barnes the firm's chief financial officer.
"Keiron has been running the firm's fee earning operations for the past two years, and his new title properly reflects that responsibility", he said.
"Over the same period, my responsibilities have been increasingly about oversight and evangelising about good security practice, making CEO a logical choice for my title", he added.
Wood went on to say that this coming April will mark the 21st anniversary of First Base Technologies, which was founded in 1989 as an ethical hacking firm providing penetration testing and social engineering services to global organisations and government.
The First Base approach, he explained, combines ethical hacking techniques and commercial vulnerability scanning in a powerful combination, giving a clients a comprehensive review of their security and business risks.