technology design & product analysis


funding pattern analytics


market knowledge maximization


security architecture OPTIMISATION


competitive analysis

A few things we’re great at

The Cyber Hut is singularly focused on the global cyber and information security market. Whether you are procuring a maritime secure communications platform, analysing the drone cyber security market for future investment or seeking the latest startup design patterns, The Cyber Hut will have an opinion. 

Some of the technology areas we cover include: 


MFA. OTP. OATH. WebAuthn. FIDO. UAF. U2F. Biometrics. Push. Pin. Passwordless.  PKI. Challenge/Response.  


PDP/PEP/PIP. OAuth2. OIDC. Transactional. Declarative Authorization. Policy Based Access Control. RBAC. ABAC. 

id management

Provisioning. Connectors. Workflow. Data Synchronisation. Correlation.  

ID Governance

Access Request. Access Review.  Certification.  Identity Audit.  Compliance.  Reporting.  Analytics.

RISK & threat

Risk Management.  Risk Evaluation. ISO27001/2. NIST CSF. OWASP. CIS Controls. Diamond Model. STRIDE


APIs. Microservices. Security as Code. Runtime Application Self Protection. DevSecOps

data security

Privacy.  Vaulting.  Consent Management.  Application Level Encryption.  Data Integrity Services.


Smart cards. EMV. SIM. IoT.  IIoT.  ICS. Drones. Trusted Platform Module. Secure Elements. ID cards.

The Role of Security Economics

Security design, implementation and controls are applicable to many sectors and verticals in both the private and public sector. The Cyber Hut develops research for a range of sectors and use cases, focused on the confidentiality, integrity and availability of information assets. 

We analyse using a range of economic models and concepts to understand why security fails, why certain startups receive funding, why organisations don’t invest in critical controls.

Some examples of our more focused research areas include:

Who is funding emerging security startups, when and why?

If passwords are so bad, why are organisations not switching to passwordless?

is resilience and recovery more important than protection?

how to analyse end to end security for drones and autonomous transport?

how to apply security to critical infrastructure and non-information assets?

what is the market for information and cyber warfare defence and counter measures?