Cyber security expertise you can trust
Mustard Research has delivered specialist cyber security consultancy since 1993. From PCI DSS compliance to penetration testing and security audits, we help organisations protect what matters most.
Security compliance isn't getting easier
The threat landscape evolves constantly. Regulations tighten. Auditors scrutinise harder. For organisations handling payments, sensitive data or critical infrastructure, the cost of getting it wrong — financially and reputationally — has never been higher.
What you need is an adviser who has been at the sharp end of these challenges for over three decades — someone who can cut through complexity and give you a clear, honest view of where you stand and what to do about it.
What we do
Specialist cyber security services delivered by a senior practitioner with over three decades of real-world experience.
PCI DSS Compliance
Qualified Security Assessor (QSA) services helping organisations achieve and maintain PCI DSS compliance — from gap analysis through to full certification.
Penetration Testing
Rigorous infrastructure and application penetration testing — including AI-assisted techniques — to uncover vulnerabilities before attackers do.
Security Audit & Risk
Independent technical security audits, ISO 27001 assessments, fraud and breach investigations, and risk assessments grounded in decades of hands-on experience.
AI Security Consultancy
Security reviews of AI systems, adversarial testing and governance advice — plus AI-assisted techniques applied to penetration testing and audit.
Trusted by leading organisations
Why organisations choose Mustard Research
Founded in 1993 by Dave Marsh, Mustard Research brings a rare combination of deep technical engineering and senior consulting experience. We have worked at the sharp end of cyber security for over 30 years — building cryptographic systems, auditing global banks and delivering PCI compliance for household names.
More about usFounder-led delivery
Every engagement is led personally by Dave Marsh — a PCI DSS QSA, CISM and ISO 27001 Lead Auditor with over 30 years of hands-on cyber security experience.
Deep payment security expertise
From designing cryptographic security layers for BP and ABN AMRO to HSBC direct connect payments, we have engineered and audited some of the most complex payment systems in the world.
Proven at the highest level
Our track record spans global banks, FTSE-listed companies and major retailers — organisations where getting security right really matters.
Clear, actionable reporting
We translate complex technical and regulatory findings into plain language. Our reports are concise, evidence-based and designed to drive decisions — not gather dust.
What clients say
Feedback from senior professionals at some of the world's most respected organisations.
Dave played a major role in designing HSBC's premier epayment solution. His knowledge of IT security and concepts was excellent and directly through him he passed on a vast amount of knowledge. I wouldn't hesitate to recommend Dave for any position.
Dave helped us out at Mitsubishi UFJ Securities on very technical and complicated audits of Windows infrastructure, Unix infrastructure and Internet and Intranet security. Dave used a number of automated tools for this purpose, the results of which were most revealing. As a result, the Company's implementation of his recommendations greatly enhanced the IT Security Infrastructure.
Dave Marsh is a rare find in the field of information technology security to work with — he is the consummate professional. His understanding of Information Security, from both the theoretical and practical perspective, is unparalleled. He is most skilled and communicative with highly technical individuals while at the same time comfortable with advising senior management. I give Dave my highest rating compared to I.T. professionals I have worked with in the past 30 years.
Ready to get started?
Tell us about your challenge. We'll come back to you quickly with an honest view of how we can help.
Start a conversation