PCI DSS · Penetration Testing · Security Audit · AI Security

Cyber security expertise you can trust

Mustard Research has delivered specialist cyber security consultancy since 1993. From PCI DSS compliance to penetration testing and security audits, we help organisations protect what matters most.

Our services Talk to us
30+
Years in practice
1993
Founded
QSA · CISM · ISO 27001
Lead Auditor certified
UK & US
Operations

What we do

Specialist cyber security services delivered by a senior practitioner with over three decades of real-world experience.

PCI DSS Compliance

Qualified Security Assessor (QSA) services helping organisations achieve and maintain PCI DSS compliance — from gap analysis through to full certification.

Learn more

Penetration Testing

Rigorous infrastructure and application penetration testing — including AI-assisted techniques — to uncover vulnerabilities before attackers do.

Learn more

Security Audit & Risk

Independent technical security audits, ISO 27001 assessments, fraud and breach investigations, and risk assessments grounded in decades of hands-on experience.

Learn more

AI Security Consultancy

Security reviews of AI systems, adversarial testing and governance advice — plus AI-assisted techniques applied to penetration testing and audit.

Learn more

Trusted by leading organisations

HSBCABN AMROBPMUFGDiageoSainsbury'sEuroclear

Why organisations choose Mustard Research

Founded in 1993 by Dave Marsh, Mustard Research brings a rare combination of deep technical engineering and senior consulting experience. We have worked at the sharp end of cyber security for over 30 years — building cryptographic systems, auditing global banks and delivering PCI compliance for household names.

More about us

Founder-led delivery

Every engagement is led personally by Dave Marsh — a PCI DSS QSA, CISM and ISO 27001 Lead Auditor with over 30 years of hands-on cyber security experience.

Deep payment security expertise

From designing cryptographic security layers for BP and ABN AMRO to HSBC direct connect payments, we have engineered and audited some of the most complex payment systems in the world.

Proven at the highest level

Our track record spans global banks, FTSE-listed companies and major retailers — organisations where getting security right really matters.

Clear, actionable reporting

We translate complex technical and regulatory findings into plain language. Our reports are concise, evidence-based and designed to drive decisions — not gather dust.

Ready to get started?

Tell us about your challenge. We'll come back to you quickly with an honest view of how we can help.

Start a conversation