Locked Stack is a global cybersecurity, compliance, and governance consultancy supporting organisations across the USA, UK, Europe, and Australia. We specialise in delivering structured, assessor-informed services that strengthen security posture, reduce risk exposure, and help businesses meet complex regulatory and industry requirements with confidence.

Our capabilities span PCI DSS, NIST, DORA, ISO 27001, 3DS, penetration testing, security testing, and tailored cyber-training programmes. With extensive practical experience across these frameworks, we help organisations design, implement, and mature their security controls in alignment with global best practices. Our approach blends deep technical expertise with strong governance insight, ensuring we address both operational requirements and the broader strategic challenges modern organisations face.

Locked Stack’s leadership is anchored by experienced practitioners including Clive Boonzaaier, a recognised specialist in GDPR, data governance, and privacy compliance, and Martyn Martynowicz, an accomplished cybersecurity and PCI DSS expert with a strong track record supporting complex and high-risk environments. Their combined expertise shapes the quality, rigour, and integrity of every engagement we deliver.

We partner with clients to provide PCI DSS assessments, NIST CSF maturity reviews, DORA readiness programmes, ISO 27001 preparation, vulnerability management, segmentation testing, and comprehensive payment security advisory services. Our managed cyber awareness and training services further strengthen the human element of defence.

We do not deliver off-the-shelf solutions. Instead, we develop tailored compliance and cybersecurity programmes built around each organisation’s size, complexity, and operational realities. Our mission is to help organisations operate securely, demonstrate compliance confidently, and build lasting resilience in an evolving threat landscape.

Our services

PCI DSS 4.0.1

PCI DSS 4.0.1 and payment security advisory services tailored to support secure processing, strong authentication, and compliance readiness. We provide PCI DSS assessments, gap analyses, pre-audit reviews, 3-D Secure evaluations, and SAQ guidance to help organisations strengthen payment security and meet evolving standards. Read More

NIST CSF 2.0

Using the NIST Cybersecurity Framework 2.0, we assess organisational resilience through a structured review of governance, controls, and maturity across Identify, Protect, Detect, Respond, and Recover functions. Our approach delivers clear insights, highlights gaps, and supports strengthened operational resilience. Read More

DORA

Helping you strengthen operational resilience under the Digital Operational Resilience Act (DORA). We provide assessor-informed guidance and gap analysis services, supporting organisations in meeting DORA’s ICT risk, incident reporting, resilience testing, third-party risk, and information-sharing requirements across EU and global operations. Read More

Penetration Testing Services

Comprehensive penetration testing and security assessment services designed to strengthen resilience and support compliance. We deliver application, external, internal, and segmentation testing through trusted partners, using risk-based methodologies to identify vulnerabilities, enhance defences, and maintain alignment with PCI DSS, ISO 27001, NIST, and industry standards. Read More

Vunerability Scanning

Vulnerability scanning and continuous security monitoring that support proactive risk management and PCI DSS compliance. We deliver internal and external scanning, continuous visibility, and real-time insight into emerging threats—helping organisations identify weaknesses early, prioritise remediation, and strengthen overall security posture. Read More

ISO 27001

ISO 27001 readiness and information security consulting that strengthens governance, resilience, and certification preparedness. We assess existing controls, identify gaps, and guide the development of robust ISMS practices aligned with confidentiality, integrity, and availability principles—supporting long-term security maturity and global compliance. Read More

GDPR

GDPR compliance and data governance consulting that strengthens accountability, transparency, and responsible data management. We support organisations with policy development, data subject rights, consent, retention, breach readiness, and lawful processing, delivering pragmatic guidance aligned to EU and UK requirements. Led by our data protection specialist. Read More

Security Awareness and Training

Security awareness and cyber training solutions that strengthen the human layer of defence. We provide tailored eLearning, phishing simulations, and ongoing programme management to build organisational vigilance, reduce human error, and support a strong security culture backed by clear executive reporting. Read More


Meet the Team

  • Clive Boonzaaier

    Chief Operating Officer & Co-Founder Qualified, Security Assessor – QSA, ISO 27001 Lead Auditor, CISMP, Certified Information Security Manager (CISM)

    Clive’s background in cybersecurity, spans over twenty years. The cornerstone of this work is grounded in an unwavering ethos of trust. This principle guides his every decision and action in advising and delivering assessments for his clients. By prioritising transparency, integrity, and accountability, organisations can rely with absolute confidence in Clive’s ability to deliver. Clive’s goal is to create secure environments where clients feel supported, informed, and genuinely protected in an ever-evolving landscape ensuring PCI Compliance.

  • Martyn Martynowicz

    Co-Founder – CEO - Chief Information Security Officer and Data Protection Officer, CISO, DPO, PCI DSS

    With over twenty years in the IT industry, Martyn brings a wealth of experience and a passion for safeguarding technology and information. He has a proven track record of building and managing security systems and processes that protect critical business information, ensuring its availability, integrity, and confidentiality. Known for his dedication and leadership, he has successfully guided organizations in aligning with standards such as ISO, NIST, and PCI compliance.

  • Mark Daeche

    Co-Founder

    After a successful corporate career at the forefront of the PC software industry in the 1980s, Mark pursued a series of entrepreneurial ventures focused on disrupting established utility companies across the US and Europe.

    A software engineer by training, he started Mark career at the Ministry of Defence as an Executive Officer before pivoting to the private sector. He has held senior management positions at several high-profile software publishers in the U.S. and Europe

  • Celeste Roux

    Director of Operations

    Celeste has had the privilege in building her career in Operations and Customer Service Management across a variety of industries. She treasures working closely with teams to ensure that together, they create value and meaningful experiences for customers and team members alike.

  • Fiona Howard

    MSc in Information Security, PCI DSS Qualified Security Assessor, ISO 27001 Lead Auditor and Lead Implementer

    Fiona’s journey through the world of IT has been a well-logged path which solidified her commitment to cyber security. She is dedicated to helping organizations achieve their PCI DSS certification and working with the wide variety of structures and management styles that come with each unique environment.

Contact us

Get in touch with our team to discuss your cybersecurity and governance needs, or to learn how our services can strengthen your organisation’s security posture. Whether you require support with compliance, infrastructure, or risk management, we’re here to help.