Locked Stack is a global cybersecurity, compliance, and governance consultancy supporting organizations across the United States, the United Kingdom, Europe, and Australia. Operating under the Locked Stack™ brand, our services are delivered through regional legal entities, including Locked Stack Inc. in the United States and Locked Stack Ltd in the United Kingdom, enabling consistent global capability aligned to local regulatory and commercial requirements.

We specialize in strengthening security posture, reducing risk exposure, and helping organizations meet complex regulatory and industry obligations with confidence. Our work is designed for environments where assurance, accuracy, and defensibility are critical.

Our capabilities include PCI DSS, NIST, DORA, ISO 27001, 3DS, penetration testing, security testing, and tailored cybersecurity training programs. We bring deep, hands-on experience across these frameworks, supporting organizations through control design, implementation, validation, and ongoing maturity. Our approach combines technical depth with governance and risk insight to ensure alignment between operational execution and strategic objectives.

Locked Stack operates as a practitioner-led consultancy, with senior specialists actively engaged in delivery. This model ensures consistency, rigor, and accountability across all client engagements, particularly within regulated and high-risk environments.

We partner with organizations to deliver PCI DSS assessments, NIST CSF maturity evaluations, DORA readiness initiatives, ISO 27001 preparation, vulnerability and segmentation testing, and comprehensive payment security advisory services. Our managed cyber awareness and training offerings further strengthen resilience by addressing the human element of security.

We do not provide off-the-shelf solutions. Every engagement is tailored to the organization’s size, complexity, and risk profile. Our objective is to help organizations operate securely, demonstrate compliance with confidence, and build sustainable resilience in an evolving threat landscape.

Our services

PCI DSS 4.0.1

PCI DSS 4.0.1 and payment security advisory services tailored to support secure processing, strong authentication, and compliance readiness. We provide PCI DSS assessments, gap analyses, pre-audit reviews, 3-D Secure evaluations, and SAQ guidance to help organisations strengthen payment security and meet evolving standards. Read More

NIST CSF 2.0

Using the NIST Cybersecurity Framework 2.0, we assess organisational resilience through a structured review of governance, controls, and maturity across Identify, Protect, Detect, Respond, and Recover functions. Our approach delivers clear insights, highlights gaps, and supports strengthened operational resilience. Read More

DORA

Helping you strengthen operational resilience under the Digital Operational Resilience Act (DORA). We provide assessor-informed guidance and gap analysis services, supporting organisations in meeting DORA’s ICT risk, incident reporting, resilience testing, third-party risk, and information-sharing requirements across EU and global operations. Read More

Penetration Testing Services

Comprehensive penetration testing and security assessment services designed to strengthen resilience and support compliance. We deliver application, external, internal, and segmentation testing through trusted partners, using risk-based methodologies to identify vulnerabilities, enhance defences, and maintain alignment with PCI DSS, ISO 27001, NIST, and industry standards. Read More

Vunerability Scanning

Vulnerability scanning and continuous security monitoring that support proactive risk management and PCI DSS compliance. We deliver internal and external scanning, continuous visibility, and real-time insight into emerging threats—helping organisations identify weaknesses early, prioritise remediation, and strengthen overall security posture. Read More

ISO 27001

ISO 27001 readiness and information security consulting that strengthens governance, resilience, and certification preparedness. We assess existing controls, identify gaps, and guide the development of robust ISMS practices aligned with confidentiality, integrity, and availability principles—supporting long-term security maturity and global compliance. Read More

GDPR

GDPR compliance and data governance consulting that strengthens accountability, transparency, and responsible data management. We support organisations with policy development, data subject rights, consent, retention, breach readiness, and lawful processing, delivering pragmatic guidance aligned to EU and UK requirements. Led by our data protection specialist. Read More

Security Awareness and Training

Security awareness and cyber training solutions that strengthen the human layer of defence. We provide tailored eLearning, phishing simulations, and ongoing programme management to build organisational vigilance, reduce human error, and support a strong security culture backed by clear executive reporting. Read More


Meet the Team

  • A man with dark hair and a beard, wearing a navy suit and white shirt, posing against a plain light background.

    Clive Boonzaaier

    Chief Operating Officer & Co-Founder Qualified, Security Assessor – QSA, ISO 27001 Lead Auditor, CISMP, Certified Information Security Manager (CISM)

    Clive’s background in cybersecurity, spans over twenty years. The cornerstone of this work is grounded in an unwavering ethos of trust. This principle guides his every decision and action in advising and delivering assessments for his clients. By prioritising transparency, integrity, and accountability, organisations can rely with absolute confidence in Clive’s ability to deliver. Clive’s goal is to create secure environments where clients feel supported, informed, and genuinely protected in an ever-evolving landscape ensuring PCI Compliance.

  • Photo of a man with short dark hair, facial hair, wearing a collared shirt with the collar up, looking directly at the camera.

    Martyn Martynowicz

    Co-Founder – CEO - Chief Information Security Officer and Data Protection Officer, CISO, DPO, PCI DSS

    With over twenty years in the IT industry, Martyn brings a wealth of experience and a passion for safeguarding technology and information. He has a proven track record of building and managing security systems and processes that protect critical business information, ensuring its availability, integrity, and confidentiality. Known for his dedication and leadership, he has successfully guided organizations in aligning with standards such as ISO, NIST, and PCI compliance.

  • A digital placeholder with the text 'Coming Soon' in black against a light gray background.

    Mark Daeche

    Co-Founder

    After a successful corporate career at the forefront of the PC software industry in the 1980s, Mark pursued a series of entrepreneurial ventures focused on disrupting established utility companies across the US and Europe.

    A software engineer by training, he started Mark career at the Ministry of Defence as an Executive Officer before pivoting to the private sector. He has held senior management positions at several high-profile software publishers in the U.S. and Europe

  • A woman with long brown hair wearing a black blazer, standing with arms crossed against a plain white wall.

    Celeste Roux

    Director of Operations

    Celeste has had the privilege in building her career in Operations and Customer Service Management across a variety of industries. She treasures working closely with teams to ensure that together, they create value and meaningful experiences for customers and team members alike.

  • Portrait of a woman with short brown hair, wearing glasses, earrings, and a dark blouse, smiling at the camera against a plain background.

    Fiona Howard

    MSc in Information Security, PCI DSS Qualified Security Assessor, ISO 27001 Lead Auditor and Lead Implementer

    Fiona’s journey through the world of IT has been a well-logged path which solidified her commitment to cyber security. She is dedicated to helping organizations achieve their PCI DSS certification and working with the wide variety of structures and management styles that come with each unique environment.

Contact us

Get in touch with our team to discuss your cybersecurity and governance needs, or to learn how our services can strengthen your organisation’s security posture. Whether you require support with compliance, infrastructure, or risk management, we’re here to help.