We are BCC Risk Advisory.

A world class technical team helping you secure your digital assets

Our focus is always providing the best quality and highest standard of service available, while treating our client relationships more as partnerships than the traditional client/supplier model. We find this achieves more effective results through a mutual understanding of our clients' security needs.


edgescan Logo


At edgescan, we take care of your digital security risks – helping you concentrate on your actual business.

As an edgescan partner, you will strengthen your firm's digital security expertise, meet your customers demand and benefit from exclusive special promotions, along with technical support and attractive commission rates.

Read More



We provide you with free and valuable resources:

Read More

We provide world class penetration testing, security assessments, policy development, source code review and technical & executive security training. Based on OWASP, ISO and industry best practices. We provide managed security services (MSS), edgescan.com and support on demand.


BCC Risk Advisory professional services provide world class technical security solutions to our clients.

We can provide services from Vulnerability Assessments to Software Security Services to Penetration testing (Pen testing).

Our technical assessment services such as pen testing are based on leading practice such as SANS, CEH and OWASP guidance, production safe and non-invasive.

We use the latest tools and techniques to deliver our pen testing services and our consultants are highly skilled and trained in the latest security approaches.

We have a vast level of experience in the areas of network and software security and work with organisations, both large and small across the globe.

consultancy main image

We provide world class penetration testing, security assessments, policy development, source code review and technical & executive security training. Based on OWASP, ISO and industry best practices. We provide managed security services (MSS), edgescan.com and support on demand.


Technical Training

Technical Training is aimed at development and security staff in areas such as:

Secure application development (Java, Web, .Net etc) and Web application pen testing.

Our training combines theory and practical labs in order to both learn by example and also understand the fundamental issues and causes of insecurity. Our training is based on OWASP best practice as our lead technical staff have contributed to OWASP books and guides such as OWASP Testing Guide and the OWASP Code Review Guide.

Our team have delivered such training to many large global organisations and security events such as OWASP EU, OWASP USA and RSA in both the US and Europe We can even customise the training to an individual organisations technology and the particular issues they face if required.

Executive/Management Training:

Our executive and management training is aimed at individuals such as Risk managers, CISO's & IT Security managers.

Its focus it to gain an understanding of the issues related to Internet Security and associated business risk. It covers off approaches to addressing common issues when managing the security of an organisation from an executive level and arms management with the knowledge to make informed decisions. It also assists executives with understanding what is required to be compliant with industry regulations (PCI-DSS, GLBA, HIPPA) and regional regulations such as data protection.

training advisory

edgescan Managed Security Service is a cloud based continuous vulnerability management and penetration testing solution.


About edgescan

  • is a cloud based SaaS (Security as a Service) and a managed security service to improve your defence against cyber-attacks.
  • is virtually false positive free because all security issues discovered are manually validated expert security analysts.
  • detects security weaknesses across your full stack of technology: websites, apps (mobile/web/cloud), software, servers and networks.
  • provides both internal and external system assessment via our unique appliance –free approach to assessing internal systems and networks.
  • also provides continuous asset profiling with H.I.D.E to assist you eliminate network blind-spots and know exactly what you need to protect.
  • is a "Notable Vendor" in the Gartner Magic Quadrant for Managed Security Services 2015 and also a "Sample Vendor" in the Gartner Application Security Hypecycle 2015.
  • With its powerful API, class-leading dashboard and unique alerting system edgescan can have dramatic positive impact on your security posture.

30 Day Trial 300x169

Awards & Recognitions:

edgescan has been recognised by the industry in the following ways:

Gartner Sample Vendor Square Logo Gartner Notable Vendor Square Logo Europe Finalist Logo 199px

New Shortlist 200px Sme Awards Finalist 200 Logo1

edgescan vulnerability management features

  • Threat verification: Our security assessment results contain virtually no false positives as we remove the vulnerabilities which are not real and verify the real vulnerabilities.

  • Accuracy: All issues reported are manually verified by our security engineers to ensure accuracy and appropriate risks. This eliminates the time you spend figuring out which reported issues are real risks.

  • Robust API: our API allows you to consume your own data and avail of awesome graphs and reporting tools.

  • Awesome Reports: Deeply customisable reporting tool, from executive summary to deep technical data and remediation advice.

  • Prioritisation: We ascertain if any of your digital assets are vulnerable to cyber-attacks and rate each risk in order to help you prioritise the security of your systems.

  • Time Saving: The information you need to prioritise your security issues and help you focus your efforts and maximize your time.
  • Manual Validation: No time wasted on figuring out next steps, as all findings are verified to be real, accurate and risk rated by our security engineers.

  • Flexibility: Assessments, scheduled when you want them. I.e. did you change your code base? spin up a new server?

  • 24/7 dashboard access: Your security posture and results can be accessed by you 24/7 through our secure web-portal, in as much, or as little detail as you need.

  • Security Insights: Verification of security improvements and information on any new threats or emerging threats.

  • Remediation advice: Our support service and clear, accurate advice can help you or a third party to fix the discovered issues.

  • For more information: download the edgescan brochure. or visit edgescan.com

Upskilling our clients empowers them with better understandings of risk, technical security & preventative activities.


BCC Risk Advisory support The Open Web Application Security Project foundation (OWASP.org) and assist the foundation with resources and subject matter experts which helps drive the OWASP mission of addressing the causes of application insecurity.

OWASP was founded over a decade ago in response to the need for accurate and high quality security advice and resources delivered via open source licensing.

Check out our free OWASP training slides and papers: [e.g. OWASP Testing Project, OWASP Code Review Guide, OWASP Software Assurance, training slides on owasp.org etc.]

Resources Image

RT @edgescan: edgescan case study: #global #gaming company vulnerability management. https://t.co/e27gudcqDB

22 hours ago

Founder Statement by Eoin Keary.

BCC Risk Advisory was founded by myself in 2011 out of frustration with the direction the security industry was taking.

Developing secure robust systems can be easier than one thinks assuming one knows what the potential security issues are. It's my view that there was always a disconnect with security folks and the people developing and maintaining systems. In order to help bridge this gap we instil a development culture in all our engineers and consultants; "Don't be afraid to experiment, fail, learn and repeat". Many of our staff have a development background and/or are certified developers of one kind or another. In order to help secure systems we need to embrace the "builder" (developer) mentality, understand pitfalls and also provide pragmatic advice and assistance. We are keen to empower developers and businesses alike with the correct knowledge and understanding of the risks associated with doing business on the Internet. Communication and a common language is of key importance when helping to address system security.

We believe our approach to web and software security is "bleeding edge" and a result of over 15 years of assisting organisations with system security. We assist organisations, both large and small, with managing technical, logical and business risk and believe security is based around understanding the fundamentals of how software and the Internet works.

We understand what real risk "looks like" and strive to help organisations understand what cyber attackers look for when attempting to breach corporate systems.

Our culture is all about being mature about risk and security; Understanding the bridge between technical vulnerability and business risk.

We pride ourselves in relation to upskilling our clients in terms of awareness and technical knowhow. We want our clients to undergo continuous improvement and learn from any mistakes which may (and do) occur when building software systems to enable and improve business process and productivity.

Our Delivery Approach

We understand the complexities and complications of managing and delivering security services in a variety of environments.

Eoin Keary

Delivery approach

We are passionate about securing the Internet and support many non-profit groups to this goal. Our aim is to provide honest, pragmatic and robust solutions to our clients.

Our awesome team.

A world class technical team helping you secure your digital assets.


Eoin Keary

Eoin Keary

Rahim Jina

Rahim Jina
Director of Information Security

Alan Connolly

Alan Connolly
Director and Chief Financial Officer

Owen Mooney

Owen Mooney
Lead Developer

Aib Logo

"The penetration testing services provided by BCC Risk Advisory and the quality of their associated reports, provided us with the security assurance that we required and also provided tangible information on the areas where security could be improved. Prior to using their services we relied upon inconsistent pen testing methodologies, which provided little in the way of supporting information and report interpretation proved difficult. In addition I will say that their support and service is beyond any expectations. Overall, BCC Risk Advisory have proven to be an excellent security partner."
David Cahill, Security Architect, AIB