Metis Security is an independent UK cybersecurity consultancy founded by David Morgan, with 27 years of experience in technical security assurance. David has held senior roles at NCC Group, BT, Internet Security Systems, Security Alliance and NGS Software — working at the sharp end of security assessment across some of the most demanding environments in the industry.
Metis Security was founded on a straightforward premise: that organisations deserve independent, evidence-based answers about whether their security controls actually work — not reassurance, not a score, and not a report that takes three months and a team of graduates to produce. When you engage Metis Security, you work directly with David throughout. There is no account management layer, no handoff to a junior team, and no dilution of the expertise you are paying for.
The focus is Microsoft cloud security — specifically Microsoft 365 and Azure. Most organisations running these platforms have invested in licences, configured controls and made reasonable assumptions about their security posture. What they often lack is independent confirmation that those controls are operating as intended. That gap between assumption and reality is where Metis Security works.
Trusted Microsoft Cloud Security Advisor with 27 years experience | Empowering Businesses to Embrace Cloud Innovation with Confidence
Metis Security works with organisations that rely on Microsoft 365 or Azure as core operational infrastructure and carry genuine responsibility for sensitive data — whether that is client information, commercial IP or personal records. This typically includes professional services firms, mid-sized retailers with an established IT function, and technology companies where data integrity and access control are business-critical concerns. These organisations commonly have no dedicated security function and have not had their Microsoft environment independently assessed. The work is not compliance-led. It is focused on whether controls are genuinely effective, and what needs to change if they are not.
We believe in constant training and the maintenance of both our technical and consultative skills and this can be best presented to our clients through formal qualifications, a selection of which are presented below. Microsoft Certification Transcript can be found here.
David holds senior technical certifications across Microsoft, offensive security and broader security disciplines, maintained and updated throughout his career.
