BSI Cybersecurity acquires AppSec Consulting

April 3, 2019

BSI, the business improvement company, today announced the acquisition of AppSec Consulting – a cybersecurity and information resilience (CSIR) company – located in San Jose, California. This will see AppSec Consulting become a key part of BSI’s CSIR offering and will operate under the name “AppSec Consulting – a BSI Professional Services Company”.

The acquisition of AppSec Consulting further strengthens BSI’s CSIR services in the United States – one of the key markets that is leading the development and implementation of information and cybersecurity best practice. Globally, BSI is fast becoming one of the leading providers of CSIR services in several key areas including cybersecurity, information management, data privacy, eDiscovery and forensics, employee security awareness and training alongside the compliance and testing services provided by BSI’s accredited laboratories. AppSec Consulting’s wide range of services are an excellent match to those offered by the existing BSI CSIR team in the UK and Ireland, ensuring a strengthened, rounded offering for our clients who operate in both the US and Europe.

Established 14 years ago, AppSec Consulting has a strong reputation in the US cybersecurity sector, servicing a wide range of clients across the country. The business was initially focused on web application security, penetration testing, and developer training and has since successfully diversified into providing strategic cybersecurity, data privacy, and a range of governance, risk and compliance advisory services.

Howard Kerr, Chief Executive at BSI, says: “This acquisition is reflective of our key strategic aim to expand our cybersecurity and information resilience offering, building a centre of excellence for organizations globally. AppSec Consulting is one of the most professional companies to emerge in the last 20 years. Their services perfectly complement those offered by the BSI Cybersecurity and Information Resilience teams in the UK and Ireland, which together with their reputation for excellence in client service, makes this a perfect match.”

Brian Bertacini, President at AppSec Consulting, says: “Merging with BSI is the natural next step for AppSec Consulting, providing huge opportunity for both our clients and employees alike. We are delighted to benefit from BSI’s global reach and broader range of services, which – when combined with our proven cybersecurity expertise – will allow us to further expand and flourish.”

There is a significant global demand for consultancy in the effective management and security of corporate information.  The acquisition of AppSec Consulting will support BSI’s expansion of its Professional Services activities in parallel with its existing Knowledge, Assurance and Regulatory Services businesses in the US. 

Kerr concluded: “This sector will only grow further, as organizations continue to bolster their cyber defences and recognize the opportunities that true resilience can unlock. With AppSec Consulting joining our team, we can offer the full spectrum of information resilience services to mitigate against cyber threats and support robust business growth.”

Terms of the acquisition were not disclosed. 




Notes to Editors

From today, AppSec Consulting will operate under the co-branded name, AppSec Consulting – A BSI Professional Services Company and will adopt the new logo below:



About BSI

BSI is the business improvement company that enables organizations to turn standards of best practice into habits of excellence. For over a century BSI has championed what good looks like and driven best practice in organizations around the world. Working with over 86,000 clients across 193 countries, it is a truly international business with skills and experience across a number of sectors including automotive, aerospace, built environment, food, and healthcare. Through its expertise in Standards Development and Knowledge Solutions, Assurance and Professional Services, BSI improves business performance to help clients grow sustainably, manage risk and ultimately be more resilient.


To learn more, please visit:


About BSI Cybersecurity and Information Resilience

BSI Cybersecurity and Information Resilience is a centre of excellence for managing and securing corporate information.  We provide expertise to clients on the identification, protection, compliance and management of their information assets through a combination of consultancy, technology, research and training.  Our mission is to help clients achieve Information Resilience, - an environment where infrastructure is protected and secure, regulatory and compliance obligations are met, people are safe and reputation and trust is maintained.  Our highly qualified consultants’ experience and expertise traverses the entire Information Governance landscape.  Our credentials are enhanced by adherence to internationally recognized accreditations and certifications (CREST / Cyber Essentials / Payment Card Industry Data Security Standard Qualified Security Assessor).  BSI is the originator of the ISO/IEC 27000 series of Information Security Standards and the global leader in providing training and certification to ISO/IEC 27001, the established best practice in Information Security Management Systems (ISMS). 



About AppSec Consulting

AppSec Consulting is a leading provider of Security Testing and Strategic Advisory Services.  Our mission is to help organizations improve their cybersecurity and data privacy posture allowing them to demonstrate compliance with industry and regulatory requirements.  Our firm provides premium level services using proven approaches and methodologies.  We help organizations identify threats and vulnerabilities and provide actionable remediation advice.  AppSec is committed to providing top notch customer service that sets us apart from the competition.  Our service offerings include Vulnerability Management, Penetration Testing, Information Security Risk and Privacy Assessments, Hosted Cloud Security Testing, Audit Preparation for ISO/IEC 27001 and 27018, SOC 1 and 2, PCI DSS, HIPAA, NIST CSF, GDPR and other Data Privacy Regulations.  AppSec Consulting is both a PCI Qualified Security Assessor (QSA) and Approved Scanning Vendor (ASV).  Contact AppSec Consulting today for a free consultation. 




Media contacts:

Naomi Prior

Anne Atkinson



Tel: +44 (0) 20 8996 6330

Tel: +1 703 674 1996