Darren Conway, Cyber Security Solutions Manager at Capula, uses a government-developed technology to provide market-leading cyber consultancy that adds real value to its customers and in turn, helps to keep the UK and Ireland’s critical national infrastructure better protected from the potentially crippling effects of cyber attacks.



  • Dstl-developed CDCAT cyber risk assessment software deployed by Capula to provide repeatable risk and compliance assessments.



  • Cyber security vulnerability assessment
  • Cyber security diagnostics
  • Cyber protection



  • Cyber protection for the UK and Ireland critical national infrastructure

CDCAT enables me and my team to provide a comprehensive cyber security service that our clients really understand and buy into.

Darren Conway, Cyber Security Solutions Manager, Capula

case study cdcat capula darren conway

The story

Darren Conway is a cyber security executive with over 20 years of experience focused exclusively on professional cyber security services delivery. During this time, Darren has worked with critical national infrastructure, government, and private sector clients in 33 countries to help assess regulatory compliance, risk, and technical solutions deployment. He helps operators of essential services to enhance their cyber security and mature their defences against cyber attack.

Darren joined Capula, a leading advanced system integrator, in September 2019 as a Cyber Security Solutions Manager. Managing a team of cyber security field services engineers, Darren helps customers to both understand the cyber security risks they face, and works with them to build actionable risk treatment plans based on CDCAT® assessment output.

Licensed to Capula via Ploughshare’s partner APMG, CDCAT® has been invaluable in helping Capula to deliver market-leading cyber consultancy that adds real value to its customers.

CDCAT® is a risk assessment tool, developed by the UK Defence Science Technology Laboratory (Dstl), that helps organisation’s with their cyber transformation.

Capula added CDCAT® to its portfolio of services back in 2019, with Darren spearheading this as a key way in which he and his team could deliver repeatable risk and compliance assessments. CDCAT® has enabled Capula to replace an existing in-house developed spreadsheet-based tool with a streamlined assessment methodology with automated report generation capability.

A key benefit of CDCAT® is that Dstl periodically re-evaluates the threat landscape to create impact-based, prioritised risk treatment actions aligned to the most current threat landscape.

For example, one of the big attack vectors, and a weak spot for many, says Darren, were DDOS (overloading traffic to a service) attacks. These impacted the availability of systems and were popular, but when service providers were able to identify and shut down communications from such attacks these became less effective. The cyber threat landscape then shifted to other new types of attacks such as ransomware. These attacks also impact upon availability and are of significant importance for critical national infrastructure sectors which are typically deemed the highest priority. As a result of this shifting threat landscape the CDCAT® impact based control recommendations also changed, evolving and ensuring even greater resilience to both the current and emerging threat landscape.

Capula works collaboratively with its customers to ensure that their cyber capabilities are proactive rather than reactive, with cyber risk management methodologies and tools such as CDCAT® being an extremely important part of this approach. For the future of cybersecurity assessment and risk management, Darren believes that board-level understanding, programme ownership and a top-down approach is critical to a business’ cyber maturity and resultant defences against cyber threats.

The technology

The Cyber Defence Capability Assessment Tool (CDCAT®) provides a rapid yet comprehensive assessment of existing cyber defences to give users the ability to evaluate cyber security risks and to identify and prioritise risk treatment activities. Originally developed by the Ministry of Defence (MOD) Defence Science and Technology Laboratory (Dstl), CDCAT® delivers advances in cyber assessment by harnessing the strengths of multiple cyber security controls.

Inputs from commercial, military, and intelligence sources around the world including NATO, ISO 27000 together with leading independent bodies are included within CDCAT®. It combines these to generate a comprehensive set of standards which address multiple aspects of cyber risk management.

case study cdcat capula woman at pc

Fact file

Innovation source – Dstl
Licensed to – APMG International
Applications – Cyber security assessment
End user – Capula

More information

Click below for more information: