Since phew was founded, our focus has been on building a business grounded in quality. That meant investing heavily in how we work, developing rigorous methodologies, and holding ourselves (and our pen testing) to high standards. By delivering work we could genuinely stand behind, we prioritised substance over presentation, and outcomes over optics.
Along the way, we didn’t really pause to spend time fully articulating who we are, what we stand for, and why it matters, but recently we decided it was time to address that. By undertaking a brand story exercise with the team at Flux, we’ve been able to articulate and define our identity more clearly, whilst building a consistent way to communicate it.
At phew’s core is a simple idea – that confidence in security should be backed by evidence, not assumption. Too often, tech teams are asked to accept results they can’t fully interrogate, delivered through processes that feel unclear or inaccessible. That has become the norm across the industry, but it’s not something we’re comfortable with.
We believe that trust should be earned through clarity. That means showing the reasoning behind outcomes, not just presenting them. It means helping customers understand not only what we’ve found, but why it matters and how to act on it. And in particular, by grounding our penetration testing in industry recognised standards, not just using a rule of thumb or unclear testing methodologies.
This thinking shapes how we frame our story at phew. We recognise that consumers are sometimes forced to make decisions based on limited signals (perhaps comparing providers on time, price, or surface-level outputs, without a clear way to judge depth or quality) and as a result, meaningful differences in approach often go unnoticed.
Our response has been to lean further into what we already value: clear communication, appropriately scoped engagements, and outputs grounded in real evidence. Because we combine structured testing with experienced judgment, we place a strong emphasis on helping our customers build their own understanding (not just handing over a report). For us, this is about more than just delivering a service, it’s about contributing to a higher standard.
Alongside this process with Flux, we revisited how we present ourselves through our branding by working with the fabulous team at Smith & Peach. Our refreshed visual identity (most notably our proposals and reporting) is designed to reflect the same principles that underpin our work: clarity, consistency, and focus. Every detail is intended to make information easier to absorb and navigate, while maintaining a professional and composed tone.
In an industry that often feels loud or overly complex, we’ve deliberately taken a different approach. We aim to be clear without being simplistic, and professional without being distant. The goal is to make our work (and its implications) easier to engage with, because ultimately, that’s what matters.
Our feeling is that when our customers have a clear understanding of their security posture, supported by evidence they can rely on, they’re better equipped to make decisions and have meaningful conversations. They can approach challenges with confidence, rather than uncertainty. That’s the outcome we’re working towards.
This process has been heaps of fun, but also marks an important step for us. Not because it changes what we do, but because it helps us express it more effectively. Having spent years building the foundations, we’re ready to communicate them clearly.
