Services
With over 20 years of experience working across different sectors, organisation sizes and cultures, I've developed a keen understanding of what works and what doesn't.
Having been in the trenches and seen many skeletons, I pride myself on offering practical, efficient advice rather than box-ticking or academic theory to get your house in order.
Key services
Fractional / Virtual CISO
I'm here to strengthen your leadership team with expert skills, exactly where and when you need them. Whether it's supporting another executive, adding more accountability, enhancing security practices, or establishing and running a security improvement programme - I've got you covered.
- Governance, Risk and Compliance (GRC)
- People and culture / awareness
- Secure business practices
- Information security, privacy and cybersecurity practices (see below)
- Incident management
- Regulatory and contractual compliance
Not quite sure about the difference? Have a look at CISO vs vCISO vs fractional CISO.
Cybersecurity lead
I'm here to help build your cybersecurity team and enhance your security practices. This typically includes:
- Secure DevOps practices (DevSecOps)
- SOC / Operational security
- Vulnerability and patch management
- Incident response
- Application security
Project-based
I'm also happy to help with project-based work, such as:
- Solution architecture and implementation
- Security assessment/audit
- Compliance (Essential 8, ISO-27001, SOC2, PCI-DSS…)
Typical engagement
Here's how we usually work together (though this can vary based on your needs):
- We'll have a friendly chat about your business goals, risk appetite, concerns, legal landscape, etc.
- I'll assess your current posture and identify any areas for improvement.
- Together, we'll develop a plan addressing people, process and technology needs.
- We'll fine-tune the plan based on your priorities and available resources.
- Then we'll make it happen - I'm happy to be as hands-on as you need.
This typically involves working alongside your board and executive team, sometimes leading the security team, while maintaining a supportive, hands-on approach with both business and technical teams.
But also
- Roles
- Chief Information Security Officer (CISO/vCISO/fractional CISO)
- Information Security Manager (ITSM/ISM)
- Senior Information Security Consultant
- Chief Technology Officer (CTO)
- Technical Lead
- Expertise and Services
- Establish sound information security strategy and governance
- Improve development practices (DevOps/DevSecOps)
- Integrate AI in your business or services
- Architect efficient and secure solutions (AWS, Azure, M365, Salesforce…)
- Implement vulnerability management processes and tools
- Train teams on incident detection and response
- Raise awareness and mentor future leaders
- Prepare for and/or conduct audits and obtain certification (PCI DSS, ISO, SOC2…)
- Meet regulatory requirements (privacy laws…)
- Clients
- Law firms, banks, governments, established tech companies, startups, pro bono work for not-for-profits…
Governance, Risk and Compliance (GRC)
Help improve your GRC goals.
Information Security
Improve your information security posture.
Cyber Security
Keep your cybersecurity practices under control.
Privacy
Ensure you understand your privacy risks and responsibilities.
Pro Bono
I offer free cybersecurity advice to organizations that could use a helping hand, like