Consulting
Good security programs balance compliance, operational reality, and actual risk. I help leadership and technical teams align on what to build first—and what to stop pretending is “done.”
Typical consulting themes
- Security programme design: target state, capabilities, and sequencing over 12–24 months
- Risk registers and control mapping tied to incidents you care about, not checkbox frameworks alone
- Vendor and architecture reviews for major changes (migrations, new platforms, M&A)
- Tabletop exercises and crisis playbooks that executives will actually use
How I work with you
- Short discovery to understand constraints: budget, skills, legacy debt, regulators
- Collaborative artefacts—no 200-slide strategies that gather dust
- Optional hands-on validation when advice should be grounded in testing, not theory