I help companies protect their data and provide the assurance stakeholders and clients want to see. 20+ years working in different verticals, organisation sizes and cultures gave me a good understanding of what works and what does not.
I have been in the trenches and seen many skeletons. No box-ticking or academic theory, only pragmatic and efficient advice to get the house in order.
For more than a decade (7 year as White Hat Consulting (NZ)/Wise & Honest Consulting (AU) and 5 before that as Cirrus Dynamics), I have had the privilege to help many clients support their business goals by pragmatically strengthening their security and privacy practices. This is usually working with the board and executive team, and leading the security team, while keeping a supportive hands-on approach with the technical teams.
- Roles
- Chief Information Security Officer (CISO/vCISO/fractional CISO)
- Information Security Manager (ITSM/ISM)
- Senior Information Security Consultant
- Chief Technology Officer (CTO)
- Technical Lead
- Expertise and Services
- Establish sound information security strategy and governance
- Improve their development practices (DevOps/DevSecOps)
- Architect efficient and secure solutions (AWS, Azure, M365, Salesforce…)
- Implement vulnerability management processes and tools
- Train teams on incident detection and response
- Raise awareness and mentor future leaders
- Prepare for and/or conduct audits and obtain certification (PCI DSS, ISO, SOC2…)
- Meet regulatory requirements (privacy laws…)
- Clients
- Law firms, banks, governments, established tech companies, startups, pro bono work for not-for-profits…
Top human skills
Leadership
Leading by example, excellent team player, good listener, open-minded, pragmatic, SAFe/Agile practitioner, mentor, trainer, resource and conflict management.
Business
Stakeholder management, training and awareness, negotiation, business analysis, planning and delivery, SLA/OLA, KPI, suppliers/providers management.
Collaboration
Engagement with senior stakeholders (C-level), presentations (various levels, >100 attendees), meeting chair, tech lead, documentation (technical/end users).
Top hard skills
Governance, Risk and Compliance (GRC)
Information security governance, risk management, business continuity planning, compliance/regulatory frameworks (NZ/AU Privacy Act, PSR-NZISM/New Zealand, PSPF-ISM/Australia, GDPR/EU, MAS/Singapore, HKMA/Hong Kong, ISO/IEC 27001, SOC2, PCI-DSS, NIST, OWASP, CCPA...)
Security and Privacy
Security solution design, security/privacy reviews, platform/application hardening, application development security, vulnerability management, incident detection and response, network and cloud security, Identify and Access Management (IAM), DLP, cryptography,
Technology
Enterprise/Solution/Infrastructure/Security design and architecture (Azure/AWS/M365…), solution design and cloud integration, automation, AI and machine learning, storage platforms, HA and redundancy, networks, large multi-site environments, virtualisation...
Certifications
Among others
- CISSP - (ISC)² Certified Information Systems Security Professional
- CISM - ISACA Certified Information Security Manager (highest score in Oceania)
- CRISC - ISACA Certified Risk and Information Systems Control (scored in top 5%)
- PCIP - PCI Security Standards Council - PCI Professional
- AWS Certified Solutions Architect - Associate
- Certified Scaled Agile Framework (SAFe) 5 Practitioner
- Machine Learning at Stanford University (online)
- ITIL, Microsoft, Cisco, VMWare, Compellent, Novell...