Services

What can I help you with?
Cover image
đź’ˇ
I help companies protect their data and provide the assurance stakeholders and clients want to see.

20+ years working in different verticals, organisation sizes and cultures gave me a good understanding of what works and what does not.

I have been in the trenches and seen many skeletons. No box-ticking or academic theory, only pragmatic and efficient advice to get the house in order.

Key services

Fractional / Virtual CISO

I can augment your leadership team with expert skills, where and when they are needed. This can be to offload another executive, add more accountability, reinforce security practices, establish and run a security improvement program, and more.

âś…
Get a considerable boost for a fraction of the cost.

Unsure about the difference? Read CISO vs vCISO vs fractional CISO.

Cybersecurity lead

I can help establish your cybersecurity team and/or improve your cybersecurity practices. Typically, this revolves around:

  • Secure DevOps practices (DevSecOps)
  • SOC / Operational security
  • Vulnerability and patch management
  • Incident response
  • Application security

Project-based

I also do project-based engagements, such as

  • Solution architecture and implementation
  • Security assessment/audit
  • Compliance (Essential 8, ISO-27001, SOC2, PCI-DSS…)

Typical engagement

A typical engagement looks like this, although this varies based on the clients and engagements:

  1. We discuss your business goals, risk appetite, concerns, legal landscape, etc.
  2. I do an assessment on your current posture and identify concerns and areas for improvements.
  3. I come up with a plan addressing people, process and technology shortfalls, as required.
  4. We adjust the plan based on priorities and resources available.
  5. We get it done. I can be as hands-on as needed.

This work usually means working with the board / executive team, sometimes leading the security team, all while keeping a supportive hands-on approach with the business and technical teams, or working alongside them, as required.

But also

  • Roles
    • Chief Information Security Officer (CISO/vCISO/fractional CISO)
    • Information Security Manager (ITSM/ISM)
    • Senior Information Security Consultant
    • Chief Technology Officer (CTO)
    • Technical Lead
  • Expertise and Services
    • Establish sound information security strategy and governance
    • Improve development practices (DevOps/DevSecOps)
    • Architect efficient and secure solutions (AWS, Azure, M365, Salesforce…)
    • Implement vulnerability management processes and tools
    • Train teams on incident detection and response
    • Raise awareness and mentor future leaders
    • Prepare for and/or conduct audits and obtain certification (PCI DSS, ISO, SOC2…)
    • Meet regulatory requirements (privacy laws…)
  • Clients
    • Law firms, banks, governments, established tech companies, startups, pro bono work for not-for-profits…