Services
20+ years working in different verticals, organisation sizes and cultures gave me a good understanding of what works and what does not.
I have been in the trenches and seen many skeletons. No box-ticking or academic theory, only pragmatic and efficient advice to get the house in order.
Key services
Fractional / Virtual CISO
I can augment your leadership team with expert skills, where and when they are needed. This can be to offload another executive, add more accountability, reinforce security practices, establish and run a security improvement program, and more.
- Governance, Risk and Compliance (GRC)
- People and culture / awareness
- Secure business practices
- Information security, privacy and cybersecurity practices (see below)
- Incident management
- Regulatory and contractual compliance
Unsure about the difference? Read CISO vs vCISO vs fractional CISO.
Cybersecurity lead
I can help establish your cybersecurity team and/or improve your cybersecurity practices. Typically, this revolves around:
- Secure DevOps practices (DevSecOps)
- SOC / Operational security
- Vulnerability and patch management
- Incident response
- Application security
Project-based
I also do project-based engagements, such as
- Solution architecture and implementation
- Security assessment/audit
- Compliance (Essential 8, ISO-27001, SOC2, PCI-DSS…)
Typical engagement
A typical engagement looks like this, although this varies based on the clients and engagements:
- We discuss your business goals, risk appetite, concerns, legal landscape, etc.
- I do an assessment on your current posture and identify concerns and areas for improvements.
- I come up with a plan addressing people, process and technology shortfalls, as required.
- We adjust the plan based on priorities and resources available.
- We get it done. I can be as hands-on as needed.
This work usually means working with the board / executive team, sometimes leading the security team, all while keeping a supportive hands-on approach with the business and technical teams, or working alongside them, as required.
But also
- Roles
- Chief Information Security Officer (CISO/vCISO/fractional CISO)
- Information Security Manager (ITSM/ISM)
- Senior Information Security Consultant
- Chief Technology Officer (CTO)
- Technical Lead
- Expertise and Services
- Establish sound information security strategy and governance
- Improve development practices (DevOps/DevSecOps)
- Architect efficient and secure solutions (AWS, Azure, M365, Salesforce…)
- Implement vulnerability management processes and tools
- Train teams on incident detection and response
- Raise awareness and mentor future leaders
- Prepare for and/or conduct audits and obtain certification (PCI DSS, ISO, SOC2…)
- Meet regulatory requirements (privacy laws…)
- Clients
- Law firms, banks, governments, established tech companies, startups, pro bono work for not-for-profits…
Governance, Risk and Compliance (GRC)
Help improve your GRC goals.
Information Security
Improve your information security posture.Cyber Security
Keep your cybersecurity practices under control.Privacy
Ensure you understand your privacy risks and responsibilities.
Pro Bono
I offer free cybersecurity advice to organizations that could use a helping hand, like