Information security executive with 25 years of in-depth, cross-cultural, international experience as an information security and risk management leader, advisor, and subject matter expert.

Resume / CV available here

I am a superb communicator and public speaker, innovator, and fast, adaptable thinker. I can translate between business leaders and engineers, because I understand the responsibilities and needs of both.  I excel at driving change in dynamic environments.  Hire me when you need fast and unconventional solutions, a deputy and sparring partner who gets things done whether it’s building or fixing organizations and their strategies, developing new services or structures, and coming up with creative solutions to complex challenges.

I am open to discuss a range of engagements, including board advisory roles for early- and mid-stage startups, venture capital investors, and private equity firms focused on information security-related activities, as well as interesting strategic projects, and senior information security leadership positions.

Strengths and Capabilities (Business and Stakeholder Development)

  • go-to-market strategy development and positioning for information security products and services.  Positioning infosec services to buyers, investors, and stakeholders
  • business and sales tracking and effectiveness measurement – ensuring faster growth through more effective use of limited resources
  • evangelism, relationship development
  • critical infrastructure (primarily financial services) sector resilience building and collective defence, public-private partnerships
  • information security subject-matter expertise advisory services for tech investors
  • information security startup and innovation coaching and development

Strengths and Capabilities (Organisational Consulting)

  • information security strategy, architecture, and management
  • information security policy and standards development
  • company information security programme development and deployment, including
    • cyber-risk analysis and management
    • security assurance / application security testing
    • vulnerability management and incident response
    • cyber-threat intelligence
    • business continuity management (BCM)
    • security reporting
    • security exercises – internal, sector, and cross-sector / public-private
  • operational resilience development
  • cyber risk – connecting cyber risk analysis capabilities to business risk structures, bringing organisational risk management in line with cyber-risk insurance, regulatory, and good practice requirements
  • compliance/alignment with good practice, cyber risk insurance, and regulatory) requirements
    • ISO 1400x/27000/27001/27002/27003/27005, Cyber Risk Institute Profile, NIST, FFIEC
    • HIPAA, COBIT, Sarbanes-Oxley (SOX) 404, GDPR, DORA/NIS2, and EU Cybersecurity Act
  • team development and staff training

Passed CISSP exam, decided not to give ISC(2) any more money.