About

Busy busy

Information security executive and cybersecurity expert with 25 years of in-depth, cross-cultural, international experience.

Information security and risk management leader, advisor, and subject matter expert.

Strategist, vCISO, architect, systems integrator, board member, coach/mentor. Organization and process development.

Part-Time, Time-Limited Advisory and Support Projects

  • Short-term, long-term / hourly, daily rates upon request. Work on retainer available
  • No risk – try before you buy
  • Full confidentiality guaranteed
  • Open to equity compensation for startup advisory work

Resume / CV Available Here

I am a superb communicator and public speaker, innovator, and fast, adaptable thinker. I can translate between business leaders and engineers, because I understand the responsibilities and needs of both.  I excel at driving change in dynamic environments.  Hire me when you need a cybersecurity expert for fast and unconventional solutions, a deputy and sparring partner who gets things done whether it’s building or fixing organizations and their strategies, developing new services or structures, and coming up with creative solutions to complex challenges.

Engagements include board advisory roles for early- and mid-stage startups, venture capital investors, and private equity firms focused on information security-related activities, as well as interesting strategic projects, and senior information security leadership positions.

Strengths and Capabilities (Business and Stakeholder Development)

  • go-to-market strategy development and positioning for information security products and services.  Positioning infosec services to buyers, investors, and stakeholders
  • business and sales tracking and effectiveness measurement – ensuring faster growth through more effective use of limited resources
  • communication materials – internal and external, presentations, video/audio, white papers
  • evangelism, relationship development
  • critical infrastructure (primarily financial services) sector resilience building and collective defence, public-private partnerships
  • information security subject-matter expertise advisory services for tech investors
  • cybersecurity startup and innovation coaching and development

Strengths and Capabilities (Organisational Consulting)

  • cybersecurity strategy, architecture, and management
  • information security policy and standards development
  • company information security programme development and deployment, including
    • cyber-risk analysis and management – internal, supply chain
    • security assurance / application security testing
    • vulnerability management, incident response, and security operations centre (SOC)
    • cyber-threat intelligence
    • business continuity management (BCM)
    • security reporting
    • resilience exercises – internal, sector, and cross-sector / public-private
  • operational resilience development
  • cyber risk – connecting cyber risk analysis capabilities to business risk structures, bringing organisational risk management in line with cyber-risk insurance, regulatory, and good practice requirements
  • compliance/alignment with good practice, cyber risk insurance, and regulatory) requirements
    • ISO 1400x/27000/27001/27002/27003/27005, Cyber Risk Institute Profile, NIST, FFIEC
    • HIPAA, COBIT, Sarbanes-Oxley (SOX) 404, GDPR, DORA/NIS2, and EU Cybersecurity Act
  • workshops, training, hiring

Passed CISSP exam, decided not to give ISC(2) any more money.