About

Information security executive with 23 years of in-depth, cross-cultural, international experience as an information security and risk management leader and subject matter expert.

Click here for my resume

My fields of expertise include

  • information security strategy and management
  • vulnerability management and incident response
  • cyber-threat intelligence capability building
  • application and infrastructure security assurance
  • risk analysis and mitigation
  • corporate security policy and standards development
  • financial sector resilience building and collective defence

I am a superb communicator and public speaker, innovator, and fast, adaptable thinker. I can translate between business leaders and engineers, because I understand the responsibilities and needs of both.  I excel at driving change in dynamic environments.  Hire me when you need fast and unconventional thinking, a deputy and sparring partner who gets things done whether it’s building or fixing organizations and their strategies, developing new services or structures, and coming up with creative solutions to complex challenges.

I am open to discuss a range of engagements, including board advisory roles for early- and mid-stage startups, venture capital investors, and private equity firms focused on information security-related activities, as well as interesting strategic projects, and senior information security leadership positions.

Specialties:

  • information security management
  • security architecture
  • information security strategy & policy development and implementation
  • security risk management and cyber-business risk integration
  • team development, training, and leadership
  • crypto and authentication
  • ISO 1400x/27000/27001/27002/27003/27005
  • regulatory frameworks – HIPAA, COBIT, Sarbanes-Oxley (SOX) 404, GDPR, and EU Cybersecurity Act compliance
  • international data privacy and confidentiality best-practices
  • resilience building through strategic tabletop exercise development
  • cyber-threat information sharing policy and process

Passed CISSP exam, decided not to give ISC(2) any more money.