ciso • operator • public speaker
Security leadership that ships, not slides.
I build security programmes that hold up under growth, audits, M&A, and real attackers. Clear outcomes, minimal theatre.
Special interest: secure agentic AI and AI governance that stands up to regulators, customers, and reality.
how I start
30/60/90: decision-grade security, fast
- Map critical services to top attack paths
- Board-ready risk view with owners and dates
- Baseline identity, cloud, and third-party posture
- Identity and email uplift on highest-risk paths
- Assurance automation: evidence on demand
- AI governance guardrails that survive audits
- Tested recovery paths for critical services
- Operating cadence with exec sponsors
- 2-quarter roadmap framed as a differentiator
Outcomes over optics
Security operating model that ships
Roadmaps, KPIs, and exec comms that force clarity. Clear ownership, clear dates, and decisions made with trade-offs visible. Less theatre, more delivery.
Transparency-driven security that builds trust across teams, not silos.
Cloud-first guardrails, hybrid reality
Identity-led controls, sensible segmentation, and platform guardrails that keep teams moving. Designed for multi-cloud and third parties without turning delivery into a compliance circus.
Practical by default: secure patterns people will actually adopt.
Automation, assurance, and resilience
Evidence-on-demand, tight remediation cadence, and lean operations with strong oversight of outsourced monitoring. AI governance that stands up to customers, auditors, and regulators without killing innovation.
Less noise, faster response, cleaner assurance.
Speaking and appearances
Winning the AI Arms Race: defending the inbox in the age of intelligent threats
AI, email security, modern defence
Keeping pace of change: thriving in complex, interconnected threat and regulatory landscapes
Regulation, complexity, operating models