Dublin-based · EU-focused · EMEA Delivery · DORA · NIS2 · EU AI Act · ISO 42001

Credentials & Institutional Affiliations

Academic credentials, professional certifications, industry affiliations, regulatory engagement, and publication record.

Institutional Authority

Credentials & Affiliations

Third-party validated expertise — academic pedigree, professional certifications, and institutional affiliations that underpin the doctrine.

🎓

Academic Authority

Honorary Professor — Cybersecurity, AI & Quantum Computing at Schiphol University. Honorary Senior Lecturer in Information Security at UCL. Research collaborations with imperials.

UCLImperialSchiphol
🛡️

Professional Certifications

CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CCSP (Certified Cloud Security Professional), CCSE (Checkpoint Certified Security Expert).

CISSPCISMCRISCCCSPCCSE
🏛️

Industry Pedigree

27 years securing regulated enterprises. Big 4 consulting alumni (Deloitte, PwC, EY, KPMG). Zero breaches managing over £500B in assets across Tier-1 financial services, critical infrastructure, and government.

27 YearsBig 4Zero Breaches
📋

Regulatory Body Engagement

Direct engagement with EBA, EIOPA, ESMA supervisory frameworks. DORA implementation advisory. NIS2 transposition consultation. EU AI Act readiness architecture for regulated entities across EMEA.

EBAESMAEIOPAENISA
📖

Publication Record

900 published governance doctrine frameworks. Peer-reviewed research in AI security, operational resilience, and institutional governance. Cited across regulatory submissions, board reports, and supervisory correspondence.

900 DoctrinesPeer-ReviewedCited

27 years. Five certifications. One principle: the evidence chain either holds or it does not.

CISSP. CISM. CRISC. CCSP. CCSE. Every credential pressure-tested across Tier-1 regulatory environments — banks, sovereign boards, CNI operators, parliamentary select committees.

Public Authority

Parliamentary Testimony & Public Appointments

Direct engagement with the legislative process — oral testimony, board appointments, and advisory roles that place this doctrine at the intersection of governance and law.

🏛️

Parliamentary Oral Testimony

Called to give oral evidence before the Joint Committee on the UK Cyber Security and Resilience Bill — contributing technical and governance analysis directly into draft legislation. One of fewer than a dozen practitioners asked to testify on the Bill’s provisions covering incident reporting obligations, critical national infrastructure scope, and CISO accountability frameworks. Evidence entered the formal parliamentary record.

UK ParliamentCS&R BillOral Evidence
🌏

Vice Chair — National Disasters Emergency Centre, Singapore

Appointed Vice Chair of the National Disasters Emergency Centre, Singapore — a sovereign-level emergency coordination body. Responsible for cyber resilience integration into national emergency response doctrine, cross-agency incident coordination protocols, and critical infrastructure continuity planning across Singapore’s regulated sectors.

SingaporeSovereign AppointmentVice Chair
🔵

Cyber Resilience Centre for London

Active leadership role within the Cyber Resilience Centre for London — the Metropolitan Police-backed national cyber resilience hub. Contributing to threat intelligence dissemination, SME resilience programme design, and public-private sector incident coordination frameworks across the London economic area and national critical infrastructure ecosystem.

Met Police BackedLondon CRCLeadership
📡

ISO Technical Committee Engagement

Contributing expert to ISO/IEC technical committees on information security management and AI governance. National Standards Body engagement on ISO 27001, ISO 42001 (AI management systems), and ISO 22301 (business continuity). Doctrine frameworks cited across regulatory submissions, board-level governance reports, and supervisory correspondence with FCA, EBA, ENISA, and ESMA.

ISO/IECISO 27001ISO 42001Standards
Critical National Infrastructure

Sector Delivery Record

27 years of hands-on delivery across every major CNI sector — classified environments, regulated financial systems, and sovereign infrastructure. Zero breaches across £500B+ assets under protection.

⚔️

Defence & Aerospace

Cyber governance delivery for defence sector clients — classified information architecture, supply chain security, OT/ICS protection for aerospace manufacturing, and national security clearance-level programme management. NCSC and MoD framework alignment.

MOD AlignedClassified
🏦

Tier-1 Financial Services & Banking

CISO-level advisory and programme delivery across major UK and European banks. £500B+ in assets secured. FCA, PRA, EBA, and DORA regulatory engagement. Trading floor cyber risk, payment infrastructure security, and board-level governance mandate delivery. Zero breaches throughout engagement portfolio.

Zero Breaches£500B+FCA · PRA
🏥

Public Sector & Healthcare

NHS-adjacent healthcare cyber architecture, HIPAA/HITECH and UK-GDPR data governance frameworks, public sector information security programme delivery for central government departments. DSP Toolkit alignment, CQC regulatory interface, and clinical data governance programme leadership.

NHS AdjacentHIPAA · HITECH

Energy & Critical Infrastructure

OT/ICS cyber architecture for energy sector operators — IEC 62443 implementation, Purdue Reference Model deployment, SCADA security hardening, and CNI-grade incident response planning. NERC-CIP and UK NIS Regulations compliance programme delivery.

IEC 62443SCADA · OT
✈️

Transport & Aviation

Cyber resilience programme delivery for major UK transport hubs including aviation infrastructure — safety-critical systems protection, passenger data governance, and operational technology security. EASA, CAA, and DfT regulatory framework compliance architecture.

EASA · CAASafety Critical
👮

Law Enforcement & Government

Direct delivery for UK law enforcement agencies — sensitive data architecture, intelligence system security, investigative platform governance, and protective marking compliance. Central government departmental cyber programme management at Director-level mandate.

Law EnforcementDirector Level
Framework Architecture

Global Standards & Framework Alignment

Not framework-aware. Framework-operative. Each standard below has been deployed in live regulated environments — not studied, applied.

ISO Standards Suite

  • ISO 27001:2022 — Lead Auditor certified. Full ISMS design and deployment across Tier-1 entities. Gap analysis, control implementation, certification audit support.
  • ISO 42001:2023 — AI Management Systems. First-mover implementation across EMEA regulated entities. EU AI Act compliance architecture integration.
  • ISO 22301 — Business continuity and operational resilience. Integration with DORA and FCA operational resilience rules.
  • ISO 31000 — Enterprise risk management framework integration. Board-level FAIR-aligned reporting.

NIST Framework Suite

  • NIST CSF 2.0 — Govern, Identify, Protect, Detect, Respond, Recover. Full six-function deployment across global programmes. Cross-mapped to ISO 27001 and DORA.
  • NIST SP 800-53 Rev 5 — Federal information security controls. Applied in defence-adjacent and government sector programmes.
  • NIST SP 800-171 — CUI protection. Supply chain and defence contractor cyber programme alignment.
  • NIST AI RMF — AI risk management framework. Integrated with ISO 42001 for comprehensive AI governance architecture.

EU Regulatory Frameworks

  • DORA — Full ICT risk, incident reporting, third-party oversight, and TLPT delivery. EBA/ESMA/EIOPA engagement. 900+ framework doctrine cross-referenced.
  • NIS2 — Transposition advisory, essential entity scoping, governance obligations, supervisory engagement across 14 EU member states.
  • EU AI Act — High-risk AI system compliance architecture, conformity assessment, Annex III scoping, and AI governance board mandates.
  • GDPR / UK GDPR — DPA-aligned data governance, DPIA frameworks, international transfer mechanisms, and supervisory authority engagement.
Published Voice

Media Bylines & Published Authority

Industry-grade published voice across the sector’s most authoritative platforms — peer-reviewed, editor-reviewed, and media-cited across the global cybersecurity canon.

Trade & Industry Media

CSO Online C-suite security leadership publication. Bylined analysis on CISO accountability, board governance, and regulatory response frameworks.
Infosecurity Magazine Enterprise security publication. Published doctrine on threat intelligence, operational resilience, and EU regulatory frameworks.
SecureWorld Security thought leadership platform. Published analysis on zero trust architecture, CNI protection, and CISO mandate delivery.
DataBreachToday ISMG flagship publication. Expert commentary on breach response, regulatory enforcement, and governance programme failures.
Cyber Protection Magazine Specialist security publication. Technical doctrine and governance framework analysis for enterprise security audiences.
Forbes Business and technology authority. Contributed expert analysis on AI governance, cyber risk economics, and board accountability frameworks.

Academic & Peer-Reviewed Record

900 published governance doctrine frameworks — each representing a formally structured, evidence-based contribution to the cybersecurity knowledge base. Peer-reviewed research spans AI security and governance, operational resilience architecture, institutional governance models, and regulatory compliance engineering.

900 DoctrinesPeer-ReviewedCited by Regulators

Cited across FCA submissions · EBA guidance responses · ENISA public consultations · Board-level governance reports · Supervisory correspondence · Parliamentary evidence

Leadership Philosophy

Cybersecurity as a Team Sport

27 years of frontline delivery teaches one truth: no individual — however credentialed — secures an enterprise alone. Sustainable cyber resilience is a collective discipline.

🤝

The Team Sport Doctrine

“Cybersecurity is a team sport.” This is not a platitude — it is a programme design principle. Every governance framework, every board mandate, every regulatory response succeeds or fails at the intersection of technical competence and organisational alignment. The CISO cannot win alone. The board cannot delegate and disappear. Security is owned collectively or not at all.

🎯

Cross-Functional Leadership

27 years of delivering across the full stakeholder spectrum — from Tier-1 bank boards to parliamentary select committees, from field engineering to C-suite advisory. The ability to translate technical risk into board language, and to hold regulators, lawyers, and engineers in the same governance conversation, is the rarest and most valuable capability in the profession.

⚖️

The Evidence Chain Principle

In a profession where reputations are built on certifications and destroyed by breaches, the only currency that holds is evidence. Every doctrine framework, every regulatory submission, every board report stands or falls on whether the evidence chain holds. 27 years. Zero breaches. The chain holds.

“Cybersecurity is a team sport. I have spent 27 years building the teams, writing the playbooks, and delivering the outcomes that prove it.”

CISSP · CISM · CRISC · CCSP · CCSE · UCL · Imperial College · Schiphol University · Parliamentary Testimony · Singapore Vice Chair · Cyber Resilience Centre London · All Big 4 · Zero Breaches

Estate · IoT · Digital Twin

Technical & Programme Skill Stack — Estate Doctrine Series

Skills, frameworks, and protocols mastered across the 20-volume Estate / IoT / Smart-Building doctrine series. Coverage spans the full stack — from BMS / IoT protocols to portfolio-scale ESG and Net Zero programme economics.

Technical

Protocols, Architecture & Engineering

IEC 62443 (OT Cyber) Purdue Reference Model BACnet Modbus / Modbus TCP KNX LoRaWAN Zigbee BLE / Bluetooth Low Energy NB-IoT Building Management Systems (BMS) OT/IT Network Segmentation Digital Twin Architecture Edge Computing / Industrial Edge ICS / SCADA Security IoT Identity (SPIFFE/SPIRE for OT) Sensor Telemetry Engineering Predictive Maintenance AI HVAC Demand Response Occupancy Intelligence Multi-Vendor Convergence
Programme

Non-Technical & Programme Skills

Programme Governance (£50M+ Estate Transformations) Risk Architecture for OT/IoT Programmes Cyber-Insurance Posture Engineering Audit Defensibility (Procurement-Grade Artefacts) Stakeholder Briefing (Board, FM, Engineering) Vendor Concentration-Risk Management Executive Communication on Technical Programmes Cross-Functional Programme Leadership
Business

Commercial & Business Outcomes

Estate Cost Reduction (25-35% via Occupancy Intelligence) Capital Release through Smart-Estate Monetisation ESG & Net Zero Programme Economics Energy-Cost Optimisation at Portfolio Scale Resilience Dividend (Insurance-Premium Reduction) Digital-Twin ROI & Operational Intelligence Cases M&A Cyber Due Diligence for Estate Acquisitions Board-Level KPI Dashboards (FAIR-Aligned)

Board Mandate Engagement

27 years of hands-on delivery, available for board mandate.

Initiate engagement → Browse 900 publications
Contact Email Direct