Chief Information Security Officer · 25+ Years · Big 4 Lineage · Parliamentary Testimony
Information Security Executive

Security Architect. Hands-On Delivery.
Contract Engagements. 25+ Years. 12 Sectors.

Security architect, OT/ICS specialist, and hands-on security consultant. 25+ years of contract delivery across financial services, defence, critical national infrastructure, and regulated industries. Big 4 consulting lineage. Academic at UCL, Imperials, and Schiphol University. Contract-only engagements — architecture through implementation, governance through technical delivery.

Fractional CISO Big 4 Lineage 25+ Years Parliamentary Testimony UCL · Imperials · Schiphol ISO 27001 NIST CSF 2.0 CNI · Defence FCA · PRA
27+ Years of Delivery From 1999 to present
12 Sectors Engaged Financial · Defence · Healthcare · Energy · Transport · Law Enforcement…
147→12 Audit Findings Critical findings reduced in regulated enterprise programme
0→214 AI Models Governed ISO 42001:2023 programme from ground zero
How I Engage

Contract Engagement Types

Six contract engagement types — from fractional CISO to hands-on security architecture and programme delivery. Available for contract and consulting engagements only.

🏛️ Fractional CISO

Fractional CISO & Security Lead

Fractional CISO engagement — hands-on security leadership on a contract basis. Risk ownership, board reporting, and programme execution without a permanent commitment.

Board ReportingRisk OwnershipSecurity StrategyRegulatory Leadership
Interim & Transition

Interim CISO & Leadership Transition

Critical leadership continuity for M&A integration, post-incident recovery, regulatory remediation, and executive succession. Operational from Day 1.

M&A SecurityPost-IncidentSuccession PlanningProgramme Continuity
🔧 Programme Delivery

Security Transformation Architect

End-to-end security transformation: hands-on architecture, technology platform modernisation, and capability delivery across complex, multi-entity organisations.

Operating ModelTechnology StrategyCapability BuildingChange Management
🏗️ Architecture

Enterprise Security Architecture

Zero-trust architecture, cloud security design, identity governance, and security-by-design embedding across engineering and product organisations.

Zero TrustCloud SecurityIdentity & AccessSecurity by Design
⚖️ Governance & Risk

Security Governance & Risk Consulting

GRC programme design, board-level risk reporting, and enterprise risk management frameworks aligned to ISO 31000, NIST CSF 2.0, and sector-specific regulatory requirements.

GRCISO 31000NIST CSFBoard Risk Reporting
📋 Regulatory Consulting

Regulatory & Compliance Consulting

Hands-on regulatory compliance consulting. FCA/PRA operational resilience, DORA, NIS2, EU AI Act, and GDPR/UK GDPR across multi-jurisdictional enterprises.

FCA / PRADORANIS2GDPR / UK GDPR
Sector Breadth

Sectors Engaged

Security leadership across every major regulated sector — with the regulatory and framework fluency each environment demands.

Sector Regulators & Authorities Primary Frameworks
Financial Services & Banking FCA · PRA · EBA DORA · ISO 27001 · NIST CSF
Aerospace, Defence & Space MOD · NCSC NIST 800-53 · ISO 27001 · JSP 440
Critical National Infrastructure NIS2 · NCSC CAF · NIS Regulations · ISO 22301
Healthcare & Life Sciences CQC · ICO HIPAA/HITECH · ISO 27001 · DSPT
Energy & Utilities OFGEM · NCSC CAF · IEC 62443 · ISO 27001
Transport & Aviation CAA · ATISN ISO 27001 · NIST CSF · ISO 22301
Law Enforcement & Government Home Office · NCSC PSN · IL classifications · ISO 27001
Insurance & Capital Markets FCA · Lloyd's · PRA DORA · NIST CSF · ISO 27001
Career Lineage

Where the Experience Comes From

A career built across the most demanding environments in information security — consultancy, academia, government, and international standards.

Big 4 Consulting

Global advisory practice — enterprise security strategy and GRC for FTSE 100 and Fortune 500 clients

UCL · Imperial College · Schiphol

Academic appointments across University College London, Imperial College London, and Amsterdam Airport Schiphol

Parliamentary Committee

Oral and written testimony on the UK Cyber Security and Resilience Bill — advising national legislative cyber policy

National Disasters Emergency Centre

Vice Chair, Singapore — national-government-level resilience leadership

ISO Technical Committee

Appointed participation in international standards development for information security management

Cyber Resilience Centre for London

Active engagement with the national police-led cyber resilience initiative

Media Authority

Editorial bylines and expert commentary in the publications that shape the profession.

ForbesCSO OnlineInfosecurity MagazineSecureWorldDataBreachTodayCyber Protection Magazine
Philosophy

“Cybersecurity is a team sport — no single vendor, framework, or practitioner secures an organisation alone. The executive’s role is to build the team, set the doctrine, and keep the board informed.”

Certifications & Frameworks

Practitioner and architect-level command of the frameworks that govern regulated enterprise security.

ISO 27001ISO 42001ISO 22301NIST CSF 2.0NIST 800-53NIST AI RMFDORANIS2GDPREU AI ActCCSE

Available for Security Architecture & Consulting Contracts

Contract-only engagements. Whether you need a security architect, fractional CISO, or hands-on programme lead — architecture through delivery, governance through technical execution. The engagement starts with a conversation.

Live Standards & Regulatory Horizon

Security Architect — current signal stack

Curated each day from authoritative sources (ISO, NIST, ENISA, ESAs, ICO, NCSC). The signal pool refreshes nightly; the daily slate is selected deterministically so two readers on the same date see the same brief.

Updated 2026-06-17
2026-02-10 IAPP
IAPP GDPR Resource Centre — Enforcement Tracker 2026

GDPR enforcement reached €4.5bn cumulative by early 2026, with Meta, LinkedIn and health-sector organisations facing the largest fines. Cross-border enforcement coordination between DPAs is accelerating.

Signal pool refreshed by kie_master_daily.py Phase 26. Methodology: curated synthesis from ISO / NIST / ENISA / ESAs / ICO / NCSC primary sources.

Contact Email Direct

Live Standards & Regulatory Horizon

Security Architect — current signal stack

Curated each day from authoritative sources (ISO, NIST, ENISA, ESAs, ICO, NCSC). The signal pool refreshes nightly; the daily slate is selected deterministically so two readers on the same date see the same brief.

Updated 2026-06-19
2026-02-10 IAPP
IAPP GDPR Resource Centre — Enforcement Tracker 2026

GDPR enforcement reached €4.5bn cumulative by early 2026, with Meta, LinkedIn and health-sector organisations facing the largest fines. Cross-border enforcement coordination between DPAs is accelerating.

Signal pool refreshed by kie_master_daily.py Phase 26. Methodology: curated synthesis from ISO / NIST / ENISA / ESAs / ICO / NCSC primary sources.