Senior cyber leadership, without the full-time cost.
Senior cyber leadership, without the full-time cost.
I help startups, scaleups and medium sized companies navigate enterprise security, compliance, and investor due diligence — so security becomes a growth enabler, not a blocker.
I help startups, scaleups and medium sized companies navigate enterprise security, compliance, and investor due diligence — so security becomes a growth enabler, not a blocker.
No pitch or agenda. Just an honest conversation.
No pitch or agenda. Just an honest conversation.
8 industry sectors
from tech to finance
25 years cyber experience
8 industry sectors
from tech to finance
25 years cyber experience
8 industry sectors
from tech to finance
25 years cyber experience
Sound familiar?
Security stops being an IT problem the moment you start selling to enterprise.
Your enterprise deals are stalling.
Procurement teams are sending security questionnaires your team doesn't have the bandwidth — or in depth knowledge — to answer confidently.
Your enterprise deals are stalling.
Procurement teams are sending security questionnaires your team doesn't have the bandwidth — or in depth knowledge — to answer confidently.
Compliance is becoming unavoidable.
Investors, customers, and regulators are asking for SOC 2, ISO 27001, or both — and you're not sure where to start.
Business Solutions
Investors, customers, and regulators are asking for SOC 2, ISO 27001, or both — and you're not sure where to start.
Cyber security is ownerless.
It's sitting with your CTO or CIO by default, competing with product delivery and IT priorities. Nobody is thinking about it strategically.
Cyber security is ownerless.
It's sitting with your CTO or CIO by default, competing with product delivery and IT priorities. Nobody is thinking about it strategically.
Sound familiar?
Security stops being an IT problem the moment you start selling to enterprise.
Your enterprise deals are stalling.
Procurement teams are sending security questionnaires your team doesn't have the bandwidth — or in depth knowledge — to answer confidently.
Compliance is becoming unavoidable.
Investors, customers, and regulators are asking for SOC 2, ISO 27001, or both — and you're not sure where to start.
Cyber security is ownerless.
It's sitting with your CTO or CIO by default, competing with product delivery and IT priorities. Nobody is thinking about it strategically.
I work with a small number of companies at any one time — typically one or two days per week, on a retained basis. Here's what that looks like in practice.
I work with a small number of companies at any one time — typically one or two days per week, on a retained basis. Here's what that looks like in practice.
Assess
We start with a focused review of your current security posture — where you are, where you need to be, and what the gaps are. No jargon, no unnecessary complexity.
Prioritise
Together we build a pragmatic roadmap based on your specific risks, your stage, and your budget. You get the most security improvement for every pound you spend.
Business Solutions
Together we build a pragmatic roadmap based on your specific risks, your stage, and your budget. You get the most security improvement for every pound you spend.
Execute
I embed as part of your leadership team — attending board meetings, leading compliance programmes, owning security questionnaires, and providing the senior security voice your business needs.
Assess
We start with a focused review of your current security posture — where you are, where you need to be, and what the gaps are. No jargon, no unnecessary complexity.
Prioritise
Together we build a pragmatic roadmap based on your specific risks, your stage, and your budget. You get the most security improvement for every pound you spend.
Execute
I embed as part of your leadership team — attending board meetings, leading compliance programmes, owning security questionnaires, and providing the senior security voice your business needs.
25 years on both sides of the table.
25 years on both sides of the table.
I've spent my career inside some of the UK's largest financial institutions — including Lloyds Banking Group and RBS — and running my own cybersecurity consultancy serving businesses from early-stage startups to enterprises with £20bn+ turnover.
I understand what enterprise security teams scrutinise before they'll sign a supplier contract — because I've led those teams. And having built and run my own business, I understand that resources are finite and that every pound spent needs to deliver. That knowledge is what I bring to the businesses I work with.
I won't recommend what you don't need, and I'll always focus on the security improvements that give you the most protection for the least spend.
Most recently I supported JLR through the biggest ever recorded UK cyber incident — experience that gives me a real-world crisis perspective that most fractional CISOs simply don't have.
Robust compliance and regulatory knowledge
Strategic, Board level thinking
Deep technical insight
25 years on both sides of the table.
I've spent my career inside some of the UK's largest financial institutions — including Lloyds Banking Group and RBS — and running my own cybersecurity consultancy serving businesses from early-stage startups to enterprises with £20bn+ turnover.
I understand what enterprise security teams scrutinise before they'll sign a supplier contract — because I've led those teams. And having built and run my own business, I understand that resources are finite and that every pound spent needs to deliver. That knowledge is what I bring to the businesses I work with.
I won't recommend what you don't need, and I'll always focus on the security improvements that give you the most protection for the least spend.
Most recently I supported JLR through the biggest ever recorded UK cyber incident — experience that gives me a real-world crisis perspective that most fractional CISOs simply don't have.
Robust compliance and regulatory knowledge
Strategic, Board level thinking
Deep technical insight
What I can help with
From security strategy to board-level reporting — and everything in between.
SOC 2 & ISO 27001 readiness
Security roadmaps & maturity uplift
Enterprise security questionnaires
Investor due diligence preparation
Incident response leadership
Cloud & SaaS security reviews
Board & exec-level reporting
Cyber risk & governance frameworks
What I can help with
From security strategy to board-level reporting — and everything in between.
SOC 2 & ISO 27001 readiness
Security roadmaps & maturity uplift
Enterprise security questionnaires
Investor due diligence preparation
Incident response leadership
Cloud & SaaS security reviews
Board & exec-level reporting
Cyber risk & governance frameworks
Not sure if the timing is right? Let's find out.
Book a free 20-minute call. I'll ask a few questions about where you are, share some honest observations based on what I see at your stage, and we'll both know whether there's something worth exploring. No pitch. No proposal. No obligation.
Not sure if the timing is right? Let's find out.
Book a free 20-minute call. I'll ask a few questions about where you are, share some honest observations based on what I see at your stage, and we'll both know whether there's something worth exploring. No pitch. No proposal. No obligation.
Not sure if the timing is right? Let's find out.
Book a free 20-minute call. I'll ask a few questions about where you are, share some honest observations based on what I see at your stage, and we'll both know whether there's something worth exploring. No pitch. No proposal. No obligation.