About

Independent cybersecurity judgement, grounded in practice.

I work with boards and senior leaders who need clear, defensible decisions on cyber risk, and the evidence to back them up.

Book a 20-minute call Send an enquiry

Bio

Background

I provide CISO-level cybersecurity advisory and fractional leadership for boards and senior executives who need experienced security leadership at the right level without a permanent appointment. I hold an LL.M in Information Technology Law and have authored four compliance frameworks covering NIS2 and the Cyber Resilience Act, bringing regulatory depth that goes beyond traditional cybersecurity practice.

My work helps organisations make defensible decisions on cyber risk, governance, regulatory readiness, cloud assurance and security investment. I combine practical cybersecurity experience with legal, regulatory and business understanding, helping organisations move from fragmented security activity to clear ownership, prioritised action and audit-ready evidence.

Thought leadership

Frameworks

December 2025

NIS2 Diagnostic Framework

Establishing scope, readiness, and programme direction in five days

Moves from NIS2 uncertainty to a confident programme decision, with outputs that feed directly into mobilisation.

Read about the NIS2 Diagnostic Framework

March 2026

NIS2 Programme Framework

How to run a NIS2 programme that delivers sustained compliance.

Provides a working structure for every phase, from mobilisation, through board oversight, to sustained compliance.

Read about the NIS2 Programme Framework

July 2025

CRA Applicability Framework

Establishing scope, role and obligations before CRA becomes enforceable

A practical framework for manufacturers, importers and distributors to establish scope, determine role and map obligations before the CRA becomes enforceable.

October 2025

CRA Operating Framework

From secure by design to vulnerability reporting and market access

Covers the full compliance lifecycle from secure by design principles and technical documentation through to vulnerability reporting, conformity assessment and market access.

How I work

A simple, defensible approach.

Every engagement follows the same arc: understand the position, give clear advice, build the evidence to stand behind it.

Assess

Establish scope, maturity and the questions that actually need answering.

Advise

Deliver clear, prioritised guidance the board and leadership team can act on.

Assure

Build the governance, ownership and evidence that holds up under scrutiny.

Ready to talk?

Book a 20-minute advisory call, or send me a message.

Book a 20 minute advisory call Send an enquiry