Senior cybersecurity judgement, on demand.
Growing regulation is making boards directly accountable for cybersecurity decisions. I help directors make defensible decisions on cyber risk, demonstrate compliance under scrutiny, and build governance that holds up.
Experience across central banking, FTSE 100 aerospace and defence, and ASX 20 global supply chain infrastructure.
- Board-level cybersecurity governance and accountability
- Regulatory compliance that holds up under supervisory scrutiny
- Risk reporting boards can make decisions from
- Cloud security assurance for critical workloads
- Cybersecurity leadership without a permanent CISO
Four problems that land at board level.
Your board is accountable for cybersecurity but has no senior security leadership in place.
Senior cybersecurity oversight, governance and decision support for boards and executives, without the overhead of a full-time appointment.
Learn moreYour board receives cybersecurity reports but cannot make a governance decision from them.
Board-ready reporting that turns cyber risk into defensible decisions, investment choices and a clearer risk appetite.
Learn moreYou approved a cloud migration but cannot demonstrate assurance over critical workloads.
Independent assurance over cloud security, governance, architecture and the controls protecting your most critical workloads.
Learn moreA customer or regulator is scrutinising your security and the answer is not ready.
Support for customer security reviews, procurement scrutiny and audit evidence without slowing commercial activity.
Learn moreAlso available for specific situations: Incident Response Advisory and M&A Security Due Diligence.
From regulatory uncertainty to sustained compliance.
Organisations don't all need the same NIS2 support. Some need to establish scope. Others need independent assurance. Some need a structured programme.
See NIS2 services- NIS2 DiagnosticUnderstand scope, size of effort and how to structure your programme. Five-day diagnostic.
- Compliance VerificationIndependent challenge of your claimed compliance position and evidence quality.
- Programme DesignGovernance, ownership, evidence and roadmap for sustained NIS2 compliance.
From product scope uncertainty to CRA compliance.
CRA obligations depend on the role you hold in the supply chain. Whether you manufacture, import or distribute products with digital elements, the first step is establishing scope and understanding what applies to you.
See CRA servicesDesigns or builds products with digital elements. The heaviest CRA obligations apply, spanning the full product lifecycle.
Brings products into the EU market. Must verify that manufacturers have met CRA obligations before placing products on the market.
Makes products available without modification. Lighter obligations apply, but verification of compliance remains required.
Trusted where the stakes are high.
Cloud security assurance for critical manufacturing workloads migrated to Azure. Independent architectural oversight and security validation throughout the programme.
Cybersecurity governance across 50 market-sensitive services within an ISO 27001 framework, including supplier assurance, go-live risk gates and audit evidence.
"Marcin stood out for his clear judgement, calm leadership, and ability to align stakeholders and drive delivery. He brought structure to complex discussions, helped teams make timely decisions, and kept the work focused on outcomes and risk."
"A fantastic partner to work with, bringing a wealth of knowledge and experience that allowed Meggitt to define and implement a secure Azure Landing Zone with confidence. The engagement, commitment and interaction with the customer was exceptional leading to a successful implementation."
This practice is for organisations that need senior security judgement, defensible governance and independent assurance. Managed SOC, penetration testing and commodity compliance work sit outside this scope.