Selected engagements and professional references.

Meggitt was migrating critical manufacturing workloads to Microsoft Azure, including an application supporting global factory operations around the clock. A third-party firm was executing the build; they needed independent oversight to ensure the landing zone was secure and the architecture sound.

Provided independent architectural assurance and security oversight throughout the programme. This included challenging the landing zone design, reviewing security controls, aligning delivery with business risk appetite, and validating the architecture against RTO and RPO targets. The engagement ran alongside the delivery team, providing challenge rather than a point-in-time review.

Migration to a secure Azure environment, with the architecture and security controls independently verified. Resilience requirements, including RTO and RPO targets, were validated against the implemented design. Client leadership gained independent assurance that the Azure environment was secure, resilient and suitable for critical manufacturing operations.

Bauer Media Group was migrating approximately 200 applications to cloud infrastructure across AWS and Azure, covering its international operations. The programme required consistent security governance across a dispersed estate, with controls and operating standards that could scale with the migration and remain in place after it completed.

Led security governance and assurance across the programme, advising C-suite and technology leaders on risk exposure, delivery trade-offs and investment priorities. Established a Cloud Centre of Excellence and built a 12-person global cloud team, embedding security governance, operating standards and delivery capability across the organisation.

The Cloud Centre of Excellence and the team operating it remained in place after the engagement. Controls were consistent across AWS and Azure, with clear ownership established across the international operation. Senior leadership had a clearer basis for security decisions as the migration progressed.

The European Central Bank required cybersecurity governance across cloud migration, operational security and AI-enabled workloads involving market-sensitive services. Risk management was structured within an ISO 27001 framework. The programme required clear risk assessment, supplier assurance, documented control evidence and senior sign-off before services could progress.

Provided security governance across approximately 50 market-sensitive services, establishing go-live risk gates and control assurance checkpoints within governance workflows. Supplier assurance evidence was independently challenged, with control gaps, remediation actions and residual risk decisions surfaced for business, architecture, audit and risk stakeholders.

The engagement strengthened cyber risk management, improved supplier assurance challenge and created a clearer evidence base for go-live decisions. Audit actions were closed, control assurance was strengthened and senior stakeholders gained a more defensible basis for risk acceptance across critical services.