How did I get here?
School dropout.
College dropout. Twice.
Military failure.
Security guard.
Doorman/hooligan
IT asshole (for a couple of years)
Martial arts instructor and business owner
Security manager and bleeding wallet for the security training industry
Security consultant, auditor and educator
Industry 'thought leader'
Industry hate figure
That just about completes that list and brings us up to date.
I am (probably) the most educated security risk practitioner on the planet. And definitely the most honest. I was once described as 'the straight edge against which a crooked industry is measured.'
During my career, I kept running into things that just didn't feel 'right'. The things I was taught officially and the advice I got were contradicted by the things I was seeing in my everyday work. The things people were saying just didn't make any sense. I began to doubt myself.
Then I began my educational journey. Nope, it wasn't a 'me' problem, for a change. The industry really is full of shit.
It doesn't need to be this way, though.
If you are sick of the way things are, tired of being ignored by your clients / employers and milked by an industry that doesn't care about your contribution, we should talk.
If you're sick of paying through the nose for security bullshit from people you don't trust, but you don't know what else to do, we should DEFINITELY talk.
I hold / have held...
MSc in Security Management (distinction)
DSyRM in Security Risk Management
CISM (also taught) Expired
CRISC (also taught) Expired
CISA (also taught) Expired
CGEIT (also taught) Expired
CISSP Expired
SEC+ Expired
ISO27001 Lead Auditor (also taught) Expired
ISO27001 Lead Implementer (also taught) Expired
....and a whole host of other stuff that I passed and didn't apply for, or else just forgot about.
I also hold numerous certifications in education, ranging from teaching and coaching to qualification design, assessment, and verification.
Consulted for charities, educational establishments, healthcare, Fintech, national retailers and a major UK Govt department.
I have worked on projects ranging from physical security and personal protection, Enterprise Risk Management implementation and ISO27001, incident response design right up to governance system design.
I don't name my clients, nor discuss my projects. What we do together stays between us.
If you’ve got questions, I’ve got answers.
That depends. Are you after the clinical or public opinion? 🤣
Okay, I'll give that a try.
I'm autistic and highly educated. I scored in the 98th percentile on a well-considered psychopathy diagnostic test. I don't tolerate bullshitters or lazy fools. That makes me incredibly unpopular in an industry (and world) full of them.
I'm fine with that.
Yep. I hold a professional doctorate in security risk management from the Institute of Criminal Justice Studies at Portsmouth University.
I've held every major (and relevant) security management certification in the world and have taught most of them.
I've also designed courses up to and including MSc level.
Don't go confusing me with an academic, though. I've done the job for nearly 30 years. I just read some books as well.
If the right client wanted my help, could pay for it and was serious about it, I'd consider it.
I don't waste my time with anyone who isn't serious about what I do, regardless of what they are paying. I once walked away from an agreed 100K gig just because I realised the CEO wasn't committed.
Yes. It amazes me that most 'security leaders' don't even have a corporate budget for their own development in the role. They are too busy spunking it up on fucking 'awareness' campaigns. If the right people are serious about my help, and they can pay for it, I'll consider it.
No. I provide coaching and training. Mentoring is just a little bit too 'fuzzy' of a relationship for me, thanks.
Hell yes. I operate on the principle that all my relationships are between equals.
If someone decides to make themselves less than equal (through dishonesty, laziness, disrespect, or stealing my IP), then we're done. No second chances, and excuses have no currency with me.
God, yes.