top of page



You have a problem? I might be able to help.

I consider consulting projects in the following areas:

  • Security risk governance

  • Security risk architecture development

  • Security programme development

  • Security risk assessment methodology implementation

  • Security function / organisational alignment and value realisation

  • Security training design and implementation

  • Workplace violence management and staff protection

  • Security policy review or development

  • Security control framework development

  • Security team development

  • Incident response development and training

  • Tabletop exercise development

  • Information Security Management System (ISMS) development

  • Internal security audit support

A few considerations before contacting me.

I provide the most benefit if I have access to senior stakeholders, including the board. I tend not to get involved at the operational level anymore - there are more affordable options that can help you there. I am not a 'cyberist' and don't get heavily involved in technical projects. In my experience, security is an organisational problem rather than a technical one.

I don't take on 'box-ticking' projects. I prefer to work with organisations and people that 'get it' and care about getting real, tangible value from their security spend.

To begin, I require a clear email stating at high level whatever your problems are and what you want from me. It needs to be in writing and I may well respond with questions that require clear answers. This process can frustrate some people who are used to just being 'sold'. I prefer to do things according to my own ethics, and that means only taking money if I can actually help.

If I think I can help based on this information, I will invite you to a chargeable diagnostic call where I will get a deeper understanding of your needs, and clarity on whether I think we can work together. If I cannot help you, the fee for this call is refunded in full.

If I think I can help and that we can work well together, the next step is that I provide you with an action plan that is chargeable, regardless of whether you engage me further. The final step is the actual engagement.


No work is undertaken without payment unless we are talking about long-term projects where I require 50% upfront and an escrow agreement.

Be aware that I am not desperate for your business and I only engage in mutually beneficial relationships. I am not impressed by the size of your business, your budget or your job title. People with your problems are everywhere. People with my solutions aren't. As a result, clients are required to accept my terms and conditions of business. I do not sign 'contractor agreements' provided by clients. If you want my work, you need to agree to my terms of doing it. I will provide an NDA where required.

If you are serious about world-class advice and service, get in touch here.

bottom of page