Independent board-level cyber security advisory for the organisations that need it most
Boards of regulated organisations are increasingly accountable for cyber security outcomes. Most do not have the expertise on the board to challenge management credibly on technology risk. A board cyber security advisor or Non-Executive Director with genuine CISO experience and established regulatory experience and proximity changes that, not as a credential, but as a functional governance asset.
Most boards are governing cyber risk without the expertise to do so
Cybersecurity is a governance problem before it is a technical one. Organisations that experience serious security failures almost always have a governance failure at the root, inadequate board understanding, unclear accountability, miscalibrated risk appetite, or a structural disconnect between security capability and board-level decision-making.
Regulators are responding to this. The FCA has escalated cyber resilience expectations for financial services boards. DORA introduced binding operational resilience obligations. NIS2 extends board-level accountability across critical sectors. Cyber insurance underwriters are requiring evidence of governance quality. The direction of travel is unmistakable: boards are accountable, and they need the expertise to meet that accountability.
"Cybersecurity is not a technical problem with a governance dimension. It is a governance problem with a technical dimension."
Four ways board cyber advisory is structured
Non-Executive Director
A formal board appointment providing independent oversight and strategic counsel on cybersecurity and technology risk. Attending board and committee meetings, providing independent challenge to executive management, and contributing governance judgement that is genuinely informed by CISO experience and current regulatory proximity.
Advisory Board Member
A structured advisory role providing regular counsel to the board or executive team. Typically quarterly or monthly, less formal than a full NED appointment but providing consistent, ongoing input and challenge rather than one-off advice.
Strategic Advisory Retainer
An ongoing retainer providing direct access to senior cyber security counsel on a responsive basis. Suited to organisations facing sustained strategic complexity, major transformation, regulatory engagement, M&A, or heightened threat, that need consistent senior input without a formal board appointment.
Programme Advisory
Time-bound senior oversight for a specific initiative, a digital transformation, AI governance framework, security architecture redesign or regulatory compliance programme. Senior strategic direction without delivery embedding, ensuring the programme is designed to a standard that withstands board, regulator, and external scrutiny.
Regulatory proximity that most board advisors cannot offer
FCA Regulatory Insight
Former advisory member of the FCA's Financial Services & Insurance Sector Cyber Coordination Group (ISCCG), providing a deep understanding of how the FCA approaches cyber resilience and what it expects from boards.
NCSC Strategy Advisory
Former Strategy Advisor to the UK National Cyber Security Centre, with direct engagement in national cyber security policy and critical infrastructure protection thinking.
Lloyds Market Standards
Former advisory board member of the Lloyds Market Cyber Risk Committee, providing direct understanding of the cyber risk governance standards applied across Lloyd's market participants.
CISO Operational Depth
Former CISO at MS Amlin, British Land, Planet Payment, Suntory Group and Xoserve. The ability to challenge management credibly comes from having held the role they are in.
Genuine Independence
No management relationship, no vendor ties, nothing to sell other than sound judgement. The independence that genuine board challenge requires.
Deliberate Scarcity
A limited number of board engagements, because meaningful advisory relationships require the time and attention to develop properly. Quality over volume.
Considering a board cyber security advisor or NED appointment?
The first conversation is about understanding your governance structure and what you are looking for. Please introduce yourself and your organisation.
Arrange a Conversation