Senior cyber security advisory, built on 25 years inside the organisations that matter
London-based cyber security consultant to FTSE 100 boards, financial services institutions, insurers, private equity firms and regulated organisations. I translate complex security risk into executive decisions, governance frameworks that hold up to regulatory scrutiny, and strategies that protect what your organisation has built.
The difference between cyber security advice and cyber security counsel
Most cyber security consultants deliver reports. They assess, they document, they recommend, and they leave. What boards and executive committees need is something different: a senior adviser who understands both the technical landscape and the governance reality, who can translate risk into decisions, and who has sat in the room where those decisions are made.
With 25 years as a CISO inside FTSE 100 firms, global insurers, critical national infrastructure and private equity-backed businesses, and with former advisory appointments at the FCA, NCSC and Lloyds of London, I provide the level of counsel that senior organisations require when the stakes are high.
"Many companies go wrong: they build a security function and think it should be able to deal with everything. It always helps to break it down into a strategic function and a technical function."
Ali Zeb, Computing Cyber Security Strategy BriefingWhat senior cyber security consulting looks like in practice
Cyber Security Governance
Designing the accountability structures, reporting frameworks and risk management processes that allow complex organisations to govern cyber security as rigorously as financial or operational risk.
Board-Level Risk Advisory
Translating technical security risk into executive and board language. Helping boards understand what they face, what good looks like, and what decisions need to be made.
Regulatory Compliance
Navigating FCA, NCSC, DORA, NIS2, UK GDPR and PCI-DSS obligations, informed by former advisory positions inside the FCA's ISCCG and NCSC, not just a reading of published guidance.
Security Programme Leadership
Senior oversight and governance direction for major security transformation programmes, ensuring what is built will withstand board, regulator and external scrutiny.
Private Equity Cyber Due Diligence
Pre-acquisition security assessment, post-merger integration and PortCo transformation for private equity firms and their portfolio companies.
AI & Digital Governance
Strategic counsel on AI governance frameworks and digital transformation programmes, ensuring security and compliance are embedded from the outset rather than added as afterthoughts.
Organisations where security decisions carry real consequences
My consulting practice is designed for organisations where cyber security is a material governance issue, where a failure carries regulatory, reputational and operational consequences that boards are ultimately accountable for. That includes regulated financial institutions, insurers operating in the Lloyd's market, critical infrastructure operators, private equity-backed businesses and large technology organisations.
Based in London, I work with UK, European and international clients. See the full range of expertise and practice areas, or arrange a conversation directly.
Financial Services & Banking, FCA-regulated institutions and investment firms
Insurance & Lloyd's Market, insurers, reinsurers and Lloyd's market participants
Critical National Infrastructure, energy, utilities and CNI operators
Private Equity, PE firms and portfolio companies requiring cyber due diligence and transformation
FTSE 100 & Large Cap, complex, listed organisations with board-level security governance needs
Public Sector & Government, central government bodies and government-adjacent organisations
25 years of consequential security leadership
Looking for a senior cyber security consultant in London?
Introductory conversations are by arrangement. Please describe your situation directly.
Arrange a Conversation