Expertise built across the full arc of cybersecurity and technology leadership

Effective cybersecurity is a governance challenge before it is a technical one. Organisations that experience serious security failures almost always have a governance failure at their root, inadequate board-level understanding, unclear accountability, miscalibrated risk appetite, or a structural disconnect between security capability and executive decision-making.

My work in this practice area is focused at the layer above the technical: designing the frameworks, accountability structures, and decision-making processes that allow an organisation to manage cyber risk with the same rigour it applies to financial or operational risk. This includes security governance frameworks, board-level security reporting, risk appetite definition, CISO advisory, and the translation of technical risk into the language boards can act on.

The demand for credible technology and cybersecurity expertise at board level has never been greater, and the supply of people genuinely qualified to provide it remains thin. Most boards have no meaningful way to evaluate what management tells them about cyber risk. They are operating without informed oversight in one of the most consequential risk domains they face.

I provide independent board-level contribution as a Non-Executive Director or advisory board member for organisations where cybersecurity, technology governance, and digital strategy are material to performance and compliance. My value comes from the combination of deep technical expertise, genuine CISO experience, and regulatory proximity, the ability to challenge management credibly, ask the questions that matter, and contribute strategic judgement rather than generic governance input.

Digital transformation programmes that succeed treat security, governance, and strategic alignment as foundational, not as considerations added at the end. Programmes that fail typically do so for the opposite reason: security is bolted on, governance is an afterthought, and the pace of change outstrips the organisation's ability to manage what has been built.

I provide senior strategic counsel on digital transformation and AI adoption, working with boards and executive teams to ensure that transformative programmes are designed and governed with appropriate rigour from the outset. At Suntory Group and Xoserve, I led enterprise-wide security transformation programmes within organisations undergoing significant digital change, balancing transformation ambition with the governance and compliance obligations that complex, regulated organisations carry.

AI governance is an increasingly significant and poorly understood dimension of this work. As organisations adopt AI at scale, the governance, risk, and compliance questions are evolving faster than most boards are prepared for. I help boards and leadership teams develop AI governance frameworks that are proportionate, defensible, and aligned with rapidly emerging regulatory expectations from the FCA, ICO, and their international equivalents.

Regulatory compliance in cybersecurity and technology is not a checklist exercise. The organisations that manage it well treat it as a live governance discipline, maintaining a current understanding of the regulatory landscape, making proactive decisions about how to meet obligations, and building relationships with regulators that go beyond reactive responses to enforcement action.

Former advisory appointments with the FCA's ISCCG and the NCSC provide a deep understanding of how regulators think about cybersecurity risk, what good practice looks like and where the direction of travel is heading. Clients facing complex, overlapping regulatory obligations, DORA, NIS2, UK GDPR, FCA PS21/3, PCI-DSS, benefit from counsel that treats compliance as a governance discipline, not an annual audit.