Cyber security in the language
of the boardroom

Most organisations that need a CISO cannot justify a full-time one. A Fractional CISO provides the board with a named, accountable individual who owns the cyber risk agenda — attending relevant board and risk committee meetings, setting and maintaining the cyber strategy, and ensuring the organisation's security posture is appropriate to its risk profile and regulatory environment.

As ongoing adviser I work across the full security landscape — endpoint protection, threat intelligence, SOC management, security awareness, identity, and access management — translating the technical picture into board-level risk language on a regular cadence.

The board cannot rely solely on management's assessment of cyber risk — particularly where the people responsible for security are also the people reporting on it. Independent cyber assurance provides the board with a second opinion: an honest, external view of the organisation's actual security posture, its gap to relevant frameworks, and the materiality of its exposure.

As independent reviewer I assess cyber risk from the board's perspective — covering regulatory exposure, supply chain risk, incident response capability, and the adequacy of the security investment being made. Extensive experience in regulated and classified environments.

When cyber incidents happen — and they do — the organisation needs someone who has been in the room before. I have led the response to DDoS attacks from state actors, and major operational incidents at critical national infrastructure. The experience of having done this at scale, under genuine pressure, is not something that can be replicated in a tabletop exercise.

As delivery lead I run cyber programmes from strategy through to implementation — technology selection, vendor management, and the cultural change that makes security awareness stick. Available at short notice for urgent engagements, and previously SC-Cleared.