EMEA & Ireland · DORA · NIS2 · EU AI Act · ISO 42001 · SOC / SIEM Implementation
CISSP · CISM · CRISC · CCSP · Azure Solutions Architect Expert · 13 Certifications Total

Technical execution. Evidence that holds.

27 years of hands-on SOC builds, SIEM configurations, KQL detection engineering, AI architecture, and regulatory audit production. 85 MITRE-mapped detection rules deployed. MTTD reduced 36 hrs → 18 min. Zero breaches over 4 years across all mandates.

Microsoft Sentinel KQL Detection Rules Azure OpenAI / GPT-4o Splunk RBA CyberArk PAM Azure Defender Wireshark / Burp Suite MITRE ATT&CK — 85 Rules CAF A-D ISO 27001 · DORA · NIS2 Terraform / AKS Semantic Kernel / LangChain
27 Years Technical Delivery
13 Active Certifications
85 MITRE Detection Rules
60+ Log Sources Integrated
30+ Regulatory Frameworks
0 Breaches Under Mandate
Hands-On Tools

Technical Stack Mastery

Proven expertise across industry-leading SIEM, EDR, threat hunting, and compliance platforms. Tool-level operational delivery, not consultancy theory.

Microsoft Sentinel

85 MITRE-mapped detection rules deployed. 60+ log sources integrated. MTTD reduced from 36 hrs → 18 min. MTTR improved 73%. Logic Apps SOAR playbooks for automated containment and ticketing.

85 Detection Rules 60+ Log Sources SOAR Playbooks MTTD: 36hr → 18min

Splunk SIEM & RBA

Risk-Based Alerting configuration reducing false positives from 500+/day to 12/day (98% noise reduction). SPL correlation rules, custom dashboards, and DORA-aligned detection workflows.

Risk-Based Alerting 98% FP Reduction DORA Compliance

Azure Defender & MDE

Defender for Endpoint hardening across enterprise estates. Defender for Cloud CSPM, threat analytics integration, and automated investigation across hybrid Azure environments.

CSPM Configuration Threat Analytics MDE Hardening

KQL (Kusto Query Language)

85 production detection rules covering brute force, lateral movement (PtH/PtT), privilege escalation, data exfiltration anomalies, and C2 beacon detection. Operational at enterprise scale.

85 Production Rules Lateral Movement Anomaly Baselines

CyberArk PAM

Privileged Access Management deployment reducing access incidents by 84%. Vault implementation, CPM/PVWA configuration, PSM session recording, and Azure PIM integration for JIT access.

84% Incident Reduction Azure PIM / JIT Session Recording

Wireshark & Burp Suite Pro

Packet-level forensics for incident response, protocol dissection, C2 traffic identification. Burp Suite Pro for OWASP Top 10 assessments and API security validation across enterprise applications.

Packet Forensics OWASP Top 10 API Security Testing

Network Security Platforms

Hands-on delivery across Cisco (CCNA Security certified), Juniper (JNCIS-FWV certified), Checkpoint (CCSE certified), Palo Alto NGFW, F5 BIG-IP, and PKI/VPN/IPSec infrastructure.

Cisco / Juniper Checkpoint / Palo Alto F5 BIG-IP / PKI

MITRE ATT&CK & Nessus

85 detection rules mapped across 11 MITRE ATT&CK tactics. Purple team exercise design, threat modelling, detection gap analysis. Nessus / Qualys for vulnerability scanning and compliance-driven remediation.

85 Rules / 11 Tactics Purple Team Vuln Scanning
Detection Infrastructure

SOC Lab Architecture

Blueprint for enterprise-grade SOC deployment: Azure Sentinel workspace with integrated detection, response, and automation tiers.

┌─────────────────────────────────────────────────────┐ │ AZURE SENTINEL WORKSPACE │ │ ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │ │ │ Azure AD │ │Defender │ │ 3rd Party Logs │ │ │ │ Logs │ │Endpoint │ │ (Syslog, CEF) │ │ │ └────┬─────┘ └────┬─────┘ └────────┬─────────┘ │ │ └─────────────┼─────────────────┘ │ │ ┌──────▼──────┐ │ │ │ Log Ingest │ │ │ │ & Parse │ │ │ └──────┬──────┘ │ │ ┌───────────┼───────────┐ │ │ ┌────▼───┐ ┌────▼───┐ ┌───▼────┐ │ │ │ KQL │ │Analytic│ │Hunting │ │ │ │Queries │ │ Rules │ │Queries │ │ │ └────┬───┘ └────┬───┘ └───┬────┘ │ │ └───────────┼──────────┘ │ │ ┌────▼────┐ │ │ │Incidents│ │ │ │& Alerts │ │ │ └────┬────┘ │ │ ┌─────────┼────────┐ │ │ ┌────▼──┐ ┌───▼────┐ ┌▼──────────┐ │ │ │Playbok│ │Workbook│ │ Automation │ │ │ │Triage │ │Reports │ │ Response │ │ │ └───────┘ └────────┘ └────────────┘ │ └─────────────────────────────────────────────────────┘

Log Sources (60+)

  • Azure AD & Entra Sign-in Logs
  • Defender for Endpoint / M365
  • Network Flows, Proxies, DNS
  • Syslog, CEF & Custom Connectors
  • Office 365 Audit Logs
  • Cisco / Juniper / Palo Alto feeds
  • CyberArk & PAM audit trails
  • SAP, Salesforce & SaaS sources

Detection Engineering

  • 85 MITRE-mapped KQL rules
  • Brute force & credential stuffing
  • Lateral movement (PtH / PtT)
  • C2 beacon identification
  • Data exfiltration anomalies
  • Privilege escalation (4720/4728)
  • MTTD: 36 hrs → 18 min
  • MTTR improved 73%

Response & Automation

  • Logic Apps playbooks
  • Auto-blocking & quarantine
  • SOAR integration
  • Ticket auto-creation
  • Escalation workflows
  • Evidence preservation
Detection Rules

KQL Detection Engineering

Production-grade Kusto queries deployed across Microsoft Sentinel for real-time threat detection and incident response.

Brute Force Login Detection

Authentication 
// Brute Force Login Detection
SigninLogs
| where TimeGenerated > ago(1h)
| where ResultType !in ("0", "50125", "50140")
| summarize FailedAttempts = count(),
            DistinctIPs = dcount(IPAddress)
            by UserPrincipalName, bin(TimeGenerated, 5m)
| where FailedAttempts > 10
| extend RiskLevel = iff(FailedAttempts > 50,
  "HIGH", "MEDIUM")
| project TimeGenerated, UserPrincipalName,
          FailedAttempts, DistinctIPs, RiskLevel

Lateral Movement via Pass-the-Hash

Persistence 
// Lateral Movement via PTH
SecurityEvent
| where EventID == 4624
| where LogonType == 3
| where AuthenticationPackageName == "NTLM"
| where WorkstationName != ComputerName
| summarize Hops = dcount(Computer),
            Targets = make_set(Computer)
            by SubjectUserName, IpAddress
| where Hops > 3
| extend ThreatScore = Hops * 10
| project SubjectUserName, IpAddress,
          Hops, Targets, ThreatScore

Anomalous Data Upload Detection

Exfiltration 
// Anomalous Data Upload
AzureNetworkAnalytics_CL
| where TimeGenerated > ago(24h)
| where FlowDirection_s == "O"
| summarize TotalBytes =
  sum(BytesSentToInternet_d)
  by SrcIP_s, bin(TimeGenerated, 1h)
| where TotalBytes > 100000000
| join kind=leftouter (
    DeviceNetworkEvents
    | where ActionType == "ConnectionSuccess"
  ) on $left.SrcIP_s == $right.LocalIP
| project SrcIP_s, TimeGenerated, TotalBytes

Privilege Escalation Attempt

Escalation 
// Privilege Escalation Detection
SecurityEvent
| where EventID in (4720, 4722, 4728, 4732)
| where SubjectUserName !in ("SYSTEM", "root")
| summarize EscalationCount = count(),
            TargetAccounts = make_set(
              TargetUserName)
            by SubjectUserName, Computer
| where EscalationCount > 5
| extend AlertSeverity = "High"
| project SubjectUserName, Computer,
          EscalationCount, TargetAccounts
Regulatory Delivery

Audit & Compliance Execution

Evidence production at scale. CAF A-D scoring matrices, ISO 27001 control mapping, and NIS submissions accepted on first presentation.

CAF A-D Evidence Production

Produced IGP scoring matrices, evidence packs, control mapping documents, and gap analysis reports for all 4 CAF objectives: A (Governance), B (Protect), C (Detect), D (Respond & Recover). Delivered to NCSC-reporting regulators.

Governance (A) Protect (B) Detect (C) Respond (D) First Pass Zero Findings

ISO 27001 → CAF Control Mapping

Cross-mapped ISO 27001 Annex A controls to CAF objectives, producing control equivalence matrices that eliminated duplicate assessment effort and reduced compliance overhead by ~40%.

14 Control Groups Equivalence Matrix 40% Overhead Reduction No Rework

NIS Regulatory Submissions

Produced end-to-end NIS submissions for Operators of Essential Services across energy and finance. All submissions accepted by sector regulator on first presentation. Zero remediation demands.

Energy Sector Finance Sector 100% First Pass Zero Remediation
Emerging Threats

AI + Cyber Security

As the threat surface expands into AI-generated phishing, LLM exploitation, and model poisoning attacks, your security architecture must evolve. 27 years of cyber delivery meets 2026's AI threat landscape.

LLM Security & Prompt Injection Defence

Azure OpenAI (GPT-4o) secure deployment, adversarial prompt testing, jailbreak detection, output sanitisation. OWASP LLM Top 10 assessment. ISO 42001 AI management system implementation (in progress). AI model sandboxing and guardrail architecture.

Azure OpenAI GPT-4o OWASP LLM Top 10 ISO 42001 Guardrail Architecture

AI-Driven SIEM & RAG Architecture

Azure ML anomaly detection integrated with Sentinel. RAG pipelines using Azure Document Intelligence + LangChain + Semantic Kernel processing 2.5M+ documents/year at 94–96% accuracy. 12M+ API calls/month at <200ms p95 latency.

Azure Document Intelligence Semantic Kernel LangChain / RAG 2.5M docs/year

AI Governance & Model Risk

EU AI Act Article 9 risk management. ISO 42001 AI management system. Model inventory, bias testing, and transparency documentation. Azure AI Engineer Associate certified. AI incident classification under DORA, NIS2, and EU AI Act reporting obligations.

EU AI Act Art. 9 ISO 42001 Azure AI Engineer Cert DORA / NIS2
Threat Framework

MITRE ATT&CK Coverage Map

Detection and response coverage across MITRE ATT&CK tactics. Mapped techniques inform SOC detection strategy and purple team exercise design.

85 detection rules deployed across 11 MITRE ATT&CK tactics. Figures represent technique sub-coverage within each tactic category, as measured against the full MITRE ATT&CK Enterprise matrix.

Reconnaissance
72%
Initial Access
88%
Execution
64%
Persistence
78%
Privilege Escalation
85%
Defense Evasion
68%
Credential Access
93%
Lateral Movement
82%
Collection
61%
Exfiltration
84%
Impact
73%
Measurable Results

Quantified Delivery Impact

Every engagement produces documented, auditable results. Numbers from real deployments — not estimates.

SOC & SIEM Performance

36 hrs → 18 min
MTTD improvement — Sentinel deployment
−73%
MTTR reduction post-SOAR playbook deployment
500+ → 12
Daily false positives after Splunk RBA tuning
11 weeks
Full SOC deployed from zero to operational

Security & Compliance

−84%
Privileged access incidents after CyberArk PAM
−73%
Attack surface reduction via Zero Trust (40+ migrations)
4 × SOX
Consecutive external audits, zero material weaknesses
8 × PCI
PCI-DSS Level 1 maintained across 8 annual audits

Cloud & AI Engineering

€480K/yr
Cloud cost savings — 34% infrastructure reduction
2.5M+
Documents/year processed at 94–96% accuracy
12M+
API calls/month at <200ms p95 latency
0
Security breaches across 4-year Zero Trust mandate
Infrastructure Engineering

Cloud, DevOps & Data Architecture

Full-stack cloud architecture delivery. Security controls embedded at infrastructure layer, not retrofitted. Azure Expert certified.

Azure Cloud Architecture

Hub-Spoke network topology design, AKS/Kubernetes cluster hardening, Azure Functions serverless, Logic Apps SOAR integration, and private endpoint security across multi-region deployments. €480K/year cost optimisation delivered.

Azure Solutions Architect Expert AKS / Kubernetes Hub-Spoke / Private Endpoints Azure Functions

DevSecOps & IaC

Terraform and ARM/Bicep for infrastructure-as-code. Azure DevOps and GitHub Actions CI/CD pipelines with integrated SAST/DAST gates. Docker, Helm, and GitOps deployment patterns. Blue-Green and canary release strategies.

Terraform / ARM / Bicep Azure DevOps / GitHub Actions Docker / Helm / GitOps SAST / DAST Gates

Data & Backend Engineering

.NET Core 8 (C#) and Python (FastAPI/Flask/Django) backend systems. Azure Synapse Analytics, Databricks (Apache Spark, Delta Lake), Data Factory pipelines, Cosmos DB, MongoDB, and Redis for enterprise-scale data platforms.

.NET Core 8 / Python Azure Synapse / Databricks Cosmos DB / Redis Apache Spark / Delta Lake
Validated Expertise

13 Active Certifications

Certifications spanning security governance, cloud architecture, AI engineering, and network infrastructure — all active, all examined, not honorary.

ISACA / (ISC)²

CISSP

Certified Information Systems Security Professional — (ISC)². The global gold standard for senior information security practitioners.

Governance & Risk
ISACA

CISM

Certified Information Security Manager — ISACA. Information security governance, risk management, and program development.

Security Management
ISACA

CRISC

Certified in Risk and Information Systems Control — ISACA. Enterprise risk management, IT risk identification, and control implementation.

Risk & Control
(ISC)²

CCSP

Certified Cloud Security Professional — (ISC)². Cloud data security, platform architecture, and compliance across multi-cloud environments.

Cloud Security
Microsoft

Azure Solutions Architect Expert

AZ-305. Advanced cloud architecture, hybrid networking, identity, storage, and security across Azure enterprise platforms.

Azure Expert
Microsoft

Azure Security Engineer Associate

AZ-500. Azure security controls, identity protection, platform security, data and application security implementation.

Azure Security
Microsoft

Azure AI Engineer Associate

AI-102. Azure Cognitive Services, Azure OpenAI, Document Intelligence, and responsible AI implementation for enterprise workloads.

AI Engineering
Microsoft

Azure Administrator Associate

AZ-104. Azure infrastructure administration, virtual networking, compute, storage, and identity management at enterprise scale.

Azure Admin
Checkpoint

CCSE — Checkpoint

Checkpoint Certified Security Expert. Next-generation firewall policy, VPN configuration, and advanced threat prevention on Checkpoint platforms.

Network Security
Juniper Networks

JNCIS-FWV — Juniper

Juniper Networks Certified Specialist – Firewall/VPN. Juniper firewall and VPN configuration, policy management, and network security architecture.

Network Security
Cisco

CCNA Security

Cisco Certified Network Associate Security. Cisco firewall, IPS, VPN, and network infrastructure hardening across enterprise Cisco environments.

Network Security
ISO / IEC

ISO 27001 Lead Implementer & Lead Auditor

Dual certification: ISMS design and implementation (Lead Implementer) and third-party ISMS audit and certification (Lead Auditor). BSI certified.

ISO 27001 Lead Auditor
In Progress — 2026

ISO 42001 — AI Management System Lead Implementer

The world's first AI management system standard. Implementing Article 9-aligned risk frameworks for AI system governance, bias testing, transparency obligations, and incident reporting under EU AI Act.

AI Governance

See the governance infrastructure behind the detection work

Behind every detection rule sits an audit trail. Behind every SOC operation sits a governance mandate. Behind every regulatory submission sits engineering rigour.

View Regulatory Delivery Engage Directly
>
Full-Spectrum Capability

Skills & Competencies

27 years of hands-on delivery across technical security architecture, enterprise leadership, regulatory governance, and academic research — extracted from 191 published doctrines and 171 specialist papers.

Technical Skills

SIEM · Detection · SOC
Microsoft SentinelSplunkArcSight ESMQRadarLogRhythmRSA EnvisionSOARKQLSPLSIEM ArchitectureLog AnalysisLog ManagementSecurity AnalyticsUser Behaviour Analytics (UBA)Threat DetectionThreat HuntingThreat Intelligence
IAM · PAM · Zero Trust
CyberArk PAMIdentity & Access Management (IAM)OktaAzure AD / EntraActive DirectoryPing IdentityPrivileged Access ManagementMFASSO · SAML · OAuthLDAPIdentity LifecycleZero TrustAzure PIM / JIT
Cloud Security
AzureAWSGCPAzure DefenderCloud Security ArchitectureCSPMContainer SecurityKubernetesDockerTerraformAnsibleJenkinsDevSecOpsInfrastructure as Code (IaC)ZscalerAkamai CDN
Network & Perimeter Security
Checkpoint CCSEPalo Alto NetworksCisco ASA / CCNAJuniper JNCIS-FWVFortinetFirewall ManagementIDS / IPSWAFVPN · IPSec · SSLDDoS MitigationF5 BIG-IPProxy (Bluecoat · Zscaler · Websense)TCP/IP · BGP · OSPFVLANPKI
Endpoint · EDR · DLP
CrowdStrikeMicrosoft Defender (MDE)SentinelOneCarbon BlackMcAfee EPOSymantecEndpoint Detection & Response (EDR)Data Loss Prevention (DLP)Mobile Device Management (MDM)BYOD SecurityAnti-Malware
Frameworks · Compliance · Governance
NIST CSFISO 27001MITRE ATT&CKNCSC CAFECAF (Ofgem)UK NIS RegulationsDORANIS2GDPR · UK GDPRPCI DSSSOX · SAS 70COBITITILOWASPCIS ControlsArcher eGRC
Vulnerability & Penetration Testing
QualysTenable NessusFoundstoneBurp Suite ProNmapWiresharkVulnerability ManagementPenetration TestingThreat ModellingAttack Surface Management
Scripting · Automation · AI
PythonTerraformAnsiblePowerShellKQLSQLJavaScriptAzure OpenAI / GPT-4oSemantic KernelLangChainAI Security Architecture
Agentic AI · LLM · AI Security
Agentic AI SecurityLLM Security & Red-TeamingAI Governance ArchitectureAI Pipeline EngineeringAI Risk GovernanceRAG ArchitectureAzure OpenAI / GPT-4oMLSecOpsAdversarial AI DetectionKnowledge Graph / HyperedgeResponsible AI & AI Ethics
Post-Quantum · Cryptography
Post-Quantum Cryptography (PQC)Quantum-Proof Identity ArchitectureCryptographic AgilityKey Management Infrastructure
Offensive Security · Red / Purple Team
Red Team OperationsPurple Team MethodologyTIBER-EU / DORA TLPTAdversary SimulationExploit Development & Zero-Day ResearchAPI Security Testing (REST / GraphQL / gRPC)Cloud & Container Penetration TestingInfrastructure & Active Directory Penetration TestingContinuous Security ValidationBreach & Attack Simulation (BAS)
Identity Governance · Advanced IAM
Saviynt IGAIdentity Governance & Administration (IGA)Just-In-Time (JIT) AccessZero-Standing Privilege (ZSP)RBAC / ABAC Policy EngineeringJoiner-Mover-Leaver (JML) AutomationNon-Human Identity GovernanceMachine Identity ManagementAntifragile Identity Architecture
OT · Aviation · Critical Infrastructure
OT / IT Convergence SecurityAviation Network SecuritySCADA / ICS SecurityAirside / Landside SegregationZero Trust for OT EnvironmentsPhysical-Cyber ConvergenceHigh Availability & DR Engineering (sub-second failover)
Network Architecture · Advanced
Cisco ACI (Micro-Segmentation)Citrix NetScaler (WAF / SSL Offload)Network Segmentation DesignDetection EngineeringBGP / OSPF RoutingSD-WAN Architecture
Cloud Governance · Sovereign Cloud
Microsoft MCRAAzure Landing ZonesCloud-Native SecurityCloud Governance at ScaleSovereign Cloud StrategyData Residency & SovereigntySaudi NCA / ECC ComplianceMulti-Jurisdictional Cloud Compliance
Product Security · Supply Chain
Product Security (CRA / NIS2)SBOM ManagementSecure-by-Design EngineeringSupply Chain Risk ManagementInstitutionalising Product SecurityFiduciary Cyber Liability Management
Scripting · APIs · Integration
REST API DevelopmentGraphQLgRPCPython AutomationInfrastructure-as-Code (IaC) SecurityCI/CD Security PipelineSOAR Playbook Engineering
Risk Quantification · GRC Advanced
FAIR Risk QuantificationEU AI Act ComplianceGDPR / UK GDPR ImplementationCRA (Cyber Resilience Act)TIBER-EU FrameworkRegulatory Gap AnalysisMulti-Framework GRC Integration
Enterprise IAM · PAM Platform Stack
SailPoint IdentityIQSailPoint IdentityNowCyberArk ConjurBeyondTrust PAMThycotic / DelineaForgeRockHashiCorp VaultBroadcom CA SiteMinderDuo · RSA SecurID · YubiKeyAccess Certification CampaignsRole Mining & RBAC DesignSOD Conflict Detection
SIEM · SOAR · NDR Platform Ecosystem
Splunk ESLogPointCortex XSOARPhantom / DemistoMISPThreatConnectRecorded FutureDarktrace NDRVectra NDRExtraHopSnort / SuricataCisco Firepower
AppSec · DevSecOps Toolchain
Checkmarx SASTSonarQubeMicro Focus FortifyOWASP ZAPSnyk SCABlack DuckAqua · Twistlock · TrivyPrisma CloudTerraform Sentinel · CheckovSTRIDE / PASTA Threat ModellingShift-Left Security PracticesSecurity Champions Programme
OT/ICS · Industrial Control Security
ClarotyNozomi NetworksDragosTenable OTIEC 62443Industrial Protocol SecurityOT Asset Discovery & Inventory
Data Governance · Privacy Engineering
Symantec DLPForcepoint DLPBoldon James ClassificationTitus ClassificationOneTrustTrustArcBigIDAWS Macie · Azure PurviewDPIA DeliveryRecords of Processing Activities
Generative AI · LLM · Agentic Stack
Azure AI FoundryAzure AI Document IntelligenceAzure AI SpeechAzure AI SearchAzure AI TranslatorAWS BedrockGCP Vertex AIGoogle Gemini APIVertex AI Agent Development KitChatGPT EnterpriseClaude Enterprise (Anthropic)Microsoft Copilot StudioSalesforce AgentforceSalesforce EinsteinLangGraphLlamaIndexAutoGenCrewAIMulti-Agent A2A OrchestrationPinecone Vector DBWeaviateChromaDBpgvector
GPU Infrastructure · AI Data Centre
NVIDIA DGX / HGXNVIDIA MetropolisNVIDIA OmniverseNVIDIA CUDAInfiniBand FabricRoCE v2OpenUSDGPU Cluster ArchitectureHigh-Performance ComputingEdge AI Deployment
MLOps · AI Platform Engineering
Azure Machine LearningAWS SageMakerDatabricks LakehouseDelta LakeSynapse AnalyticsBigQuery MLMLflowKubeflowPyTorchTensorFlowONNX RuntimeSHAP / LIME ExplainabilityModel Drift MonitoringFeature Store Engineering
AI Security · Responsible AI
Prompt Injection DefenceAI Red TeamingOWASP Top 10 for LLMGuardrails AINIST AI RMFISO 42001 AI Management
DevOps Automation · Modern Productivity
Power Automaten8n Workflow AutomationZapierGitHub ActionsAzure DevOps PipelinesHelmGitOps / ArgoCD
Zero Trust · Modern Access
Conditional AccessPrisma Access SASE
Regulatory Frameworks & Standards
NIS2 Transposition AnalysisDORA Supervisory ReviewDORA Article 28 OversightEU AI Act Article 6 AssessmentEU AI Act High-Risk RegistryCRA Vulnerability ReportingUK Cyber Security & Resilience BillData (Use and Access) Act 2025Online Safety Act CompliancePSTI Act EnforcementAI Safety Institute EngagementDigital Services ActDigital Markets Act
International Standards Portfolio
ISO 27001:2022 TransitionISO 27017 Cloud SecurityISO 27018 PII ProcessingISO 27701 PrivacyISO 22301 BCMSISO 31000 RiskISO 9001 QMSNIST CSF 2.0NIST 800-53 Rev 5NIST 800-171COBIT 2019COSO ERMITIL v4TOGAF 10SABSA Enterprise Security Architecture
Threat-Led Testing & Assurance
TLPT Threat-Led PenetrationCBESTSTAR-FSiCASTMITRE D3FENDSLSA Frameworkin-toto Attestations
Policy-as-Code & Continuous Compliance
Policy as Code (OPA / Rego)Regulation as CodeControl Mapping AutomationContinuous Control MonitoringEvidence Chain Management
Institutional Doctrine Concepts
Board-Survivable Cyber ArchitectureAudit-Proof by DesignLitigation-Grade SecurityDefensible CISO DoctrineSovereign CISO DoctrineSovereign AI FrameworkIdentity Control PlaneIdentity Hegemony DoctrineIdentity Moat ArchitectureTrust Architecture DoctrineInstitutional Cyber Doctrine
Detection & Response Stack
NDR — Network Detection & ResponseXDR — Extended Detection & ResponseMDR — Managed Detection & ResponseSSE — Security Service EdgeDetection EngineeringDetection as CodeSigma RulesYARA RulesDeception TechnologyThreat Hunting Programme
Cloud Security Posture Stack
CSPM — Cloud Security Posture ManagementCWPP — Cloud Workload ProtectionCIEM — Cloud Infrastructure Entitlement MgmtCNAPP — Cloud-Native App ProtectionDSPM — Data Security Posture ManagementSSPM — SaaS Security Posture Management
Microsoft Defender & EDR Ecosystem
Defender for CloudDefender for EndpointDefender for IdentityDefender for Office 365CrowdStrike FalconSentinelOne
Passwordless & Modern Authentication
PasskeysFIDO2WebAuthnPasswordless AuthenticationMFA Fatigue ResistanceBreak-Glass Access ProceduresTier 0 Asset Protection
Advanced Cryptography & Confidential Compute
Homomorphic EncryptionConfidential ComputingSecure EnclavesZero-Knowledge ProofsHSM — Hardware Security ModulesKey Management (BYOK / HYOK)Crypto Agility
Service Mesh & Cloud-Native Security
IstioEnvoy ProxyLinkerdSPIFFE / SPIRE Workload IdentityOpen Policy Agent (OPA)Falco Runtime SecurityWiz Cloud SecuritySnykAqua Security
Observability Stack
PrometheusGrafanaOpenTelemetryElastic Stack / OpenSearchDatadogDynatrace

Business & Leadership Skills

Strategic PlanningEnterprise ArchitectureGovernance & ComplianceRisk ManagementRisk AssessmentRisk MitigationRegulatory ComplianceSecurity AuditIT AuditSolutions ArchitectureProject ManagementProgramme DeliveryChange ManagementStakeholder ManagementBudget Management ($20M+)Business Continuity (BCP)Disaster Recovery (DRP)Incident ManagementVendor ManagementContract NegotiationConsultingBusiness AnalysisDigital TransformationAgile · Prince2 · WaterfallIT Service ManagementConfiguration ManagementFramework DevelopmentSecurity Awareness TrainingBoard-Level ReportingExecutive Stakeholder Engagement
CISO Leadership · Executive Delivery
Interim CISO (Delivery-Focussed)CISO AdvisorySecurity Transformation (Cost Centre → Trust Officer)Crisis Command & Zero-Hour Protocol90-Day Board Confidence RoadmapBoard-Level Liability Management
Financial & Legal Services
M&A Cyber Due DiligencePE Portfolio Cyber Risk AssessmentExpert Witness (Legal & Regulatory)FAIR-AIR Risk QuantificationCyber Insurance AdvisoryRegulatory Enforcement ResponseSovereign Banking Security Architecture
Regulatory Programme Delivery
Cross-Jurisdictional Regulatory ExpertiseDORA Programme DeliveryNIS2 Implementation ProgrammeEU AI Act Readiness AssessmentRegulatory Audit SupportCompliance-to-Competitive Advantage Strategy
Chartered Certifications & Standards
CISSPCISMCRISCCCSPISO 27001 Lead AuditorSABSA Chartered Security ArchitectTOGAF 9 CertifiedCyberArk CDEAWS Certified Security – SpecialtyMicrosoft SC-100 Cybersecurity ArchitectCisco CCNA Security
Extended Regulatory & Sector Compliance
HIPAAGLBAPCI-DSS v4.0
Advanced Certifications (Extensions)
ISO 27001 Lead ImplementerBSI / IRCA CertifiedCCSKCSA STAR
Supervisory Authorities & Regulators
ICO (UK)DPC (Ireland)OfcomComRegCCPCEBAESMAEIOPAECBENISADSIT (UK)OPSS (UK)HM TreasuryCentral Bank of Ireland
Governance & Risk Programmes
Third-Party Risk Management (TPRM)ICT Third-Party OversightDigital Operational ResilienceRegulatory Horizon ScanningMulti-Jurisdictional ComplianceCross-Border Data FlowsRegulatory Remediation ProgrammeBoard Cyber ReportingAudit Committee ReportingRisk Appetite StatementRegulatory Change ManagementPolicy Harmonisation
GRC Platform Expertise
ServiceNow GRCMetricStreamLogicGate
AI Governance & Assurance
AI Conformity AssessmentAI Impact AssessmentAI Bill of Materials (AIBOM)AI Incident RegisterAgentic AI GovernanceAI Pilot Governance Framework
Incident Reporting Obligations
4-Hour DORA Incident Reporting24-Hour NIS2 Early Warning72-Hour GDPR Breach NotificationRegulatory Reporting AutomationSignificant Incident Classification
Privacy & Cross-Border Transfers
ROPA Records of ProcessingSchrems II / TIAStandard Contractual Clauses (SCC)Binding Corporate Rules (BCR)EU-US Data Privacy Framework
MENA & Sovereign Regulatory Frameworks
Saudi NCA ECCSaudi NCA CAFSaudi SAMA CSFSaudi PDPLUAE NESAUAE IA StandardQatar NIAKuwait NCABahrain NCSC

Personal & Professional Attributes

Executive PresenceLeadershipStakeholder EngagementCommunicationWritten CommunicationCollaborationInnovationIntegrityResilienceDriveOrganisation
Sector & Domain Expertise
Critical National Infrastructure (CNI)Aviation Sector (Airside / ATC)Financial Services (21 yrs)Government & Public Sector AIHealthcare & Regulated EnvironmentsLegal / Judicial Sector
Academic & Thought Leadership
Academic Research & Publication (191 papers)Doctrine Writing & Framework DesignProfessor of Practice (Schiphol University)Honorary Senior Lecturer (Imperial College London)Big 4 Consulting (Deloitte · PwC · EY · KPMG)Keynote & Board Presentation
Professional Memberships & Industry Awards
Lead Auditor, Information Security Forum (ISF)Platinum Member, ISACA London ChapterGold Member, (ISC)² London ChapterProgramme Lead, PRMIA Cyber SecurityMember, Cyber Defence TaskforceResearcher, University College London (UCL)Excellence in Education Award — Imperial CollegeCircle of Excellence Award — KPMGHigh Flyers Award — Ernst & YoungSuper Coach Award — PwC France
Academic Distinctions & Clearances
MSc Information Security — UCLMBA Strategic Management & Technology LeadershipBEng University Gold MedallistHonorary Doctorate in LiteratureTop Teacher AwardBPSS EligibleSC / DV Clearance EligibleUK Parliament Cyber Security Committee