I provide security architecture and assurance services across government, financial services, and regulated enterprise environments. My focus is on delivering secure, compliant, and operationally sustainable outcomes aligned with frameworks such as the Information Security Manual (ISM), Essential Eight, Protective Security Policy Framework (PSPF), ISO/IEC 27001, and the NIST Cybersecurity Framework.
Core Capabilities
- Security Architecture & Secure-by-Design
Design and review of security architectures across cloud, on-premises, and hybrid environments, ensuring alignment with business objectives, regulatory requirements, and secure-by-design principles. - Cyber Risk & Assurance
Delivery of risk assessments, control validation, and assurance activities aligned with ISM, PSPF, Essential Eight, ISO 27001, and NIST, with a strong focus on audit readiness and defensible outcomes. - Cloud Security (Azure, AWS, Hybrid)
Secure design and assessment of cloud environments, including landing zones, identity models, network security, and control implementation across Azure and AWS platforms. - Identity & Access Management (IAM / CIAM)
Design and implementation of identity architectures, including privileged access management, federation, and customer identity solutions, ensuring strong authentication, authorisation, and governance. - Vulnerability & Threat Management
Establishment and uplift of vulnerability management practices, including tooling optimisation, prioritisation models, and integration with operational and risk frameworks. - Security Uplift & Maturity Improvement
Development and delivery of cyber uplift programs, including Essential Eight maturity improvements, control remediation, and capability enhancement across complex environments. - Security Governance & Framework Alignment
Alignment of security controls and processes with regulatory and organisational frameworks, ensuring consistency, traceability, and effective governance.
What I Deliver
- Security architecture and solution designs aligned with regulatory and business requirements
- Security risk assessments, threat modelling, and control design
- Security Risk Management Plans (SRMP), System Security Plans (SSP), and accreditation artefacts
- Uplift roadmaps and prioritised remediation plans
- Operationalisation of controls, including monitoring, alerting, and ownership models
- Integration of security capabilities with SIEM, logging, and governance processes
- Stakeholder engagement across technical teams, executives, and external parties
Approach
My approach is governance-driven and outcome-focused, ensuring that security controls are not only designed effectively but are embedded into operational processes with clear ownership, measurable outcomes, and audit-defensible evidence. I focus on bridging the gap between policy and implementation, enabling organisations to move beyond theoretical compliance towards a resilient and sustainable security posture.
Engagement Model
I provide flexible engagement models tailored to organisational needs, including advisory, architecture design, assurance, and uplift delivery. This includes working closely with internal teams and external stakeholders to ensure alignment, transparency, and successful outcomes across all stages of delivery.