CISSP · CISM · CRISC · CCSP · Azure Solutions Architect Expert · 13 Certifications Total
Technical execution. Evidence that holds.
27 years of hands-on SOC builds, SIEM configurations, KQL detection engineering, AI architecture, and regulatory audit production. 85 MITRE-mapped detection rules deployed. MTTD reduced 36 hrs → 18 min. Zero breaches over 4 years across all mandates.
27
Years Delivery
13
Active Certs
85
MITRE Rules
60+
Log Sources
30+
Frameworks
0
Breaches
Measurable Results
Quantified Delivery Impact
Every engagement produces documented, auditable results. Numbers from real deployments — not estimates.
SOC & SIEM Performance
36 hrs → 18 min
MTTD improvement — Sentinel deployment
−73%
MTTR reduction post-SOAR playbook deployment
500+ → 12
Daily false positives after Splunk RBA tuning
11 weeks
Full SOC deployed from zero to operational
Security & Compliance
−84%
Privileged access incidents after CyberArk PAM
−73%
Attack surface reduction via Zero Trust (40+ migrations)
4 × SOX
Consecutive external audits, zero material weaknesses
8 × PCI
PCI-DSS Level 1 maintained across 8 annual audits
Cloud & AI Engineering
€480K/yr
Cloud cost savings — 34% infrastructure reduction
2.5M+
Documents/year processed at 94–96% accuracy
12M+
API calls/month at <200ms p95 latency
0
Security breaches across 4-year Zero Trust mandate
Threat Framework
MITRE ATT&CK Coverage Map
Detection and response coverage across MITRE ATT&CK tactics. Mapped techniques inform SOC detection strategy and purple team exercise design.
85 detection rules deployed across 11 MITRE ATT&CK tactics. Figures represent technique sub-coverage within each tactic category, as measured against the full MITRE ATT&CK Enterprise matrix.
85%+3 tactics — strong
70-84%5 tactics — solid
<70%3 tactics — uplift
77%avg coverage
Reconnaissance
72%
Initial Access
88%
Execution
64%
Persistence
78%
Privilege Escalation
85%
Defense Evasion
68%
Credential Access
93%
Lateral Movement
82%
Collection
61%
Exfiltration
84%
Impact
73%
Detection Rules
KQL Detection Engineering
Production-grade Kusto queries deployed across Microsoft Sentinel for real-time threat detection and incident response.
Brute Force Login Detection
Authentication// Brute Force Login Detection
SigninLogs
| where TimeGenerated > ago(1h)
| where ResultType !in ("0", "50125", "50140")
| summarize FailedAttempts = count(),
DistinctIPs = dcount(IPAddress)
by UserPrincipalName, bin(TimeGenerated, 5m)
| where FailedAttempts > 10
| extend RiskLevel = iff(FailedAttempts > 50,
"HIGH", "MEDIUM")
| project TimeGenerated, UserPrincipalName,
FailedAttempts, DistinctIPs, RiskLevel Lateral Movement via Pass-the-Hash
Persistence// Lateral Movement via PTH
SecurityEvent
| where EventID == 4624
| where LogonType == 3
| where AuthenticationPackageName == "NTLM"
| where WorkstationName != ComputerName
| summarize Hops = dcount(Computer),
Targets = make_set(Computer)
by SubjectUserName, IpAddress
| where Hops > 3
| extend ThreatScore = Hops * 10
| project SubjectUserName, IpAddress,
Hops, Targets, ThreatScore Anomalous Data Upload Detection
Exfiltration// Anomalous Data Upload
AzureNetworkAnalytics_CL
| where TimeGenerated > ago(24h)
| where FlowDirection_s == "O"
| summarize TotalBytes =
sum(BytesSentToInternet_d)
by SrcIP_s, bin(TimeGenerated, 1h)
| where TotalBytes > 100000000
| join kind=leftouter (
DeviceNetworkEvents
| where ActionType == "ConnectionSuccess"
) on $left.SrcIP_s == $right.LocalIP
| project SrcIP_s, TimeGenerated, TotalBytes Privilege Escalation Attempt
Escalation// Privilege Escalation Detection
SecurityEvent
| where EventID in (4720, 4722, 4728, 4732)
| where SubjectUserName !in ("SYSTEM", "root")
| summarize EscalationCount = count(),
TargetAccounts = make_set(
TargetUserName)
by SubjectUserName, Computer
| where EscalationCount > 5
| extend AlertSeverity = "High"
| project SubjectUserName, Computer,
EscalationCount, TargetAccounts Detection Infrastructure
SOC Lab Architecture
Blueprint for enterprise-grade SOC deployment: Azure Sentinel workspace with integrated detection, response, and automation tiers.
Log Sources (60+)
- Azure AD & Entra Sign-in Logs
- Defender for Endpoint / M365
- Network Flows, Proxies, DNS
- Syslog, CEF & Custom Connectors
- Office 365 Audit Logs
- Cisco / Juniper / Palo Alto feeds
- CyberArk & PAM audit trails
- SAP, Salesforce & SaaS sources
Detection Engineering
- 85 MITRE-mapped KQL rules
- Brute force & credential stuffing
- Lateral movement (PtH / PtT)
- C2 beacon identification
- Data exfiltration anomalies
- Privilege escalation (4720/4728)
- MTTD: 36 hrs → 18 min
- MTTR improved 73%
Response & Automation
- Logic Apps playbooks
- Auto-blocking & quarantine
- SOAR integration
- Ticket auto-creation
- Escalation workflows
- Evidence preservation
Regulatory Delivery
Audit & Compliance Execution
Evidence production at scale. CAF A-D scoring matrices, ISO 27001 control mapping, and NIS submissions accepted on first presentation.
CAF A-D Evidence Production
Produced IGP scoring matrices, evidence packs, control mapping documents, and gap analysis reports for all 4 CAF objectives: A (Governance), B (Protect), C (Detect), D (Respond & Recover). Delivered to NCSC-reporting regulators.
Governance (A) Protect (B) Detect (C) Respond (D) First Pass Zero Findings
ISO 27001 → CAF Control Mapping
Cross-mapped ISO 27001 Annex A controls to CAF objectives, producing control equivalence matrices that eliminated duplicate assessment effort and reduced compliance overhead by ~40%.
14 Control Groups Equivalence Matrix 40% Overhead Reduction No Rework
NIS Regulatory Submissions
Produced end-to-end NIS submissions for Operators of Essential Services across energy and finance. All submissions accepted by sector regulator on first presentation. Zero remediation demands.
Energy Sector Finance Sector 100% First Pass Zero Remediation
GovAssure CAF Self-Assessment
Advisory and delivery support for UK government departments completing GovAssure annual self-assessments against the NCSC CAF. Produced scoring matrices, evidence libraries, and gap remediation plans across all 900 CAF security principles for Cabinet Office reporting.
GovAssure NCSC CAF Cabinet Office Reporting 14 Security Principles
SOC 2 Type 2 Readiness & ISO 27005 Risk Assessments
Prepared enterprise technology vendors for SOC 2 Type 2 audit — scoping Trust Services Criteria, designing control environments, and producing evidence packages. Conducted ISO 27005:2022 scenario-based risk assessments as part of ISO 27001 ISMS implementation programmes.
SOC 2 Type 2 ISO 27005:2022 Trust Services Criteria ISMS Risk Assessment
Emerging Threats
AI + Cyber Security
As the threat surface expands into AI-generated phishing, LLM exploitation, and model poisoning attacks, your security architecture must evolve. 27 years of cyber delivery meets 2026's AI threat landscape.
LLM Security & Prompt Injection Defence
Azure OpenAI (GPT-4o) secure deployment, adversarial prompt testing, jailbreak detection, output sanitisation. OWASP LLM Top 10 assessment. ISO 42001 AI management system implementation (in progress). AI model sandboxing and guardrail architecture.
Azure OpenAI GPT-4o OWASP LLM Top 10 ISO 42001 Guardrail Architecture
AI-Driven SIEM & RAG Architecture
Azure ML anomaly detection integrated with Sentinel. RAG pipelines using Azure Document Intelligence + LangChain + Semantic Kernel processing 2.5M+ documents/year at 94–96% accuracy. 12M+ API calls/month at <200ms p95 latency.
Azure Document Intelligence Semantic Kernel LangChain / RAG 2.5M docs/year
AI Governance & Model Risk
EU AI Act Article 9 risk management. ISO 42001 AI management system. Model inventory, bias testing, and transparency documentation. Azure AI Engineer Associate certified. AI incident classification under DORA, NIS2, and EU AI Act reporting obligations.
EU AI Act Art. 9 ISO 42001 Azure AI Engineer Cert DORA / NIS2
Infrastructure Engineering
Cloud, DevOps & Data Architecture
Full-stack cloud architecture delivery. Security controls embedded at infrastructure layer, not retrofitted. Azure Expert certified.
Azure Cloud Architecture
Hub-Spoke network topology design, AKS/Kubernetes cluster hardening, Azure Functions serverless, Logic Apps SOAR integration, and private endpoint security across multi-region deployments. €480K/year cost optimisation delivered.
Azure Solutions Architect Expert AKS / Kubernetes Hub-Spoke / Private Endpoints Azure Functions
DevSecOps & IaC
Terraform and ARM/Bicep for infrastructure-as-code. Azure DevOps and GitHub Actions CI/CD pipelines with integrated SAST/DAST gates. Docker, Helm, and GitOps deployment patterns. Blue-Green and canary release strategies.
Terraform / ARM / Bicep Azure DevOps / GitHub Actions Docker / Helm / GitOps SAST / DAST Gates
Data & Backend Engineering
.NET Core 8 (C#) and Python (FastAPI/Flask/Django) backend systems. Azure Synapse Analytics, Databricks (Apache Spark, Delta Lake), Data Factory pipelines, Cosmos DB, MongoDB, and Redis for enterprise-scale data platforms.
.NET Core 8 / Python Azure Synapse / Databricks Cosmos DB / Redis Apache Spark / Delta Lake
Validated Expertise
13 Active Certifications
Certifications spanning security governance, cloud architecture, AI engineering, and network infrastructure — all active, all examined, not honorary.
ISACA / (ISC)²
CISSP
Certified Information Systems Security Professional — (ISC)². The global gold standard for senior information security practitioners.
Governance & Risk ISACA
CISM
Certified Information Security Manager — ISACA. Information security governance, risk management, and program development.
Security Management ISACA
CRISC
Certified in Risk and Information Systems Control — ISACA. Enterprise risk management, IT risk identification, and control implementation.
Risk & Control (ISC)²
CCSP
Certified Cloud Security Professional — (ISC)². Cloud data security, platform architecture, and compliance across multi-cloud environments.
Cloud Security Microsoft
Azure Solutions Architect Expert
AZ-305. Advanced cloud architecture, hybrid networking, identity, storage, and security across Azure enterprise platforms.
Azure Expert Microsoft
Azure Security Engineer Associate
AZ-500. Azure security controls, identity protection, platform security, data and application security implementation.
Azure Security Microsoft
Azure AI Engineer Associate
AI-102. Azure Cognitive Services, Azure OpenAI, Document Intelligence, and responsible AI implementation for enterprise workloads.
AI Engineering Microsoft
Azure Administrator Associate
AZ-104. Azure infrastructure administration, virtual networking, compute, storage, and identity management at enterprise scale.
Azure Admin Checkpoint
CCSE — Checkpoint
Checkpoint Certified Security Expert. Next-generation firewall policy, VPN configuration, and advanced threat prevention on Checkpoint platforms.
Network Security Juniper Networks
JNCIS-FWV — Juniper
Juniper Networks Certified Specialist – Firewall/VPN. Juniper firewall and VPN configuration, policy management, and network security architecture.
Network Security Cisco
CCNA Security
Cisco Certified Network Associate Security. Cisco firewall, IPS, VPN, and network infrastructure hardening across enterprise Cisco environments.
Network Security ISO / IEC
ISO 27001 Lead Implementer & Lead Auditor
Dual certification: ISMS design and implementation (Lead Implementer) and third-party ISMS audit and certification (Lead Auditor). BSI certified.
ISO 27001 Lead Auditor In Progress — 2026
AI Governance ISO 42001 — AI Management System Lead Implementer
The world's first AI management system standard. Implementing Article 9-aligned risk frameworks for AI system governance, bias testing, transparency obligations, and incident reporting under EU AI Act.
See the governance infrastructure behind the detection work
Behind every detection rule sits an audit trail. Behind every SOC operation sits a governance mandate. Behind every regulatory submission sits engineering rigour.
Full-Spectrum Capability
Skills & Competencies
27 years of hands-on delivery across technical security architecture, enterprise leadership, regulatory governance, and academic research — extracted from 900 published doctrines and 241 specialist papers.
Technical Skills
SIEM · Detection · SOC
Microsoft SentinelSplunkArcSight ESMQRadarLogRhythmRSA EnvisionSOARKQLSPLSIEM ArchitectureLog AnalysisLog ManagementSecurity AnalyticsUser Behaviour Analytics (UBA)Threat DetectionThreat HuntingThreat Intelligence Azure SentinelSOC OperationsChronicle (Google SecOps)ExabeamSecuronix UEBATines SOARAnomaliMandiantCREST CISRSIM3 (SOC Maturity)FIRST Services FrameworkElastic SIEMSOC-CMM Maturity ModelThreat Intelligence IntegrationML-based Anomaly DetectionAlert Triage
IAM · PAM · Zero Trust
CyberArk PAMIdentity & Access Management (IAM)OktaAzure AD / EntraActive DirectoryPing IdentityPrivileged Access ManagementMFASSO · SAML · OAuthLDAPIdentity LifecycleZero TrustAzure PIM / JIT BeyondTrustOAuth 2.0 / OIDCSailPointSaviyntZero Trust ArchitectureUser Lifecycle Governance
Cloud Security
AzureAWSGCPAzure DefenderCloud Security ArchitectureCSPMContainer SecurityKubernetesDockerTerraformAnsibleJenkinsDevSecOpsInfrastructure as Code (IaC)ZscalerAkamai CDN AWS GuardDutyAWS Security HubCWPPGoogle Cloud (GCP)
Network & Perimeter Security
Checkpoint CCSEPalo Alto NetworksCisco ASA / CCNAJuniper JNCIS-FWVFortinetSkybox SecurityFirewall ManagementIDS / IPSWAFVPN · IPSec · SSLDDoS MitigationF5 BIG-IPProxy (Bluecoat · Zscaler · Websense)TCP/IP · BGP · OSPFVLANPKI AkamaiCheck PointFortinet / FortiGateNetskopeRadwareCloudflare
Endpoint · EDR · DLP
CrowdStrikeMicrosoft Defender (MDE)SentinelOneCarbon BlackMcAfee EPOSymantecEndpoint Detection & Response (EDR)Data Loss Prevention (DLP)Mobile Device Management (MDM)BYOD SecurityAnti-Malware DLPEDRCharlotte AI (CrowdStrike)TaniumCortex XDR
Frameworks · Compliance · Governance
NIST CSFISO 27001MITRE ATT&CKNCSC CAFECAF (Ofgem)UK NIS RegulationsDORANIS2GDPR · UK GDPRPCI DSSSOX · SAS 70SARA · SPRINT · IRAMCOBITITILOWASPCIS ControlsGovAssureSOC 2 Type 2Archer eGRC ISO 42001SABSAThird-Party Risk ManagementTOGAFADHICS (UAE)UAE PDPLOCCISO 27035NIST SP 800-61OCTAVEFS-ISAC
Vulnerability & Penetration Testing
QualysTenable NessusFoundstoneBurp Suite ProNmapWiresharkVulnerability ManagementPenetration TestingThreat ModellingAttack Surface ManagementRapid7 InsightVMOpenVASEPSSKEV CatalogueQualys VMDRTenable Lumin
Scripting · Automation · AI
PythonTerraformAnsiblePowerShellKQLSQLJavaScriptTypeScriptReactFastAPIPydanticAzure OpenAI / GPT-4oSemantic KernelLangChainAI Security Architecture
Agentic AI · LLM · AI Security
Agentic AI SecurityLLM Security & Red-TeamingAI Governance ArchitectureAI Pipeline EngineeringAI Risk GovernanceRAG ArchitectureAzure OpenAI / GPT-4oMLSecOpsAdversarial AI DetectionKnowledge Graph / HyperedgeResponsible AI & AI Ethics
Post-Quantum · Cryptography
Post-Quantum Cryptography (PQC)Quantum-Proof Identity ArchitectureCryptographic AgilityKey Management Infrastructure
Offensive Security · Red / Purple Team
Red Team OperationsPurple Team MethodologyTIBER-EU / DORA TLPTAdversary SimulationExploit Development & Zero-Day ResearchAPI Security Testing (REST / GraphQL / gRPC)Cloud & Container Penetration TestingInfrastructure & Active Directory Penetration TestingContinuous Security ValidationBreach & Attack Simulation (BAS)
Identity Governance · Advanced IAM
Saviynt IGAIdentity Governance & Administration (IGA)Just-In-Time (JIT) AccessZero-Standing Privilege (ZSP)RBAC / ABAC Policy EngineeringJoiner-Mover-Leaver (JML) AutomationNon-Human Identity GovernanceMachine Identity ManagementAntifragile Identity Architecture
OT · Aviation · Critical Infrastructure
OT / IT Convergence SecurityAviation Network SecuritySCADA / ICS SecurityAirside / Landside SegregationZero Trust for OT EnvironmentsPhysical-Cyber ConvergenceHigh Availability & DR Engineering (sub-second failover)
Network Architecture · Advanced
Cisco ACI (Micro-Segmentation)Citrix NetScaler (WAF / SSL Offload)Network Segmentation DesignDetection EngineeringBGP / OSPF RoutingSD-WAN Architecture
Cloud Governance · Sovereign Cloud
Microsoft MCRAAzure Landing ZonesCloud-Native SecurityCloud Governance at ScaleSovereign Cloud StrategyData Residency & SovereigntySaudi NCA / ECC ComplianceMulti-Jurisdictional Cloud Compliance
Product Security · Supply Chain
Product Security (CRA / NIS2)SBOM ManagementSecure-by-Design EngineeringSupply Chain Risk ManagementInstitutionalising Product SecurityFiduciary Cyber Liability Management
Scripting · APIs · Integration
REST API DevelopmentGraphQLgRPCPython AutomationInfrastructure-as-Code (IaC) SecurityCI/CD Security PipelineSOAR Playbook EngineeringWebSocket / SSE Streaming
Enterprise Architecture · Integration Patterns
Domain-Driven Design (DDD)Event-Driven ArchitectureKafkaAWS EventBridge / SNS / SQSAzure Service Bus / Event Grid / Event HubsMuleSoftAzure Logic AppsOpenAPI / AsyncAPIApigeeKong API GatewayAzure APIMAWS API GatewaySaga PatternsArchitecture Decision Records (ADRs)C4 ModelAzure BicepAWS CloudFormationAKS / EKS / GKE
Risk Quantification · GRC Advanced
FAIR Risk QuantificationEU AI Act ComplianceGDPR / UK GDPR ImplementationCRA (Cyber Resilience Act)TIBER-EU FrameworkRegulatory Gap AnalysisMulti-Framework GRC Integration
Enterprise IAM · PAM Platform Stack
SailPoint IdentityIQSailPoint IdentityNowCyberArk ConjurBeyondTrust PAMThycotic / DelineaForgeRockOracle Identity Manager (OIM)HashiCorp VaultBroadcom CA SiteMinderDuo · RSA SecurID · YubiKeyAccess Certification CampaignsRole Mining & RBAC DesignSOD Conflict Detection
SIEM · SOAR · NDR Platform Ecosystem
Splunk ESLogPointCortex XSOARPhantom / DemistoMISPThreatConnectRecorded FutureDarktrace NDRVectra NDRExtraHopSnort / SuricataCisco Firepower
AppSec · DevSecOps Toolchain
Checkmarx SASTSonarQubeMicro Focus FortifyOWASP ZAPSnyk SCABlack DuckAqua · Twistlock · TrivyPrisma CloudTerraform Sentinel · CheckovSTRIDE / PASTA Threat ModellingShift-Left Security PracticesSecurity Champions Programme API SecurityCI/CD SecurityDASTSASTSCAThreat ModelingSemgrepCodeQLVeracodeOWASP ASVSOWASP SAMM 2.0OWASP API Top 10CycloneDX SBOMSPDXtfsecTerrascanBSIMM
OT/ICS · Industrial Control Security
ClarotyNozomi NetworksDragosTenable OTIEC 62443Industrial Protocol SecurityOT Asset Discovery & Inventory
Data Governance · Privacy Engineering
Symantec DLPForcepoint DLPBoldon James ClassificationTitus ClassificationOneTrustTrustArcBigIDAWS Macie · Azure PurviewDPIA DeliveryRecords of Processing Activities Data SovereigntyKey Management (HSM / KMS)
Generative AI · LLM · Agentic Stack
Azure AI FoundryAzure AI Document IntelligenceAzure AI SpeechAzure AI SearchAzure AI TranslatorAWS BedrockGCP Vertex AIGoogle Gemini APIVertex AI Agent Development KitChatGPT EnterpriseClaude Enterprise (Anthropic)Microsoft Copilot StudioSalesforce AgentforceSalesforce EinsteinLangGraphLlamaIndexAutoGenCrewAIMulti-Agent A2A OrchestrationPinecone Vector DBWeaviateChromaDBpgvector
GPU Infrastructure · AI Data Centre
NVIDIA DGX / HGXNVIDIA MetropolisNVIDIA OmniverseNVIDIA CUDAInfiniBand FabricRoCE v2OpenUSDGPU Cluster ArchitectureHigh-Performance ComputingEdge AI Deployment
MLOps · AI Platform Engineering
Azure Machine LearningAWS SageMakerDatabricks LakehouseDelta LakeSynapse AnalyticsBigQuery MLMLflowKubeflowPyTorchTensorFlowONNX RuntimeSHAP / LIME ExplainabilityModel Drift MonitoringFeature Store Engineering
AI Security · Responsible AI
Prompt Injection DefenceAI Red TeamingOWASP Top 10 for LLMGuardrails AINIST AI RMFISO 42001 AI Management AI GovernanceAI SecurityAutomation / Orchestration
DevOps Automation · Modern Productivity
Power Automaten8n Workflow AutomationZapierGitHub ActionsAzure DevOps PipelinesHelmGitOps / ArgoCD
Zero Trust · Modern Access
Conditional AccessPrisma Access SASE
Regulatory Frameworks & Standards
NIS2 Transposition AnalysisDORA Supervisory ReviewDORA Article 28 OversightEU AI Act Article 6 AssessmentEU AI Act High-Risk RegistryCRA Vulnerability ReportingUK Cyber Security & Resilience BillData (Use and Access) Act 2025Online Safety Act CompliancePSTI Act EnforcementAI Safety Institute EngagementDigital Services ActDigital Markets Act
International Standards Portfolio
ISO 27001:2022 TransitionISO 27005:2022 Risk ManagementISO 27017 Cloud SecurityISO 27018 PII ProcessingISO 27701 PrivacyISO 22301 BCMSISO 31000 RiskISO 9001 QMSNIST CSF 2.0NIST 800-53 Rev 5NIST 800-171COBIT 2019COSO ERMITIL v4TOGAF 10SABSA Enterprise Security Architecture COBIT 5 / 2019
Threat-Led Testing & Assurance
TLPT Threat-Led PenetrationCBESTSTAR-FSiCASTMITRE D3FENDSLSA Frameworkin-toto Attestations
Policy-as-Code & Continuous Compliance
Policy as Code (OPA / Rego)Regulation as CodeControl Mapping AutomationContinuous Control MonitoringEvidence Chain Management
Institutional Doctrine Concepts
Board-Survivable Cyber ArchitectureAudit-Proof by DesignLitigation-Grade SecurityDefensible CISO DoctrineSovereign CISO DoctrineSovereign AI FrameworkIdentity Control PlaneIdentity Hegemony DoctrineIdentity Moat ArchitectureTrust Architecture DoctrineInstitutional Cyber Doctrine
Detection & Response Stack
NDR — Network Detection & ResponseXDR — Extended Detection & ResponseMDR — Managed Detection & ResponseSSE — Security Service EdgeDetection EngineeringDetection as CodeSigma RulesYARA RulesDeception TechnologyThreat Hunting Programme Incident ResponsePlaybook Development
Cloud Security Posture Stack
CSPM — Cloud Security Posture ManagementCWPP — Cloud Workload ProtectionCIEM — Cloud Infrastructure Entitlement MgmtCNAPP — Cloud-Native App ProtectionDSPM — Data Security Posture ManagementSSPM — SaaS Security Posture Management
Microsoft Defender & EDR Ecosystem
Defender for CloudDefender for EndpointDefender for IdentityDefender for Office 365CrowdStrike FalconSentinelOne
Passwordless & Modern Authentication
PasskeysFIDO2WebAuthnPasswordless AuthenticationMFA Fatigue ResistanceBreak-Glass Access ProceduresTier 0 Asset Protection
Advanced Cryptography & Confidential Compute
Homomorphic EncryptionConfidential ComputingSecure EnclavesZero-Knowledge ProofsHSM — Hardware Security ModulesKey Management (BYOK / HYOK)Crypto Agility
Service Mesh & Cloud-Native Security
IstioEnvoy ProxyLinkerdSPIFFE / SPIRE Workload IdentityOpen Policy Agent (OPA)Falco Runtime SecurityWiz Cloud SecuritySnykAqua Security
Observability Stack
PrometheusGrafanaOpenTelemetryElastic Stack / OpenSearchDatadogDynatrace
Business & Leadership Skills
Strategic PlanningEnterprise ArchitectureGovernance & ComplianceRisk ManagementRisk AssessmentRisk MitigationRegulatory ComplianceSecurity AuditIT AuditSolutions ArchitectureProject ManagementProgramme DeliveryChange ManagementStakeholder ManagementBudget Management ($20M+)Business Continuity (BCP)Disaster Recovery (DRP)Incident ManagementVendor ManagementContract NegotiationConsultingBusiness AnalysisDigital TransformationAgile · Prince2 · WaterfallIT Service ManagementConfiguration ManagementFramework DevelopmentSecurity Awareness TrainingBoard-Level ReportingExecutive Stakeholder Engagement
CISO Leadership · Executive Delivery
Interim CISO (Delivery-Focussed)CISO AdvisorySecurity Transformation (Cost Centre → Trust Officer)Crisis Command & Zero-Hour Protocol90-Day Board Confidence RoadmapBoard-Level Liability Management Board ReportingCISO StrategySecurity ArchitectureExecutive Reporting
Financial & Legal Services
M&A Cyber Due DiligencePE Portfolio Cyber Risk AssessmentExpert Witness (Legal & Regulatory)FAIR-AIR Risk QuantificationCyber Insurance AdvisoryRegulatory Enforcement ResponseSovereign Banking Security Architecture Big 4 Consulting
Regulatory Programme Delivery
Cross-Jurisdictional Regulatory ExpertiseDORA Programme DeliveryNIS2 Implementation ProgrammeFCA PS21/3 Operational ResiliencePRA SS1/21 Operational ResilienceEU AI Act Readiness AssessmentRegulatory Audit SupportCompliance-to-Competitive Advantage Strategy
Chartered Certifications & Standards
CISSPCISMCRISCCCSPISO 27001 Lead AuditorSABSA Chartered Security ArchitectTOGAF 9 CertifiedCyberArk CDEAWS Certified Security – SpecialtyMicrosoft SC-100 Cybersecurity ArchitectMicrosoft SC-200 Security Operations AnalystAZ-305 Azure Solutions Architect ExpertCisco CCNA SecurityAzure Security Engineer AssociateGoogle Cloud Professional Cloud Security EngineerGoogle Professional Cloud ArchitectAWS Certified Solutions Architect – ProfessionalAWS Certified AI PractitionerHashiCorp Terraform AssociateCKA – Certified Kubernetes AdministratorGIAC GSTRTCREST CCIM (Certified Incident Manager)CCA (Cybersecurity Architecture) TOGAF 9
Extended Regulatory & Sector Compliance
HIPAAGLBAPCI-DSS v4.0SOC 2 Type 2Basel II / III (BCBS)
Advanced Certifications (Extensions)
ISO 27001 Lead ImplementerBSI / IRCA CertifiedCCSKCSA STAR
Supervisory Authorities & Regulators
ICO (UK)DPC (Ireland)OfcomComRegCCPCEBAESMAEIOPAECBENISADSIT (UK)OPSS (UK)HM TreasuryCentral Bank of Ireland FCAPRA
Governance & Risk Programmes
Third-Party Risk Management (TPRM)ICT Third-Party OversightDigital Operational ResilienceRegulatory Horizon ScanningMulti-Jurisdictional ComplianceCross-Border Data FlowsRegulatory Remediation ProgrammeBoard Cyber ReportingAudit Committee ReportingRisk Appetite StatementRegulatory Change ManagementPolicy Harmonisation
GRC Platform Expertise
ServiceNow GRCMetricStreamLogicGate
AI Governance & Assurance
AI Conformity AssessmentAI Impact AssessmentAI Bill of Materials (AIBOM)AI Incident RegisterAgentic AI GovernanceAI Pilot Governance Framework
Incident Reporting Obligations
4-Hour DORA Incident Reporting24-Hour NIS2 Early Warning72-Hour GDPR Breach NotificationRegulatory Reporting AutomationSignificant Incident Classification
Privacy & Cross-Border Transfers
ROPA Records of ProcessingSchrems II / TIAStandard Contractual Clauses (SCC)Binding Corporate Rules (BCR)EU-US Data Privacy Framework
MENA & Sovereign Regulatory Frameworks
Saudi NCA ECCSaudi NCA CAFSaudi SAMA CSFSaudi PDPLUAE NESAUAE IA StandardQatar NIAKuwait NCABahrain NCSC
US Data Security Rule · DOJ EO 14117
DOJ 28 CFR Part 202Executive Order 14117Bulk US Sensitive Personal DataGovernment-Related DataCountries of Concern ScreeningProhibited & Restricted TransactionsCISA Security RequirementsAnnual NSD ReportsDOJ Licensing & Advisory OpinionsBulk Data Threshold TrackingHuman 'Omic Data Governance
Pharma R&D · Clinical Data Protection
HIPAA Privacy & Security RulesHITECH Breach Notification21 CFR Part 11GCP / ICH E6(R2)EU Clinical Trials Regulation (CTR)EMA Policy 0070FDA Software-as-Medical-Device (SaMD)GxP-Validated AIIRB / Ethics Board LiaisonClinical Data SovereigntyHonest-Broker / Custodian ModelsFederated Learning & Secure EnclavesCRO / Processor Due DiligenceInvestigator-Site AgreementsPharmacovigilance Data GovernanceReal-World Evidence PlatformsGenomic & Biomarker Data Controls
Extended Privacy Regulations (Global)
LGPD (Brazil)PDPA (Singapore)PIPEDA (Canada)POPIA (South Africa)CCPA / CPRACPA (Colorado)CTDPA (Connecticut)VCDPA (Virginia)UK DPA 2018Article 9 Special-Category DataArticle 35 DPIA MethodologyArticle 30 ROPAArticle 49 Derogations
Cross-Border Data Transfer Mechanisms
SCCs 2021/914 (Modular)Binding Corporate Rules (BCR)UK IDTA & AddendumUK–US Data BridgeEU–US Data Privacy FrameworkSchrems II Transfer Impact AssessmentDOJ EO 14117 Transfer ScreeningData Residency by DesignCRO / Lab Data ResidencyVendor Flow-Down Clauses
Cloud Data Protection (Extended)
AWS MacieAWS KMSAWS Lake FormationGCP DLP APIGCP VPC Service Controls (VPC-SC)Azure Defender for CloudMicrosoft Purview Information ProtectionCustomer-Managed Keys (CMK)Confidential ComputingTokenisationPseudonymisation & k-AnonymityDifferential Privacy
Pharma & Life Sciences Tooling
Veeva VaultMedidata RaveeCOA / ePRO PlatformsElectronic Trial Master File (eTMF)Power BI (Clinical Reporting)ServiceNow GRC / IRMOneTrustWorkivaCollibraVaronisBigIDDAMA-DMBOK
Operational Resilience · Regulatory Specifics
FCA/PRA PS21/3Important Business Services MappingImpact TolerancesSevere-but-Plausible Scenario TestingSupply Chain ResilienceAnnual NIS Self-Assessment AuthorshipNCSC GuidanceBEIS / DSIT Regulatory FrameworkOfgem Cyber ExpectationsDORA Chapter V (ICT Third-Party)FCA SYSC 8EU–US Clinical Data Flow Governance
Business & Leadership
CIO / CRO AdvisoryBoard & Audit Committee EngagementP&L ManagementBudget Planning (£20M+ Programmes)Contract NegotiationMulti-Vendor GovernanceBig 4 Risk Advisory DeliveryM&A Cyber Due Diligence (50+)Three Lines of Defence (3LoD)FAIR Risk QuantificationKRI Library Authorship (250+)Policy Harmonisation (70+)Regulator Liaison (FCA · PRA · CBI · ECB)SteerCo & Executive ReportingConsulting Craft & Gravitas
Professional Attributes · Extended
Outside IR35 · UK Limited CompanyB2B Day-Rate Contractor100% Remote CapableEuropean Working Hours (CET/CEST/GMT/BST)Immediate Availability · Day-1 ProductiveBritish & EU (Irish) Dual CitizenshipEnglish (Native · C2)Circle of Excellence (KPMG)High Flyers (EY)Super Coach (PwC France)University Gold Medallist (BEng)
Personal & Professional Attributes
Executive PresenceLeadershipStakeholder EngagementCommunicationWritten CommunicationCollaborationInnovationIntegrityResilienceDriveOrganisation
Sector & Domain Expertise
Critical National Infrastructure (CNI)Aviation Sector (Airside / ATC)Financial Services (21 yrs)Government & Public Sector AIHealthcare & Regulated EnvironmentsLegal / Judicial Sector
Academic & Thought Leadership
Academic Research & Publication (900 papers)Doctrine Writing & Framework DesignProfessor of Practice (Schiphol University)Honorary Senior Lecturer (Imperials)Big 4 Consulting (Deloitte · PwC · EY · KPMG)Keynote & Board Presentation Professor (Schiphol University)
Professional Memberships & Industry Awards
Lead Auditor, Information Security Forum (ISF)Platinum Member, ISACA London ChapterGold Member, (ISC)² London ChapterProgramme Lead, PRMIA Cyber SecurityMember, Cyber Defence TaskforceResearcher, University College London (UCL)Excellence in Education Award — Imperial CollegeCircle of Excellence Award — KPMGHigh Flyers Award — Ernst & YoungSuper Coach Award — PwC France Industry Award Recipient
Academic Distinctions & Clearances
MSc Information Security — UCLMBA Strategic Management & Technology LeadershipBEng University Gold MedallistHonorary Doctorate in LiteratureTop Teacher AwardBPSS EligibleSC / DV Clearance EligibleUK Parliament Cyber Security Committee UK DV Clearance
SIEM · Detection · SOC
Elastic SIEMRSA Security AnalyticsCORR EngineSigma Rule ConversionSentinel Analytics RulesSentinel Content HubAzure MonitorLog Analytics WorkspaceData Collection Rule (DCR)Azure Monitor Agent (AMA)CEF · Syslog · Event HubCopilot for SecuritySOC-CMM MaturityKQL WorkbooksArcSight LoggerArcSight Flex ConnectorSplunk Enterprise SecurityExabeam UEBASecuronix UEBAMITRE ATT&CK for ICS
IAM · PAM · Zero Trust
Okta IdPPingFederatePingAccessMicrosoft Identity Manager (MIM)Omada IdentityOne Identity ManagerNetIQ Identity ManagerSCIM 2.0WS-FederationADFSAD ConnectPassword Hash SyncPass-Through AuthenticationSeamless SSOEntra ID Entitlement ManagementEntra ID Access ReviewsWorkload IdentitiesEntra ID B2B / B2CEntra ID Identity ProtectionNIST SP 800-207 Zero TrustNIST SP 800-63 Digital IdentityKerberosRADIUSTACACS+Microsoft SC-300ZTNA (Zscaler ZPA · Netskope · Cloudflare Access)
Cloud Security
AWS Control TowerAzure Defender for CloudAzure Conditional AccessAzure Key VaultAzure PolicyGCP Security Command CentreGCP BeyondCorpCloud KMSCloud HSM
Network · Perimeter · Segmentation
Check Point R80 / R81Cisco PIXJuniper SRX · NetscreenIronPortIllumio Micro-SegmentationGuardicoreArbor Peakflow DDoSAkamai Kona / Site ShieldCisco ACI Micro-SegmentationOPC UAEtherNet/IPIEC 61850Deep Packet Inspection (DPI)Wireshark / tsharkSD-WAN
Endpoint · EDR · DLP
CrowdStrike Falcon XPalo Alto Cortex XDRMicrosoft Defender XDRMicrosoft Defender for EndpointMcAfee FoundstoneFireEyeCylanceTripwire Integrity MonitoringCIS BenchmarksWSUS Patch Management
OT · ICS · Industrial
Siemens S7Rockwell Allen-BradleySchneider PLCHoneywellYokogawaDCS · PLC · HMI · RTUModbus (RTU/TCP)ProfinetDNP3CANbusSafety-Instrumented Systems (SIS)Hardware-in-the-Loop TestingFactory Acceptance Testing (FAT)Site Acceptance Testing (SAT)NCSC CAF for OTNIST SP 800-82Zone & Conduit ModellingPurdue Reference ModelClaroty xDomeDragos PlatformArmisTenable OT Security
Threat Intelligence · CTI
Mandiant AdvantageMicrosoft Defender TIFlashpointIntel 471CrowdStrike IntelOpenCTIAnomaliSTIX / TAXIIDiamond ModelCyber Kill ChainAPT Tracking (FIN7 · Cobalt · TA505 · Lazarus)CISA KEVEPSS Exploit PredictionIOC ManagementStrategic Threat Reporting
Vulnerability · Exploit · Red Team
Qualys VMDRTenable.io / SCRapid7 InsightVMCVSS v3.1 / v4.0Tenable Nessus ProfessionalBurp Suite ProfessionalDbProtectHardware Vulnerability ResearchReverse Engineering & DebuggingExploit Development MindsetFuzzing
Frameworks · Compliance · GRC
ITSRM MethodologyPM²/OpenPM²Prince2 PractitionerPMI PMPRCSA — Risk & Control Self-AssessmentRisk Treatment PlansResidual Risk StatementsEvidence Pack ProductionControl MappingMandatory AttestationEBA/ECB/CBI/FCA/PRA EngagementTOGAF 9 ADMArchiMate 3.x ModellingThree Lines of DefenceBureau Veritas ISO 27001 Lead AuditorISO 24760 Identity ManagementSTRIDE · PASTA · LINDDUN Threat ModellingAttack Tree AnalysisISO 42001 AI Management SystemDORA ICT Risk & Incident ManagementNIS2 Directive Compliance
DFIR · Forensics · Incident Response
EnCase ForensicFTKVolatility FrameworkVelociraptorKAPEMemory ForensicsDisk ImagingChain of CustodyEvidence PreservationMalware AnalysisReverse Engineering FundamentalsIncident ReconstructionMajor Incident ManagementCSIRT LeadershipCrisis CoordinationContainment & EradicationIncident OrchestrationForensic Triage
AI · Azure AI Platform
Azure AI Search (Vector + Hybrid)Azure AI VisionAzure AI LanguageAzure OpenAI (GPT-4o · GPT-4 Turbo · o-series)DALL-E 3SoraStable DiffusionAdobe Firefly ServicesMidjourneyRunway Gen-3Pika LabsElevenLabsAzure AI Content Safety
AI · Agent Frameworks & SDKs
FastAPILangChain.jsOpenAI SDKAnthropic SDKNestJSNext.jsVercel AI SDKRetrieval-Augmented Generation (RAG)RAGAS EvaluationPhoenix LLM EvaluationOpenTelemetry for LLMWhisper (Speech Transcription)FAISSBM25 Keyword SearchDeepEvalCross-Encoder Re-rankingSentence-TransformersHybrid Search (Vector + Keyword)
AI · MLOps · Data Platforms
Azure MLService BusEvent GridEvent HubsKafkaAKSAzure Container AppsAzure FunctionsAzure Data FactoryAzure SynapseMicrosoft Fabric / OneLakeDatabricks on AzureCosmos DBArgo CD
Content · Marketing Operations
Adobe Experience Manager (AEM)Adobe WorkfrontVeeva PromoMatsVeeva MedCommsBynder DAMAprimo DAMBrandfolderPharma MLR Workflows
DevSecOps · IaC · Policy
BicepGitLab CIOpen Policy Agent (OPA / Rego)Terraform SentinelCheckovSAST · DAST · SCAFortify · Coverity · Klocwork
Cryptography · PKI · Keys
HSM Integration (Thales · Entrust nShield)Certificate Authority DesignCertificate Lifecycle AutomationKMIP Key ManagementAES / RSA / ECDSATLS 1.3IPsec / IKEv2S/MIME · Code SigningBYOK · HYOK
Regulatory & Governance (Extended)
OCCSOXSAS70NATO STANAG 6001 English L4NCIA Architecture MethodologyJSP 440 · JSP 604HMG Security ClassificationsRMADS
Emerging · Disruptive Technology
AI/ML SecurityAdversarial AIQuantum-Safe Cryptography (NIST PQC)LLM Supply-Chain SecurityModel Supply-Chain SecurityThreat Modelling for ML SystemsGenerative-AI Misuse Mitigation
Pharma · Life Sciences · Clinical Data Security
21 CFR Part 1128 CFR Part 202DOJ Executive Order 14117EU Clinical Trials Regulation (CTR)GCP / ICH E6(R2)HITECH ActMedidata RaveMicrosoft PurviewVeeva Vault
Operational Risk · Capital Adequacy
ICAAPILAAPISAE 3402 SOC ReportsKRI / KCI / KPI FrameworkNIST SP 800-30 Risk AssessmentProcessUnity TPRMScenario Analysis & Stress TestingServiceNow IRMSolvency II Pillar 2
Risk Reporting · Board Analytics
Power BITableau
Check Point Advanced · Network Security Enterprise
Cato SASECheck Point MDSMCheck Point MaestroCheck Point QuantumCheck Point VSXCisco Firepower Threat Defense (FTD)FortiWeb WAFImperva WAFModSecurityPalo Alto PAN-OS 10 / 11Palo Alto PanoramaZscaler Digital Experience (ZDX)
Virtualisation · End-User Computing
Azure Virtual Desktop (AVD)Citrix Virtual Apps & Desktops (VAD)Microsoft Endpoint Manager (SCCM / MECM)Microsoft IntuneNutanix AHVVMware HorizonVMware vSphere / NSX
Campus · Wireless · NAC · Unified Comms
Aruba ClearPass NACAudioCodes SBCCisco Identity Services Engine (ISE)Cisco MerakiCisco Unified Communications Manager (CUCM)Microsoft Teams PhoneMist AI (Juniper)Ribbon Session Border Controller
Managed Print · Enterprise Services
HP Web JetadminPaperCutuniFLOW
CyberArk Portfolio (Full-Stack PAM)
CyberArk AIM / AAMCyberArk Central Policy Manager (CPM)CyberArk Conjur Secrets ManagerCyberArk Defender · Sentry · GuardianCyberArk DNACyberArk Endpoint Privilege Manager (EPM)CyberArk Password VaultCyberArk Privilege CloudCyberArk Privileged Session Manager (PSM)CyberArk Privileged Threat Analytics (PTA)Microsoft LAPS
Financial Services Regulators (Global)
BaFin (Germany)Bank of England (BoE)CSSF (Luxembourg)Hong Kong Monetary Authority (HKMA)Monetary Authority of Singapore (MAS)NYDFS Part 500
Supply Chain · Third-Party Cyber Assurance
BitSightISO 27036 Supplier SecurityMITRE ATLAS (Adversarial ML)NIST SP 800-161 C-SCRMSBOM — CycloneDXSBOM — SPDXSecurityScorecardShared Assessments SIG / SCA
Offensive Assurance · Certifications
CREST Certified TestingCyber Essentials PlusITIL 4 Managing Professional
AI Security & Governance (Extended)
CAM for AI AttestationEU AI Act ComplianceISO/IEC 42001 (AI Management)OWASP LLM Top 10SAP BTP AI FoundationSchrems II Data Transfer Controls
Workload Identity & Passwordless Authentication
Delinea Secret ServerFIDO2SPIFFE / SPIREWebAuthn
IaC Security · Policy Engines (Extended)
OPA GatekeeperTerratesttfsec
Microsoft Security Certifications
AZ-104 Azure AdministratorAZ-305 Azure Solutions Architect ExpertAZ-500 Azure Security EngineerSC-100 Cybersecurity Architect ExpertSC-200 Security Operations AnalystSC-300 Identity & Access Administrator
Kubernetes & Container Platform Security
CKA — Certified Kubernetes AdministratorCKS — Certified Kubernetes Security SpecialistGitHub Actions OIDC FederationGitHub Advanced SecurityNIST SP 800-190 Container Security
Edge Protection · WAF Engineering (Extended)
Azure Front Door PremiumOWASP CRS 3.2
OT/ICS Security Platforms
ArmisCisco Cyber VisionClaroty CTDDragos PlatformForescoutMicrosoft Defender for IoTNozomi Networks GuardianTenable.ot
Industrial Protocols · Historians · HMI
BACnetCitect SCADADNP3FactoryTalk (Rockwell)GE iFIXHART-IPIEC 61850Modbus / Modbus TCPOPC UAOSIsoft PI SystemPROFINETSiemens WinCC
Vulnerability Intelligence · Prioritisation
CISA KEV CatalogCVSS v4.0EPSS — Exploit Prediction ScoringNIST SP 800-82 Rev.3 (ICS Security)
Data-Diode · Cross-Domain Solutions
Owl Cyber DefenseWaterfall Security Solutions
UK CNI Sector Regulators (Water · Energy)
DWI — Drinking Water InspectorateNERC CIP (North America)Ofwat Cyber Resilience Code
Heritage Network & Perimeter Platforms
Crossbeam X-SeriesNokia IP Appliance FirewallsCisco CS-MARSTippingPoint IPSAlgoSec Firewall AnalyzerCisco Guard Anti-DDoSMU DynamicsAlteon Load BalancerClearswift MIMEsweeperMail SweeperFirewall Services Module (FWSM)Cisco Security Manager (CSM)Cisco ACS
Heritage Encryption & Endpoint Control
PGPMcAfee Safeboot Endpoint EncryptionPointsec Disk EncryptionReflex DiskNet ProSmartline DeviceLock3DNS Load BalancingCisco VPN ConcentratorDigital WatermarkingSteganographyCrypto-Analysis
Historic Legal · Regulatory Doctrine
UK Computer Misuse ActUK Data Protection Act 2018Safe Harbor FrameworkHMG Information Assurance StandardsCRB Enhanced ChecksMOD Basic Vetting
AppSec · Source Code Scanners (Legacy Heritage)
Cenzic HailstormSPI Dynamics WebInspectWatchfire AppScanWhiskerOunce LabsCoverityKlocworkFindBugs / FxCopPrefix / PrefastFortify (Micro Focus)
Database Security Scanners (Legacy)
DbProtectAppDetectNGSS
Legacy Certifications & Training Lineage
ITIL Foundation CertifiedMCSE Windows 2000MCSE Windows NTCisco CCNPCisco CCNAArcSight Flex ConnectorArcSight Logger AdminCyberArk Privileged Identity Management SuiteCyberArk Privileged Session Management SuiteCyberArk Sensitive Information Management SuiteISS SafeSuite / Internet ScannerSymantec Intrusion Detection (Enterprise)Fortinet FortiGate Administrator (France)
Academic Heritage — Degrees & Institutions
MBA-IT — Andhra UniversityBEng Electronics — Osmania UniversityDiploma in Electronics — Govt. InstituteMSc Information Security (UK)University Gold Medallist
Big 4 & Consulting Lineage (Resume Refresh)
Big 4 Cyber AdvisoryDeloitte Risk AdvisoryPwC Cybersecurity & PrivacyEY Cybersecurity PracticeKPMG Cyber DefenseAccenture CyberKPMG Circle of ExcellenceEY High Flyers AwardPwC Super Coach AwardBig 4 Methodology Fluency
Regulatory Frameworks 2026 — Sector & Jurisdiction
DORA Readiness & ImplementationNIS2 Directive ComplianceFINMA Operational ResilienceADGM Cyber Risk Management FrameworkSAMA Cybersecurity FrameworkQCB Cybersecurity FrameworkCBB Cybersecurity FrameworkBank of England Operational ResilienceFCA Operational ResiliencePRA Operational ResilienceSolvency II CyberHIPAA Cyber ProgrammesLloyd’s Cyber InsurancePCI DSS 4.0ISO/IEC 42001 AI Management SystemISO 31000 Risk ManagementCritical Third-Party Providers (CTPP)ICT Third-Party RiskSaudi Vision 2030 Cyber
Governance Doctrine & Engagement Models
Evidence Chain ModelDecision Rights ArchitectureContract Control MatrixAI Accountability StackAI Control Plane ArchitectureCrisis Command RetainerVirtual CISO (vCISO)Chief AI Security Officer (CAISO)DORA Programme DirectorOperational Resilience LeadSecurity Transformation Programme LeadPrincipal Cyber ArchitectInstitutional Governance AuthorityOutside IR35 EngagementUK Limited Company Operating ModelIrish Limited Company Operating ModelStatus Determination Statement (SDS)Three-Lines-of-Defence Operating Model
AI Governance Architecture (2026)
AI Inventory & RegistryModel Risk GovernanceData Provenance ControlsBias & Explainability ControlsAI Pipeline Governance
Sector Programmes & Industry Coverage
Insurance Cyber ProgrammesReinsurance Cyber ProgrammesComposite Insurer ProgrammesLloyd’s Market Insurance CyberCapital Markets CyberPublic Sector CyberEnergy Sector CyberTelecoms Sector CyberM&A IT Risk Due Diligence
Vendor Heritage & Cloud Credentials (Resume Refresh)
AWS Certified Security — SpecialtyAzure Security Engineer AssociateGoogle Cloud Professional Cloud Security EngineerCCSE · CCSA · CCMSE (Check Point)MCSE — MicrosoftISS RealSecureISS Proventia IPSSourcefireArbor Networks PeakflowRadware DDoS MitigationIBM Security VerifyDatadog SIEMMicrosoft Defender XDRDbProtectMcAfee SafeBootPointsecS/MIMECertificate Lifecycle ManagementTACACS+EIGRPCisco Wireless
SOC Operations & KRI Libraries
KRI Library DesignITSM Risk LibrariesService Management RiskSOC L1/L2/L3 Escalation24/7 Detection OperationsMSSP GovernanceDark Web MonitoringBCM/DR TestingTechnology Risk ManagementGroup-Level IT Risk MethodologySLA/KPI DefinitionProvider Performance ManagementPlaybook DesignAutomated Alert Enrichment
Memberships & Professional Honours
Schiphol Honorary ProfessorUCL ResearcherISACA London Chapter — Platinum(ISC)² London Chapter — GoldISF Lead AuditorInstitute of Risk Management (IRM)PRMIA Programme Lead
AI Security · Agentic AI · MCP Controls (2026)
Agent Identity SeparationAI Red-Team Regression HarnessApproval Gates / Kill SwitchesBehavioural Drift MonitoringCanary PromptsCapability Allow-ListsENISA AI Threat LandscapeFunction-Calling SecurityHallucinated Dependency (Slopsquatting) DetectionIndirect Prompt Injection DefenceMCP (Model Context Protocol) SecurityMulti-Agent Audit TrailsNIST AI RMF Generative AI Profile (AI 600-1)OWASP Top 10 for Agentic AI (2025)OWASP Top 10 for LLMs (2025)Persistent Memory Poisoning DefenceResource-Scoped Tool BindingsSandboxed AI Execution
Hyperscaler AI · Foundation Model Platforms
Anthropic Claude APIAWS BedrockAWS SageMakerAzure OpenAI · AI FoundryGoogle Vertex AIOpenAI API & AssistantsSAP Business AISAP Cloud Identity ServicesSAP IAS / IPS
AI Lifecycle Identity · CAM for AI
AI Access Provisioning WorkflowsAI Audit Evidence MapsAI Entitlement CatalogueAI Tool ConnectorsCloud Access Manager (CAM) for AIFeature Store SecurityInference Gateway AuthenticationInstance-Level Access BoundariesModel Lifecycle IAMModel Supply-Chain AttestationRAG Pipeline SecurityTraining Data Access ControlsVector Database Security
AI-First SSDLC · Threat Modelling (Extended)
Attack Tree CataloguesBow-Tie AnalysisBSIMM for AIIriusRiskMicrosoft Threat Modelling ToolNIST SSDF (SP 800-218)OWASP SAMM 2.0OWASP Threat DragonSecure AI Development Lifecycle (SAIDL)Threat-Model-as-CodeTrike Threat Modelling
Workload Identity Federation (Extended 2026)
AWS IRSA (IAM Roles for Service Accounts)Azure Managed IdentitiesCertificate-Based AuthenticationGCP Workload Identity FederationPhishing-Resistant MFASAP BTP Service InstancesService-Mesh Identity PropagationShort-Lived CredentialsToken-Based Integration
Identity Control Plane · Federation Doctrine
Active-Active Federation (Zero Regional Dependency)Adaptive Risk-Based MFABeyond RBAC / Attribute-Driven AuthorisationContinuous Identity AssuranceEvent-Driven Identity (SCIM-Driven)FAPI-Compliant OAuth 2.0Federation-First ModernisationIdentity Control Plane DoctrineJust-in-Time (JIT) PrivilegeMachine Identity at ScalemTLS as Identity (East-West Trust)Post-Merger Identity ConsolidationReal-Time Federation RoutingToken Issuance PipelinesZero Standing PrivilegeZero-Secret Architectures
AI-Enhanced Incident Operations (2026)
5-Whys / Fault-Tree AnalysisAI-Assisted Runbook ExecutionAtlassian StatuspageBlameless Post-Incident ReviewCrowdStrike Charlotte AIDynatrace Davis AIMicrosoft Sentinel AI · Copilot for SecurityMTTD / MTTR ProgrammeOpsgeniePagerDutyServiceNow MIM ModuleSOAR — Cortex XSOAR · Splunk SOARSplunk AI · Observability CloudTabletop & Live Crisis ExercisesxMatters On-Call
AppSec Toolchain (Extended 2026)
Black DuckBurp Suite EnterpriseCheckmarxCodeQLContrast IASTDependency-TrackInvictiOWASP ZAPPR Policy GatesPre-Commit Hooks (husky · pre-commit)SBOM CycloneDX / SPDXSeeker IASTSemgrepSigned CommitsSigstore Cosign SigningSLSA Build Attestation (Levels 1–4)Snyk Code · Snyk ContainerSonarQubeVeracode
Container & K8s Security (Extended 2026)
AnchoreAqua Container SecurityClairCosign Signed ImagesFalco Runtime SecurityKyvernoPod Security StandardsService Mesh — Istio · Linkerd · EnvoySnyk ContainerSysdig SecureTrivy
Sovereign Data · Cross-Border Doctrine (Extended)
14400-Second (4-Hour) DORA Compliance Doctrine36-Hour Compliance Velocity FrameworkClinical Data SovereigntyDaubert / FRE 702 AI Evidence DoctrineDOJ 28 CFR 202 Sovereign Data DoctrineEO 14117 Bulk Sensitive Personal DataSchrems II Transfer Impact AssessmentSovereign Doctrine Series (AEGIS · ATLAS · BRIDGE · NEXUS · TRIAGE · DECIDE · FORGE · ORACLE · VELOCITY · SENTINEL · PRISM · COMPASS · AEON)
IoT · ICS · OT Industrial Security
Skills surfaced from the May 2026 OT/ICS Doctrine Series (21 papers), Airport & Aviation CNI papers, and Industrial Resilience publications. All capabilities are evidenced through published governance doctrine.
IoT · IIoT Security
IoT Security ArchitectureIIoT SecurityIndustrial IoT (IIoT) Vendor Access ControlIoT Device Authentication & PKIIoT Firmware Security & Secure BootIoT Asset Management & InventoryIoT Threat Modelling (STRIDE for IoT)Microsoft Defender for IoTMQTT / CoAP / AMQP Protocol SecurityIndustrial Edge SecurityETSI EN 303 645 (IoT Security Standard)NISTIR 8259 (IoT Device Cybersecurity)Embedded Systems SecurityForescout eyeSight (IoT/OT Visibility)Armis (Agentless IoT/OT)
OT/ICS Standards & Functional Safety
IEC 62443 (all parts)IEC 62443-3-3 System Security RequirementsIEC 61511 Functional Safety (SIL)IEC 62439-3 PRP/HSR (Parallel Redundancy Protocol)IEC 61850 (inc. GOOSE messaging)NIST SP 800-82 Rev.3 (ICS Security)NCSC CAF for OTNERC CIPIEC 62351 (Power System Security)ISA/IEC 62443 Security Levels (SL1–SL4)Safety-Instrumented Systems (SIS)Safety Lifecycle ManagementHardware-in-the-Loop (HiL) Testing
Industrial Network Architecture & Protocols
Purdue Reference Model / Evolving PurdueZone & Conduit ModellingSoftware-Defined Plant Networks (SDPN)Industrial DMZ DesignDual-Homed Historian ArchitectureReverse Proxies for OTJump Server Architecture for OTDeterministic Networking for OTBGP-MPLS Failover for Industrial EstatesPROFINET IRTModbus RTU/TCPDNP3OPC UA SecurityBACnetCANbusHART-IPDCI/P SerialCisco ACI Micro-Segmentation (OT)IT-OT Convergent Network Governance
OT/ICS Security Platforms & Tooling
Claroty CTD / xDomeDragos PlatformNozomi Networks GuardianCisco Cyber VisionTenable OT SecurityArmis PlatformForescout OTMITRE ATT&CK for ICSSiemens S7 (S7-300/400/1200/1500)Rockwell Allen-Bradley (CompactLogix / ControlLogix)Schneider Electric PLCHoneywell DCSYokogawa DCSCitect SCADAOSIsoft PI SystemSiemens WinCCFactoryTalk (Rockwell)GE iFIX / iFIX SCADA
OT Resilience & Zero Trust
Zero Trust for ICS (Identity-Aware Overlays)Protocol Proxies for OT Zero TrustLateral-Movement Defeat in OTIsland-Mode / Graceful DegradationSub-Millisecond ICS Failover (IEC 62439-3)OT Dependency Mapping & Passive DiscoveryShips-in-the-Night OT Migration ArchitectureBreak-Glass Procedures for OTJIT Vendor Access for OT (MFA-constrained)Azure / AWS Edge Integration for OTOT SBOM GovernanceCTPP (Cyber Threat Profile & Programme)Owl Cyber Defense (Data Diodes)Waterfall Security Solutions
OT Risk Quantification & Governance
Monte Carlo OT Risk QuantificationICS Capital Decision ModellingBoard-to-Plant-Floor OT Risk Operating ModelIT-OT Design Authority CharterMulti-Vendor OT Governance FrameworkOT Vendor Governance (SBOMs · DORA CTPP)SACDA Architecture (Safe Autonomous Connected Distributed Edge-Native)Industrial Transformation Without Downtime
Aviation & Airport CNI
Aviation Network SecurityOT/IT Segregation (Airside · Landside · Passenger)Physical-Cyber Convergence (Airport)Deterministic Network Architecture (Air Traffic)Fault-Tolerant Network Fabric for Safety-Critical ATCZero Trust Micro-Segmentation (Aviation)Threat Management for 24×7 CNI OperationsDetection Engineering for Critical InfrastructureHigh-Availability & DR Engineering (sub-second failover)Citrix NetScaler / F5 (Secure App Delivery) IPS & Encrypted Visibility at CNI Scale Cisco ACI Tenant/VRF/EPG Design
SOC 2.0 Doctrine · May 2026 · Skills Surface
Capabilities Demonstrated Across the 21-Paper SOC 2.0 Series
Capabilities surface mapped from the May 2026 institutional doctrine release. Three layers: technical execution, governance / non-technical, business outcome.
Technical Skills (SOC 2.0 Doctrine)
Adversarial AI / Cyber AI Arms Race Autonomous SOC Architecture Closed-Loop Containment & Evidence-First Forensics Detection Engineering & Hypothesis-Led Coverage SOC 2.0 Operating Model Signal Engineering & Schema Sovereignty
Non-Technical & Governance Skills (SOC 2.0 Doctrine)
Board-Level Cyber Governance Translation Decision Rights Architecture in Crisis Operating-Model Re-Architecture Quarterly IR Drill & Stress Testing Discipline Three-Clock Defence Engineering
Business & Commercial Outcomes (SOC 2.0 Doctrine)
Cyber Risk as a Revenue Problem (M&A + Capital Markets) DORA / NIS2 Operational Resilience Programme Delivery Operating-Model Doctrine for Compounded Advantage Pricing Operational Latency as Fiduciary Loss Privacy Operations & Data-Lineage Convergence