I am a security consultant with over 30 years experience helping blue chip companies address their cyber security needs. What makes my consultancy services different is the scientific approach I bring to my work. A physicist by training, I understand the dynamics underlying security risk and how to address security risk analytically.
Many, if not most, of the security risk questions senior management want answered require the quantification of one or other aspect of security risk or of the things that go into the creation of security risk. I show clients how to quantify the threats they are under, the effectiveness of their controls, their value-at-risk, and the security risks they face. I design the tools and processes my clients need to calculate meaningful values for their security risks and the components that go into creating their risk, so they can manage their risk based on objective analysis rather than subjective ratings like H/M/L or scores out of 10. I build threat models and VaR models, design actionable risk metrics, calculate RoIs for security proposals, and design risk dashboards for top management.
With the bespoke methods and tools I provide, my clients are able to make objectively informed risk management decisions and build security risk management practices grounded in sound analysis and data.