I am a security consultant with over 30 years experience helping blue chip companies address their cyber security needs. What makes my consultancy services different is the scientific approach I bring to my work. A physicist by training, I understand the dynamics behind security risk and how to address security risk scientifically and analytically.
I work with my clients to help them quantify the threats they are under, the effectiveness of their controls, and the security risks they face. I design the tools and processes they need to generate meaningful results for security risks and for each of the components that go into creating risk – showing them how to derive objectively-sourced absolute values rather than having to work with subjectively-formed relative ratings such as H/M/L or scores out of 10. I build threat models, design actionable risk metrics, calculate RoIs for security proposals, and design risk dashboards for top management.
With the bespoke methods and tools I provide, my clients are able to make informed evidence-based risk management decisions and build security risk management practices grounded in sound analysis and hard data.