I am a security consultant with over 30 years experience helping companies across all sectors address their cyber security needs, bringing fresh ideas and solutions to every project. I am one of a very small number of security experts able to bring scientific methods and objectivity to the way we approach security and the things we do to manage it. A scientist by training, I understand how to analyse the dynamics that lead to the creation of security risk, and therefore how to address security needs scientifically.
Being more scientific often leads to simple improvements that can bring quick wins. I show clients how to quantify the threats they are under, the effectiveness of their controls, and the security risks they face. I design the methods, tools and processes needed to calculate meaningful values for each of the components that go into creating risk – absolute values as opposed to subjective ratings like H/M/L or scores out of 10. I create and help implement threat models, assessment tools, actionable risk metrics, RoIs for security proposals, and reporting and risk dashboards for top management. And, at the same time, if it is scientific heavy lifting you need, I have the advanced mathematical training to provide that too.
Through the skills I provide, my clients are able to make objectively-informed risk management decisions and build security risk management practices grounded in analysis and data.