I help my clients adopt a more scientific, analytical approach to managing their security risks, and to benefit from doing so.
For many years, managing security risk has revolved around the use of Best Practices. Best Practices work, but only up to a point. They are generic and always need to be customised. They are slow to respond to changes in the threat environment and technology practices, and their benefits are hard to quantify.
A scientific, analytical approach, on the other hand, creates a much firmer foundation, not only for understanding security risk but for managing it too.
We couldn’t run a modern health service without the aid of medical science.
Or build a modern bridge without the aid of structural engineering tools.
And we don't have to continue trying to protect technology-based businesses using only ungrounded security practices and methods.
Scientific/analytic methods enable us to build the more objective and more focussed practices and tools a modern security function requires.
I have grouped the ways I can help into the three sections below. I have tried to explain my core capabilities, and in each area give some ideas for how you could build on these to improve how you protect your assets against security threats. However, these are only a small number of examples, so if you have particular goals or needs and would like to know how I can be of help, please get in touch using the contact details at the top of this page.