I enable my clients to benefit from using a scientific, analytical approach to managing security risks.
For many years, managing security risk has revolved around the use of Best Practices. Best Practices work, but only up to a point. They are generic and always need to be customised. They are slow to respond to changes in the threat environment and technology practices, and their benefits are hard to quantify.
A scientific, analytical approach, on the other hand, creates a concrete foundation for understanding and managing security risk.
We couldn’t run a modern health service without the aid of medical science.
Or build a modern bridge without the aid of structural engineering tools.
And we don't have to continue trying to protect technology-based businesses using only non-scientific security practices.
Scientific methods enable us to build the practices and tools a modern security function requires.
I have grouped the things I do into the three sections below. However, these are only overviews so if there is help you need and you are unclear from these descriptions if I can provide that help, please get in touch and we can discuss.