Cyber Security Consultancy
Independent, principal-led cyber security consultancy spanning strategy, governance, risk, CE/CE+ certification, DevOps security, and AI security advisory. Delivered directly by a Chartered Security Architect — CISSP, PCSP— with 20+ years across Defence, Finance, and general commercial sectors.
Areas of Consultancy
Our consultancy practice covers the full breadth of organisational cyber security, not just compliance. Below are the main areas we work in:
Security Strategy & Governance
Security roadmap development, risk appetite definition, governance framework design, and board-level advisory. Aligned to NCSC CAF, ISO 27001, CIS Controls, or bespoke frameworks appropriate to your organisation’s context and sector.
CE/CE+ Certification Support
Advisory preparation and formal assessment via CB partners. Wayne is a qualified CE+ Lead Assessor (including DCC Level 0) and CE Assessor. See the CE/CE+ Auditor and Lead Assessor pages for full detail.
Risk Assessment & Management
Threat modelling, material risk identification, risk register development, and proportionate control selection. Grounded in commercial reality, not theoretical frameworks. Suitable for regulated organisations, SMBs, and defence supply chain participants.
DevOps & Cloud Security
Security embedded into your software delivery lifecycle and cloud operations. Pipeline hardening, IaC security, container image reviews, SAST/DAST toolchain integration, secrets management, and Azure/cloud configuration assessment aligned to NCSC cloud security guidance and CIS Benchmarks.
AI Security Advisory
Independent advisory on securing AI-enabled systems and managing AI supply chain risk. Governance framework and responsible use policy development, AI risk assessment, and guidance on the emerging EU AI Act and NCSC AI security principles. Appropriate for organisations building, buying, or deploying AI tools.
vCISO / Fractional CISO
Ongoing strategic security leadership on a part-time or retainer basis. Board reporting, incident oversight, supplier assurance, policy ownership, and stakeholder advisory — delivered directly by Wayne. Suitable for organisations without in-house security leadership or bridging a CISO hiring gap.
Sectors We Work In
Defence
MOD supply chain security, CE+ and DCC Level 0 assessments, ICT security policy advice, and supporting primes and sub-contractors with contractual cyber obligations. Familiarity with the defence procurement context and supply chain security requirements.
Finance & FinTech
FCA-regulated firms, FinTechs, and financial services organisations navigating DORA, PCI DSS, ISO 27001, and sector-specific risk obligations. Practical security programme advice that aligns with regulatory expectations without over-engineering.
General Commercial
SMBs, MSPs, professional services firms, and South West England businesses seeking proportionate security advice. CE/CE+ readiness, baseline security improvement, governance frameworks, and accessible senior-level advisory at a scale that makes sense for your organisation.
How We Engage
Engagements are tailored to what you need. Common models include:
Why Independent Matters
- No vendor bias: We have no commercial relationships with technology vendors. Recommendations are based on your needs, not ours
- Principal-led throughout: You work directly with Wayne. No junior hand-off, no account management layer
- Chartered and credentialed: CISSP, PCSP, Chartered (CITP) — the credentials that matter in security, held and maintained to current standard
- Sector experience: Real-world experience across Defence, Financial Services, and general commercial sectors, not just theoretical frameworks
- Outcome-focused: We transfer knowledge and build capability. The goal is to leave you better equipped, not dependent on ongoing consultancy
Discuss Your Security Challenge
Whether you need a specific deliverable, ongoing advisory, or help navigating a compliance requirement — get in touch for an initial conversation about how we can help.