Frequently Asked Questions

Independent Consultant: Strategic guidance on cybersecurity strategy, roadmaps, risk assessment, governance, third-party risk, and incident preparedness. Ideal for organizations looking to develop or refine their security posture.

CE/CE+ Auditor: Independent assessment and validation of conformity evaluation processes. We audit your controls, compliance frameworks, and security practices against established standards.

CE+ Lead Assessor: Principal-led assessments for certification bodies. We evaluate organizations seeking EU CE+ certification and provide sign-off for assessment programmes.

This service suits organisations of any size looking to:

• Develop or refresh a cybersecurity strategy
• Understand their current risk profile
• Build a compliance roadmap
• Prepare for incident response
• Implement zero trust or modern security controls
• Get board-level cybersecurity guidance (interim vCISO)

Engagement length depends on scope. Examples:

• Quick assessment: 2-4 weeks
• Strategy development: 6-12 weeks
• Full audit/assessment: 8-16 weeks
• Interim vCISO: Flexible (months to years, part- or full-time)

We'll define timelines during your initial consultation.

Our standard engagement flow is:

• Discovery: We understand your goals, current state, and constraints
• Assessment: We evaluate your security posture against relevant frameworks
• Analysis & Strategy: We develop actionable recommendations
• Implementation Support: We guide control selection and deployment (optional)
• Validation: We verify improvements and assess regulatory alignment

Both. As an independent consultant, I provide strategic guidance and can support implementation of controls and security technologies. However, my primary role is advising and validating—your team or system integrators handle day-to-day implementation work.

I work with organizations across the spectrum—from SMBs (10-100 staff) to mid-market enterprises. My experience spans regulated sectors (Financial Services, Healthcare), growth companies, and organizations building compliance programmes. Each engagement is tailored to your size, maturity, and risk profile.

Yes. I provide interim CISO services for organizations needing full-time or part-time strategic security leadership. This includes board reporting, incident oversight, vendor management, and strategy execution. Engagements are flexible—short-term (3-12 months while you hire) or longer-term fractional leadership.

I have experience across major frameworks including:

• NIST Cybersecurity Framework
• ISO/IEC 27001 (Information Security Management)
• GDPR (and UK Data Protection Act 2018)
• HIPAA (Healthcare)
• PCI DSS (Payment Card Industry)
• CIS Controls
• COBIT (Governance)
• Zero Trust Architecture
• CE+ Certification Frameworks

I provide independent assessments against these frameworks. While I'm not a formal ISO auditor, I evaluate your alignment and readiness for formal audits. For complete ISO 27001 certification audits, I recommend engaging a certified audit body—but I can prepare you and validate readiness.

Absolutely. I conduct pre-audit assessments to identify gaps, recommend remediation, and prepare your team for formal audits. This reduces surprises and improves audit outcomes. It's a proactive approach many organizations find valuable.

Pricing varies based on scope, size, and complexity. Options include:

• Day rate: For shorter engagements or ad-hoc support
• Fixed project fee: For defined scope (assessments, strategy, etc.)
• Retainer: For ongoing advisory or interim leadership

Contact me for a discussion—I'll provide a tailored quote after understanding your needs.

Simple:

• Email [email protected] with a brief description of your challenges
• Call +44 (0)7813 051144 for a quick conversation
• We'll schedule an initial consultation to understand your needs, agree on scope, and discuss next steps