A researcher turned practitioner who reads regulation like a threat model, and builds assurance that holds up under scrutiny.
I sit where academic rigour meets the unglamorous reality of getting an organisation certified, compliant and genuinely more resilient.
I am a cyber security and governance, risk and compliance professional with experience spanning peer-reviewed research, regulatory compliance and industry consultancy. I hold a PhD in information and network security & privacy, and work as both a Lead GRC Consultant and Data Protection Officer.
I work well in time-critical environments, combining analytical depth with practical delivery across security, privacy and resilience programmes. My background includes leading client engagements, building standards-based assurance, and communicating complex technical and regulatory ideas to very different audiences.
Ten peer-reviewed papers on side-channels, IoT safety and traffic analysis. I treat evidence as the product.
vCISO, vISM and DPO engagements across health, finance and industry. I turn frameworks into outcomes.
Appointed DPO providing independent oversight and strategic advice on data protection compliance, ensuring adherence to UK and EU legislation including the GDPR. I lead privacy governance design, implementation and monitoring, covering policies, training, audits and records of processing. I own breach management and incident response, and lead the delivery of DPIAs and DSARs.
Senior consultant within the GRC practice, leading complex client engagements across regulatory compliance, security assurance and risk management. Product owner for Third-Party Risk Management services, providing vCISO and vISM support across healthcare, finance and industrial sectors. I lead successful tender responses across ISO 27001, 27701, 22301, 22237 and 42001, and regulatory frameworks including the GDPR, DORA, NIS 2, the NCSC CAF and NIST CSF.
Delivered GRC consultancy as subject-matter expert on DORA and the NIS 2 Directive. I led engagements covering ISO 27001, 22301 and 27701 across gap analysis, implementation, internal audit and certification support, plus security awareness training, business continuity planning and regulatory readiness across transport, logistics, education, healthcare, manufacturing and finance.
Research on the SECRIOUS project, investigating how new-code and non-traditional entrants engage with cyber security concepts in software engineering. I focused on helping people understand attacks, defences and vulnerabilities, contributing human-centred approaches to security education across cyber security, games research and HCI.
Thesis: Security of Robotic Workflows. Research into the security of robotic, cyber-physical and safety-critical systems, with an emphasis on calibration security and operational privacy. I explored passive side-channel threats, access control and blockchain-based approaches, using machine learning and signal processing.
A strong focus on software development, networking and cyber security. My final-year project designed and built a tool to identify and remediate IoT devices vulnerable to the Mirai malware in real time, with advanced coursework in network security, AI, machine learning and distributed systems.