Why Use Me


I am an Information Security, Risk and Governance Specialist.

Heavily involved in information security and risk solutions for the last 17 years in the UK, US and throughout Europe. Extensive experience in Enterprise Risk and Security, from a deep technical grounding in application, network and platform security, as well as over 12 years working with global and UK banking clients, government departments, energy, telecoms and other organisations, helping them identify, evaluate and mitigate information risks from a business and governance perspective.

Key roles in integration programmes, aligning security policies and business risk appetites across divisions in order to provide pragmatic security solutions, including global attack & penetration engagements, privacy and security assessments, incident response, fraud and forensic investigations, risk frameworks and security development pathways.


Community Roles


I am enthusiastic about leading industry in security improvement - and my current roles help me provide guidance to the community:

  • Previously Chairman, now Deputy Chairman of the Institute of Information Security Professionals
  • Past President of ISACA Scotland
  • Mensa Security SIG Secretary
  • Full Member of the IISP (M.Inst.ISP)
  • Security mentor and evangelist
  • Moderator of the Security, Music, Parenting, Outdoors, Video Production, Sound Design and Personal Productivity Stack Exchange sites and Administrator for the Security Stack Exchange Blog
  • Member of 2535 (Livingston) Squadron Air Cadets Civilian Committee
  • Contributor to the Open Web Application Security Project (OWASP) and to the Penetration Testing Execution Standard (PTES)
  • EC Council Certified Chief Information Security Officer (C|CISO)
  • ISACA Certified Information Security Manager (CISM)
  • ISACA Certified in Risk and Information Systems Controls (CRISC)

  • I have also been a member of the Standards and Operations Committees for the Council of Registered Ethical Security Testers (CREST), an ISC2 Certified Information Systems Security Professional (CISSP) and a CLAS Consultant.


In The News