Independent information security consultant splitting time between Australia, Bali, and Ireland.
25+ years across software engineering, banking, manufacturing, and consulting — from writing code and building systems to leading consulting practices.
Focused on applying systems thinking and engineering discipline to information security, where governance and compliance models are often inefficient and disconnected from the systems and risks they are meant to address.
- Security Risk Assessment — Evaluating security risk posture, identifying control gaps, and producing actionable recommendations
- Security Architecture — Designing and implementing technical security controls that integrate with existing technology stacks
- GRC Engineering — Automating governance, risk, and compliance workflows to replace manual processes with measurable, repeatable systems
- Fractional CISO — Security leadership for organisations that need experienced guidance without a full-time hire
- Startup Advisory — Helping technology startups establish proportionate security foundations early
- IT & Security Transformation — Modernising information technology and security programs to take advantage of current tooling, automation, and engineering practices



