Security is not something you install and forget. It is a property of a system under stress. My work focuses on shaping systems, technical and human, so that this property is tested, stressed, and understood when assumptions fail.

Four decades across telecommunications, research, startups, and human rights defence have taught me a simple lesson. Failure is rarely surprising. It accumulates quietly in hand-offs, untested plans, and responsibilities that everyone assumes belong to someone else.

I do not sell reassurance. I build resilience. That means turning policy into decisions, threat models into shared understanding, and incident response into something that has been rehearsed rather than admired on paper. When I design a role-play or a simulator, it is not a performance. It is a safety inspection of how your organisation actually reacts.

I work with organisations for whom failure carries real consequences. Shelters, NGOs, infrastructure operators, and teams handling sensitive or contested data. In these environments, vendor theatre and compliance box-ticking offer little comfort. What matters is what still functions when systems are overloaded, time is short, and information is incomplete.

The safest city on Disc World, Ankh-Morpork, is not protected by heroic guards. It survives because its Watch and Dept. of Silent Stability understand the city’s peculiar, compromised, and occasionally absurd machinery well enough to keep it running. Until now. My approach is much the same. Understand the real machinery, people, processes, and technology as they actually exist, then reinforce it without pretending it was elegant to begin with.

In a field that often rewards intrusion, I value boundaries. The biography that matters is the work itself. What you build, what you choose to defend, and which principles you refuse to trade away when pressure mounts. Everything else is incidental.