Portfolio
Core offerings
I support tech teams and mission-led organisations with strategic security, scenario-driven facilitation, and grounded resilience-building. My work blends systems thinking with deep technical insight, favouring practical outcomes over theatre.
| Area | What I do | Who benefits |
|---|---|---|
| Threat modelling | Guided sessions to map attacker goals, identify weak spots, and design proportionate defences. Risk first, tooling second. | Founders, architects |
| Labs & workshops | Drills, red/blue roleplay, and real-world scenarios that build confidence in security incident handling and response planning. | Developers, ops teams |
| Facilitation | From retrospective sessions to strategic offsites and scenario planning, I help teams think clearly and adapt without panic. | Leadership & scaling teams |
| Digital safety | Security that fits smaller orgs: low-cost deployments, plain-language training, and human-centred risk reduction strategies. | Founders, volunteers, advocates |
Focus areas
Threat modelling & risk-driven architecture
I help teams think like attackers — then act like adults. Through collaborative modelling sessions, I support critical decisions around architecture, trade-offs, and defensive priorities. Minimal jargon. No AI panics. No Big Tech overkill.
- Cloud-on-prem vs Big Tech: The cloud isn’t just infrastructure—it’s a power structure. Choose yours with both eyes open.
- No AI panics: Some wyrd takes on AI
Hands-on security labs & workshops
I design training that sticks. This includes role-based exercises, attack simulations, and decision drills that reveal blind spots and test assumptions. Sessions are always tailored — never off-the-shelf — and support teams at any stage.
- Raising security awareness: Wisdom comes from experience. Experience is often a result of lack of wisdom.
- A wolverine’s guide to controlled carnage: Where educational value meets ‘oh god, they actually did that’ (under construction).
Organisational resilience & facilitation
Using methods grounded in systems thinking and Satir-based development, I work with leadership to navigate complexity, improve decision-making, and sustain healthy, adaptable structures. This includes retrospectives, strategy support, and future-scenario planning.
- The art of pretending we know what’s coming: A scenario planning from 2013. Revisited in 2022 and added the observable misery.
- The BRICS+ series (2025): Where scenario planning play defuses panic. No race to oblivion please.
- United we stand (or at least, we should): Building messy, durable, dynamic unity is one of the most radical acts available to us.
Digital safety for grassroots and nonprofits
Security support should be accessible, not extractive. I build practical, long-term solutions for advocacy networks, shelters, and volunteer teams. This includes private SIEM setups, safer communication strategies, and support for projects like:
- PowerOn — Digital safety for survivors of partner abuse (under construction, temp. domain name).
- Digital Defence @ Home — Foundational practices for small organisations.
- Privacy Greenhouse — Plain-language risk exploration and privacy tooling for everyday use.
Approach
My work is grounded, iterative, and focused on what actually helps people make better security decisions. Whether the challenge is technical, organisational, or behavioural — I’ll help you ask sharper questions, design clearer responses, and avoid the usual hype.