Systems architecture

I help organisations design their systems so that they not only function properly, but also make logical sense in relation to what the organisation actually needs. That means looking at processes, structures, and responsibilities, both at a high level and in the detail. It's about more than just technical choices: how does the architecture support the business, how does it fit within legal and compliance frameworks, and how do we ensure that everything works together rather than against each other. I start from what’s already there, ask questions, make connections, and help teams understand where the bottlenecks and opportunities lie. The result is a system that is not only secure and reliable, but also genuinely usable and manageable for the people working with it.

Security consulting

I help teams think through hard security problems that don't have an obvious answer. This might be an architecture review when something just doesn't feel right. It might be an incident retrospective designed to surface what went wrong and why. Or it could be a risk assessment that looks beyond the compliance checklist to what could, and is likely to, actually hurt you. I start with real security first, the stuff that actually protects you and those that depend on you. When you get that right, compliance tends to become much easier anyway. I don't come in with a pre-packaged methodology. I look at what you have, ask a lot of questions, and help you figure out what needs to happen next.

Training and coaching

I work with security professionals, architects, and team leads through hands-on training and one-on-one coaching. In group sessions, participants tackle exercises based on real attack patterns and incidents, working through problems, hitting genuine obstacles, and figuring out together how to handle them. The topics can be deeply technical, like Linux security or threat modelling, or more about process, like incident response and security architecture. In one-on-one coaching, we go deeper into tricky technical issues, architecture challenges, or navigating the organisational side of the job (the politics and pressure) without losing your grip. Each session, whether group or individual, is tailored to what you need to get better at, turning practical exercises and discussion into actionable insight.

Simulations and exercises

If you need to know whether your incident response actually works when it matters, I build and run realistic security exercises. These are simulations where people get a little uncomfortable, make mistakes, and learn what really breaks when the pressure goes up. They are based on threats you actually face, tailored to your specific environment, and debriefed in a way that turns failure into something genuinely useful.

For a change

I teach mathematics and biology from time to time. On the surface it looks different, but underneath it touches the same things: patterns, systems, and working with people. I do it because I enjoy contributing to learning environments that are motivating, accessible, and as well suited as possible to individual differences. Whether that's in a classroom or a training/coaching/consulting session, the question is the same: how do you help someone really learn something?