Security Consulting

Security Architecture Review

I review your existing security architecture and identify what's working, what's missing, and where the actual risk sits. This includes threat modelling for new features or systems, evaluating existing security controls, and assessing whether your risk assumptions still hold. The output is a prioritised list of issues with concrete recommendations — not a generic checklist.

Standards and Policy

Help adopting security standards (OWASP ASVS, NIST, ISO 27001) in a way that fits your organisation's size and maturity. I work with your team to develop security policies, define secure development guidelines, and build processes that people actually follow. If you need compliance guidance for a specific framework, I can help scope what's required versus what's nice-to-have.

Security Training

Training tailored to your stack and your team's skill level. This can range from secure coding workshops for developers to security awareness sessions for non-technical staff. I focus on practical examples from real vulnerabilities rather than abstract theory — the goal is behaviour change, not checkbox compliance.

Incident Response Planning

I help teams build incident response plans before they need them. This covers defining roles and escalation paths, writing playbooks for common scenarios (data breach, compromised credentials, supply chain incident), and running tabletop exercises so your team knows what to do when something breaks.