Insights
Perspectives on security, resilience & transformation.
The themes shaping how boards and executive teams should think about cyber risk, technology, and change. Full articles published on LinkedIn.
Focus themes
What I write and speak about.
Translating the frontier of cybersecurity and technology into board-level strategy.
Cyber Resilience by Design
Building organisations that withstand, respond to, and recover from cyber disruption โ beyond compliance, towards true operational resilience.
AI Strategy & Governance
Adopting AI responsibly: governance, risk, and the controls that let enterprises capture value without losing control.
Board-Level Cyber
Reporting cyber risk in the language of the board โ connecting security investment to enterprise value and confidence.
Regulation & Compliance
Turning regulatory obligation into competitive advantage across financial services and critical infrastructure.
Enterprise Transformation
Operating-model change, M&A integration, and modernisation delivered without compromising security.
Cloud & Modernisation
Modernising legacy estates and adopting cloud with security and resilience engineered in from the start.
Selected articles & commentary
Published perspectives.
Commentary on the strategic and regulatory issues shaping board-level technology decisions across the UK and internationally.
UK Cyber Security & Resilience Bill
Analysis of what the forthcoming UK legislation means for CISO accountability, supply chain security, and board governance obligations in regulated sectors.
Regulatory Strategy ยท Board Governance
AI Governance: From Policy to Practice
How organisations move from regulatory compliance to genuine AI governance โ building the controls, accountability structures, and board visibility that the EU AI Act and ISO 42001 demand.
AI Governance ยท EU AI Act ยท ISO 42001
Board Cyber Liability: The Shifting Landscape
As DORA, NIS2, and cyber disclosure obligations come into force, individual director liability for cyber failures is no longer theoretical. What boards need to understand now.
Board Risk ยท DORA ยท NIS2
Post-Quantum Cryptography: A Board Briefing
Why the quantum threat to current encryption is not a distant horizon โ and the steps boards and CISOs should be taking today to assess exposure and begin migration planning.
Quantum Risk ยท Emerging Threat ยท NIST PQC
Operational Resilience vs Cyber Resilience
Understanding the distinction โ and the overlap โ between operational resilience frameworks and cyber resilience programmes, and how CISOs should brief boards on both.
Operational Resilience ยท DORA ยท NIST CSF
The AI Copyright & IP Challenge for Enterprises
How organisations deploying generative AI face emerging intellectual property risks โ and the governance framework senior leaders need to protect their organisations.
AI Risk ยท IP Governance ยท Responsible AI
Current perspectives
The issues that demand board attention now.
Where strategy, regulation, and technology converge โ and what leadership teams need to act on.
UK Cyber Security & Resilience Bill
The forthcoming legislation will significantly expand the scope of regulated entities and tighten incident reporting obligations. CISOs and boards need to map their exposure now โ before the regulatory clock starts.
EU AI Act: Compliance is Just the Floor
Most organisations are focused on mapping systems to risk tiers. The harder question โ and the one that creates competitive advantage โ is how to build AI governance that improves decision quality, not just audit outcomes.
Post-Quantum: Start the Migration Conversation
NIST's PQC standards are finalised. Cryptographically Relevant Quantum Computers remain years away โ but data harvested today will be vulnerable when they arrive. The migration window is now.
DORA & NIS2: Beyond Checkbox Compliance
Financial entities and critical infrastructure operators are inside the DORA compliance period. Organisations treating this as a controls refresh โ rather than a governance transformation โ are underestimating their exposure.
Media & speaking
A trusted voice for boards, conferences & media.
Available for keynotes, panels, executive briefings, and media commentary on the issues reshaping enterprise risk.
Keynotes & conferences
Keynote and panel speaking on cybersecurity strategy, AI governance, operational resilience, and post-quantum readiness โ translating complex risk into board-ready insight.
Board & executive briefings
Closed-door briefings for boards, audit & risk committees, and executive teams on emerging threats and the decisions they demand.
Media commentary
Commentary and thought leadership on cyber, AI, and quantum risk for industry and mainstream media.
Organisations don't lose systems first. They lose decision authority โ and then everything else follows. Security leadership exists to keep the board in command.
Follow along
Read the full perspectives.
Articles, commentary, and updates are published on LinkedIn.