About Me
I work at the intersection of enterprise architecture and security leadership, designing and transforming the capabilities, operating models, and functions that organisations need to be genuinely secure, not just compliant.
With over 30 years of experience across critical national infrastructure, financial services, central government, and regulated industries, my work has moved beyond pure security architecture into the broader Enterprise Architecture space: value chain modelling, operating model design, systems landscape analysis, and the organisational work that turns good architecture into lasting institutional capability.
Recent engagements include building and implementing an Enterprise Security Architecture capability within a major government infrastructure organisation, with 21 ESA business capabilities delivered end-to-end; redesigning the CISO operating model for a major national transport integration programme to consolidate a fragmented security function; and facilitating strategic security direction at CTO, CISO, and CIO level across the transport sector, working as a neutral, trusted advisor across multiple independent organisations simultaneously.
I hold SABSA Foundation certification and have completed SABSA Advanced training. I have also trained in TOGAF 9.2 and ArchiMate. I am an active contributor to the SABSA Institute, working on the Security Services Catalogue, Security Attributes, and ArchiMate modelling working groups. I present regularly at COSAC, the leading enterprise security architecture conference, and recently co-authored Governance, Risk and Compliance: Demystifying the Risk and Data Privacy Landscape with Dr Mike Brass.
I am also developing AI-based tools to help security architects and consultants deliver better work faster, and building a security architecture course designed to bring genuine EA rigour into what is still, too often, an under-professionalised discipline.
I am interested in connecting with fellow practitioners, security and architecture leaders, and organisations facing complex security transformation challenges, particularly in regulated environments, critical national infrastructure, and multi-body programmes where political and organisational complexity is as much of the problem as the technical one.