All my services are custom-designed to suit client requirements. The following examples illustrate the general kinds of assignments I have completed previously ... and I welcome novel challenges along these lines:

  • AI risk and security - identifying, evaluating and treating information risks associated with LLM and other AI-based systems, applications and processes, specifying, documenting and testing controls, providing expert content for expert systems.
     
  • Arbitration - independent, unbiased expert assistance to review, understand, challenge and respond appropriately to IT audit reports, nonconformities, supplier assessments etc. (but NOT legal advice!).
     
  • Audit and assurance such as independent security strategy reviews; data centre & site/installation audits; software development projects audits (whether on, teetering or patently off-the-rails); supplier assessments/audits; ISO 27001 pre-certification audit (readiness check, gap analysis) ...
     
  • Budgeting - assisting clients to prepare, negotiate, review and approve sensible budgets and investment proposals for risk, security and assurance-related operations, management, projects, initiatives etc.
     
  • Business continuity management - are your organisation’s arrangements adequate to get you through a major incident or disaster? Is that just a wishful thinking or do you know things will be OK, for sure?
     
  • Change - being a credible, independent, convincing agent of change, helping clients create and exploit business opportunities to change-for-the-better, developing pragmatic strategies and plans, promoting and guiding execution, measuring success.
     
  • CISO coaching and mentoring - a knowledgeable, trusted colleague lending you an ear and expert guidance based on decades of experience. Also for CIOs, CROs and CEOs needing guidance on information risk and security matters.
     
  • Information risk and security management - strategy, policy and governance; identifying, evaluating and addressing information risks; benchmarking; assurance; business continuity management and resilience.
     
  • Information risk assessment - assistance to identify, evaluate, prioritise and decide how to address information risks.
     
  • Information security controls assessment - which standards, requirements or guidance you’d like to be reviewed or audited against - Cyber Essentials, perhaps, or ISO/IEC 27001/27701, PCI DSS, HIPAA, CSA, your own corporate standards or those of your customers maybe - and to what extent or depth?
     
  • IT installation review - check your physical security arrangements, essential supplies, data centre access and so forth.
     
  • Interim management - a safe pair of hands to hold the reins, stabilise the situation and perhaps assist with the recruitment of a permanent replacement CISO or ISM, or cover for someone on maternity or sickness leave.
     
  • ISO27k consulting - achieve and maintain ISO/IEC 27001 certification with my guidance, from initial planning through implementation support, ISMS management reviews and internal audits, leading to continuous improvement and maturity.
     
  • ISO27k support tools - help to determine your requirements, then survey the market,  evaluate, select and negotiate prices for the most appropriate tools/systems* for your organisation.
  • Policies and procedures - preparing pragmatic policies and procedures plus creative awareness and training content for staff, managers and professionals.
     
  • Post-incident reviews - dispassionately, competently and independently drawing out and evaluating relevant details, developing and elaborating on responses, providing forward-thinking management reports and initiating improvement activities.
     
  • Privacy impact assessments - need some help to review your privacy requirements and controls, dispassionately?  Call me!
     
  • Product specifications and evaluations* - determining the quality and suitability of commercial goods and services in relation to objectives and requirements in the risk and security domain.
     
  • Professional services security - identifying, evaluating and treating information risks associated with the provision and acquisition of professional services such as accountancy, tax and legal advice, consulting ...
     
  • Proposals - researching, preparing and reviewing proposals for information risk and security-related functions, roles, products, systems, apps, projects, initiatives, mergers and acquisitions, changes, investments etc.
     
  • Research studies - in the general area of information risk and security.  EXAMPLE.
     
  • Resilience engineering - establishing requirements, reviewing current capabilities, planning improvements and demonstrating genuine progress in areas such as resilient technology, people and infrastructure, plus the broader business and strategy aspects.
     
  • Risk and security strategy - developing, critiquing and contributing to strategies, approaches and plans relating to information and cyber risk and security.
     
  • Security maturity - benchmarking i.e. reviewing an organisation’s information risk and security situation relative to good practices in the field, recommending and justifying improvements where appropriate.

    I literally wrote the book on metrics
  • Security metrics - developing measurement strategy and designing a suite of metrics to manage information risk and security systematically, effectively and efficiently; auditing, reviewing, evaluating and improving existing metrics.  I literally wrote the book on PRAGMATIC security metrics in conjunction with my good friend and guru Krag Brotby.
     
  • Stress relief - need some help though a difficult busy period, or to take a break for an actual holiday (not on-call)? Call me before it all gets too much.
     
  • Technical documentation - preparation and updating of readable documentation describing IT systems, services, software apps, processes etc., plus training materials, launch packs, technical support guides and more.
     

* I neither supply third-party products nor earn sales commission from suppliers other than the miniscule income from the few books and standards I wrote or recommend.

IsecT’s professional services

Need immediate, potent, spicy advice? Cut straight to the chase with a focused quick-fire session. As little as half an hour may be all you need, blending my expertise in good security practices, auditing, risk and security management, strategies and more with your business knowledge. Email me about your hunger for advice and I’ll craft you a menu of delicious options.

Hot new service
Contact us

Copyright © IsecT Ltd. 2025

Information risk and
security consulting