Cyber security advisor: security judgement you can trust
Proportionate protection, not fear-driven overspend. Security judgement that fits the size of your business and the risks that actually matter.
I spent 13 years as a CTO protecting data sensitive enough for law-enforcement agencies, and I’m a certified penetration tester. As your cyber security advisor, that experience means I can tell you plainly where your real risks are, and, just as importantly, which ones aren’t worth losing sleep over.
Where I help
- An honest risk picture. What could actually hurt your business, ranked, not a generic checklist.
- Compliance without the panic. Practical paths through GDPR, ISO 27001 and industry-specific requirements.
- Incident response planning. A clear plan for when something goes wrong, so a bad day doesn’t become a disaster.
- Security by design. Building protection into new systems from the start, where it’s cheapest and most effective.
Why proportionate matters
It’s easy to spend a fortune on security and still be exposed in the places that count. My job is to point you at the risks that genuinely threaten the business and the controls that genuinely reduce them, so your spend does real work.
Advice, plus hands-on help when needed
This is advisory work: strategy, risk and judgement. When you need hands-on delivery, penetration testing, staff awareness training, technical implementation, that can be delivered through my agency FullyCoded, while my advice stays independent.
Frequently Asked Questions
We're a small business, are we really a target?
Yes. Most attacks aren’t targeted; they’re opportunistic and automated. The good news is that proportionate, sensible controls stop the vast majority of them.
Do we need ISO 27001?
Maybe. Sometimes it’s genuinely valuable; sometimes a lighter approach gives you most of the benefit for far less effort. I’ll give you the honest version.
Can you help after a security incident?
Yes. I can help you respond calmly, work out what actually happened, and put sensible measures in place so it’s far less likely to happen again.
How is this different from hiring a security company?
A security company tends to sell you products and services. I give you independent advice on what you actually need first, so you don’t overspend on tools that miss your real risks.
Is using AI a new security risk we should worry about?
It can be, mostly around what data goes into which tools. It’s very manageable with clear rules.