What I Do

I help organisations build secure, resilient cloud platforms that don’t slow down engineering.

Core Areas

Cloud Security Architecture

Designing secure cloud and platform foundations in regulated environments — identity-driven, zero-trust, and operationally resilient.

DevSecOps Integration

Embedding security guardrails into CI/CD pipelines without creating bottlenecks. Automation, policy-as-code, and infrastructure-as-code.

Regulatory & Compliance Engineering

Translating regulatory requirements (DORA, SOC2, ISO27001) into practical technical controls that teams can actually maintain.

Security Culture & Enablement

Building security practices that reduce friction, eliminate security theatre, and make secure practices the default path.

Approach

I work with organisations that understand security needs to be built in, not bolted on.

Typical engagements involve:

• Architecture review and design for cloud security posture
• DevSecOps pipeline and tooling implementation
• Policy-as-code and automated compliance frameworks
• Security team enablement and upskilling
• Incident response and operational resilience planning

If you’re looking for help in any of these areas, get in touch.