A small set of capabilities, delivered well.
Six engagements. One principal. No juniors, no offshoring, no upsell. Each one designed to leave your organisation stronger, your auditors quieter, and your board better informed.
01
Fractional CISO
A senior CISO on a retained basis, embedded into your leadership team. We own your security programme, report to your board, and drive outcomes without the overhead of a permanent hire.
ExCoBoard reportingProgramme ownership
→
02
Control Assurance
Independent testing and assurance across your control environment. We assess what you have, identify the gaps that matter, and give you a clear picture of where you actually stand.
IndependentRisk-ratedAudit-ready
→
03
Security Strategy
A strategy your board can act on, not a document that sits on a shelf. Roadmaps, operating models, and risk reporting that translate technical reality into business decisions.
3-year roadmapOperating modelInvestment case
→
04
Architecture Review
Zero-trust design, access control, cryptographic posture, and cloud-native security assessed against the threat landscape you actually face. Fresh eyes, actionable findings.
Zero-trustPQC postureCloud-native
→
05
AI Enablement
Two sides of the same conversation. We advise boards on becoming AI-ready — governing the technology safely, lawfully, and at the pace your business demands. And we deploy AI inside your security function to optimise operations, fast-track tooling implementation, reduce investment cost, and compress the time to control maturity.
AI governanceTooling accelerationCost reductionControl maturity
→
06
Advisory & Coaching
Peer-level counsel for boards, executives, and security leaders navigating complex decisions. We engage at the level your challenge demands — from the boardroom to the team beneath you.
Boardroom1:1 CISO coachingVendor calls
→
07
Compliance Programmes
Compliance that protects your organisation, not just ticks boxes. We design and deliver against DORA, NIS2, ISO 27001, and sector-specific frameworks, keeping your business as the focus throughout.
DORANCSC CAFISO 27001 / 42001NIST CSF 2.0NIST 800-53 r5NIST AI RMFSOC 2PCI DSS 4.0CIS v8SC Cleared
→
§ Engagement
Three commercial models, chosen by you.
| Model | Best for | Cadence | Reporting | Indicative |
|---|---|---|---|---|
| ◈Retained | An ongoing CISO relationship — board accountability, programme ownership, regulator-facing. | Weekly contact, monthly cycle | CEO · ExCo · Board | TBC |
| ◇Project | A defined outcome: strategy, assurance, architecture, or regulatory readiness. | 4–16 weeks · weekly steer | Sponsor · steering committee | TBC |
| ○Advisory | Senior counsel on demand for boards and executives — quietly, confidentially. | Same-week, on call | Your eyes only | TBC |