About
Security, for me, started through the wires, not the paperwork. My early
career was spent running security infrastructure for a global telco -
hundreds of devices, real traffic, real consequences - before moving
into technical presales, leading teams of security engineers, and the
hands-on sysadmin work in between. That foundation is the reason I can
tell the difference between a control that works and one that just looks
reassuring on paper.
Since then I've built security in places that couldn't be more different.
At an automotive group, that meant training mechanics and managers across
every dealership - people who had never thought about information security
and didn't particularly want to. At a blockchain startup, it meant being
the person responsible when there were hundreds of millions in assets on
the line and no playbook to follow. The common thread: security only works
when it's built for the people who actually have to live with it.
These days a couple of things spark my interest: the wave of new EU
and UK regulation that most companies aren't ready for, and AI
governance -
because organisations are adopting AI far faster than they're thinking
about how to control it. I tend to show up early to these things. I was
working in crypto security when the rules were still being made up; AI
feels like the same moment.
Some of the work I'm proudest of never paid anything: teaching security
basics through nonprofits, helping graduates figure out their next step,
talks on everything from the dark web to the fundamentals.
Good security is invisible when it's working. My job is to build the kind
that protects you without getting in your way.
Working remotely across the EU and UK markets.
