I work on cybersecurity risk in industry and energy environments, where downtime means safety incidents and production losses.
Focus areas
Security programme design for industrial and energy environments. Project security architecture through buy-build-run lifecycle. Security governance that drives decisions, not documentation.
15+ years in information security and cybersecurity governance at enterprise scale across international industry and energy operations.
Featured content
Latest from the blog
Risk appetite is not where you think it is Most organisations confuse risk appetite with risk tolerance. Between the two sits governance, and almost nobody manages that gap. 10 April 2026
Business-aligned security in major projects Projects make better decisions when security is aligned from the start. The system security concept, mapped to buy-build-run phases, turns security from a late-stage constraint into a business input. 3 April 2026
The OTI Score Needs a Partner: Organisational Resilience Dale Peterson’s OTI Impact Score addresses the industry signal problem. The partner it needs is organisational resilience, the ability to coordinate internally before communicating externally. 10 March 2026
The ISMS beyond the certificate Every organisation has an ISMS. Most of them don’t have a management system. Why the compliance model no longer satisfies, and what a functioning ISMS actually looks like. 3 March 2026
Response to Dale Peterson: Asset Inventory Isn’t Premature Consensus, It’s Operational Necessity Dale Peterson asks where the evidence is that OT asset inventory reduces incidents. From building a global OT security programme across 40+ manufacturing sites, here are the answers. 2 March 2026
Portfolio highlights
The ISMS beyond the certificate, why most organisations have an ISMS but not a management system, and what changes when compliance is no longer enough.
Core ISMS capabilities framework, a capability model covering governance, risk, controls, operations, and measurement within an ISMS.
System security concepts (7 articles) A methodology for implementing systematic security documentation within ISMS frameworks.
- The foundation of security governance, what security concepts are, stakeholder perspectives, and early planning principles
- Core components, how architectural choices transform threats across SaaS, cloud, and on-premise environments
- Control selection and security frameworks, proportionate response using ISO 27001/27002, NIST, IEC 62443, and CIS Controls
Capability sections covering Risk Management, Governance, Policy and Guidelines, Instructions, Communication, Controls, and Assurance are in development.
Research & publications
Technical writing and analysis on security frameworks and risk quantification.
Get in touch
For conversations about security governance, architecture, or risk in industry and energy — here’s how to reach me.
This site is built with Quartz and published under CC BY 4.0.