Portfolio

Professional projects, published thought leadership, and work samples demonstrating expertise in security architecture, governance frameworks, and organisational risk management.

System Security Concepts Article Series

A comprehensive 7-article series on implementing systematic security documentation within Information Security Management Systems (ISMS). Published January 2026.

Series Overview: ~19,000 words providing strategic and tactical guidance on security concepts as the foundation of security governance, targeting CISOs, Security Architects, and Enterprise Architects.

Articles

1. The Foundation of Security Governance (~2,750 words)

   • What security concepts are and why they matter
   • Stakeholder perspectives and ISMS integration
   • Ownership models and early planning principles
   • Target audience: CISOs, Security Directors, Enterprise Architects

2. Core Components: What Makes a Security Concept Effective (~3,250 words)

   • System context, threat modelling, and risk assessment
   • How architectural choices transform threats (SaaS vs Cloud vs On-Premise)
   • Control responsibility matrices across different architectures
   • Target audience: Security Architects, System Architects

3. Control Selection and Security Frameworks (~2,980 words)

   • Proportionate response and framework-based control selection
   • ISO 27001/27002, NIST CSF/800-53, IEC 62443, CIS Controls
   • Building organisational control libraries
   • Target audience: Security Architects, CISOs, Security Governance

4. The Living Document: Lifecycle and Change Management (~2,450 words)

   • Lifecycle integration and project planning
   • Change management integration
   • Threat landscape updates and maintenance triggers
   • Target audience: Security Architects, System Architects, Change/Project Managers

5. Enterprise Security Capabilities: The Integration Challenge (~2,450 words)

   • Documenting IAM, SIEM, vulnerability management, and data protection integration
   • Portfolio visibility through stacked security concepts
   • Control inheritance models
   • Target audience: Security Architects, Enterprise Architects, CISOs

6. Access Control and Data Protection: Getting the Details Right (~2,350 words)

   • Authentication requirements, RBAC implementation patterns
   • Data classification and encryption specifications
   • Key management and monitoring requirements
   • Target audience: Security Architects, System Architects, Technical Security Specialists

7. Implementation Guide: Templates, Tools, and Getting Started (~2,850 words)

   • Document structure templates
   • Pilot system selection and rollout planning
   • Organisational models and success patterns
   • Target audience: Security Architects, System Architects, CISOs, Security Leaders

Key Themes

• Architecture-agnostic process, architecture-specific analysis: Security concepts apply regardless of technology choices, but analysis must address actual architectural decisions
• Early planning essential: Security concepts created at project inception enable proper resourcing and timing
• Proportionate response: Control intensity scales with system criticality and threat landscape
• Enterprise integration: Document how systems leverage existing capabilities rather than reinventing controls

Additional portfolio materials and project case studies to be added.