My Services

I would love to support you with your Cybersecurity + Resilience challenges. If you’re currently dealing with a topic that is not part of my portfolio, feel free to reach out anyway, I have a strong network of solo consultants and consulting firms that may be able to help you out.

Cybersecurity Assessments, Strategy + Governance

I can help you improve or entirely reshape your cybersecurity strategy and governance approach. This includes:

  • Cybersecurity Assessments: I will conduct an assessment on your entire Cybersecurity program or on individual capabilities to identify potential for improvement. I will support you in keeping up with threat actor evolution, regulatory compliance, as well as changes in your business model.

  • Cybersecurity Strategy: Connected with a previous assessment, I will support you in developing the long-term plan for improving your Cybersecurity program. This includes managing the change program to meet the newly defined targets.

  • Governance, Risk & Compliance: I help you tackle the most important GRC challenges, which include the development of industry-leading Third-Party Risk Management programs, improving GRC processes through automation and analytics, as well as getting your organization ready for new regulations, such as DORA and NIS2. I also have deep expertise in Governance of modern Cloud-native technologies and DevOps processes.

Cybersecurity Economics + M&A

Cybersecurity has matured over the past couple of years and CISOs are more and more required to prove the economic value they add with their budget. I have expertise in several areas that can help you deliver on that promise:

  • Cyber Risk Quantification: I help you go beyond established but complex CRQ practices. I aim to help you showcase the most important and defensible aspect of CRQ - explaining the potential impact of Cyber Incidents to your stakeholders and Board of Management

  • Cybersecurity in M&A: I can support you with the Cybersecurity challenges during all phases of the M&A lifecycle - from acquisition target identification to the successful completion of a secure post-merger integration

  • Cybersecurity Budget validation and optimization: Connected with my risk quantification offering, I can support you in analyzing your current security budget, identifying improvement potential, as well as implement change programs in your operating model and architecture to realize the most savings, while simultaneously ensuring the continued protection of your organization.

DevSecOps, Product Security and Cloud Security Strategy

As more and more companies become technology companies, Product and Cloud Security become increasingly critical capabilities to keep up with growing and accelerating technology organization. I want to support you in building a scalable Product Security (or DevSecOps) function that keeps your organization secure, while not slowing down:

  • DevSecOps / Product Security Program: I can support you in building a product security program that is aligned with the DevOps and Site Reliability Engineering evolution of your engineering organization. I will help you tackle the cultural and technological changes that need to take place in both teams to ensure your digital products can be deployed as fast as your business requires without compromising on security.

  • Cloud Security Program: I will help you build a Cloud Security function that considers all relevant cloud security capabilities. From management of insecure configurations, to threat detection in the cloud. This includes not just technological changes but just as much the training and development of your existing staff to understand how to secure the fundamentally different world of cloud-native technology.

  • Cloud Governance and Compliance: I have extensive experience in building Cloud Governance programs that ensure modern Cloud-native technology and DevOps/GitOps processes are successfully governed. This will ensure your Cloud transformation is not just executed securely but will also meet your regulatory obligations and is explainable to auditors. Cloud technology allows you to get even greater transparency and control over your assets - with the right approach, Cloud governance can almost happen automatically.

Enterprise Resilience + Crisis Management

Enterprise Resilience has evolved from its roots in guards, gates and guns (Corporate Security). Following multiple global crises in succession that affect supply chains and businesses in all sectors, most companies are building Resilience functions that enable the organization to continue thriving in this poly-crisis environment. I can help you evolve these capabilities and break the boundaries to other related functions, such as Cybersecurity and IT Operations:

  • Crisis Management Program: I help you develop the operating model, plans and tools to manage any disruptive event your organization faces. Additionally, I can help you train and exercise your crisis organization to avoid just starting to learn crisis management when your organization’s existence is at stake during a real crisis.

  • Enterprise Resilience Program: Beyond only crisis management, I can support you in setting up a full Enterprise Resilience capability that is ready to keep up with the accelerating changes in your environment. This includes improvements to your Business and IT Service Continuity Management, Site Security, as well as Executive, Expat and Event Security capabilities.

Virtual + Interim CISO

Many companies do not yet have the size to justify a full-time Chief Information Security Officer. At the same, demanding enterprise customers, regulators or investors expect that cyber risks are professionally handled.

Instead of pushing security responsibilities to your CTO or someone else in your organization that distracts them from meeting your growth targets, I can take over the strategic steering of your security objectives.

I understand the start-up spirit and will help you by:

  • Setting up a lean security program that deals with the most important security risks you face

  • Support you during interactions with enterprise customers, regulators and investors to provide the necessary assurance that their concerns are met

  • Take care of the more mundane security tasks that keep you from scaling, such as documentation, vulnerability management operations and risk management operations