Building and delivering enterprise security.

Background

Most of my career has been spent inside the organisations that I now advise — running incident response & security operations, building detection and research capabilities, and guiding executive management.

I've built multiple high-performance 24/7 SOC and incident response services from the ground up, and led several SOC 2 Type II certification programmes to successful completion.

Organisations I work with are typically subject to DORA, NIS-2, and BSI IT-Grundschutz requirements. Frameworks including ISO 27001 and NIST CSF inform my approach. From experience I treat these frameworks as tools rather than destinations — compliance alone does not make an organisation secure.

Areas of practice

• Security programme governance, metrics, and board advisory
• Cyber defence strategy, target operating model design, threat intelligence and SOC maturity
• M&A security reviews and third-party assurance
• Incident readiness & response, crisis support, and post-incident hardening
• Security research, detection engineering, and AI-augmented process automation

Each area delivers actionable plans, implementation priorities, and objective criteria for measuring improvement.

Consulting engagements have included: Snowy Hydro, Nidera Handelscompagnie, Royal Schiphol Group, Dutch National Police Service, the John Lewis Partnership, Saudi Aramco and several Australian government agencies.

Certification & Education

• CISSP — Certified Information Systems Security Professional (2002)
• ISSAP^* — Information Systems Security Architecture Professional (2012)
• CISM — Certified Information Security Manager (2020)
• Master of Information Technology — Charles Sturt University, Australia (2007)

Languages

• English (native)
• Dutch (C1)
• German (B1)