Services

I help organizations become secure, resilient, and compliant through advisory, audits, certification activities, and advanced training – across IT, OT, and cloud environments.

Whether you are building a security program from scratch, preparing for certification, or responding to complex cyber risks, we can tailor an engagement that fits your context, maturity level, and regulatory landscape.

Advisory & vCISO

Cybersecurity & GRC Advisory

Strategic guidance for boards, executives, CISOs, and security leaders who need a trusted partner to design and steer their cybersecurity and compliance roadmap.

  • vCISO and cybersecurity leadership advisory
  • Cybersecurity strategy, governance, and operating model design
  • Risk management (ISO 27005 / NIST 800-30) and cyber risk scenarios
  • Regulatory and framework alignment (RNSI, NIS2/DORA-like requirements, sectoral rules)
  • Program & portfolio steering for SecOps and GRC initiatives
Audits & Assessments

Independent Security Assessments

Risk-based, evidence-driven evaluations of your security posture, processes, and controls against international standards and best practices.

  • ISMS, BCMS, and Privacy maturity assessments (ISO 27001, 22301, 27701, etc.)
  • Cloud, SOC, and OT/ICS security assessments and gap analyses
  • Policy, process, and control reviews against ISO, NIST, CSA, OWASP and others
  • SOC / CSIRT capability and maturity reviews
  • Technical assessment oversight (pentest & red teaming from a GRC/SecOps lens)
Certification Audits

ISO & Conformity Assessment

As an accredited auditor, I support certification bodies and organizations in planning and executing value-adding ISO and cloud assurance audits.

  • ISO/IEC 27001 ISMS certification audits (Stage 1, Stage 2, and surveillance)
  • ISO 22301 BCMS certification audits
  • Cloud security & privacy assurance (e.g., CSA-based programs)
  • Pre-audit reviews, readiness checks, and corrective action follow-up
  • Independent second-party audits for suppliers and strategic partners
Training & Capacity Building

Expert-Level Training Programs

High-impact training for professionals and teams who want to move beyond theory and work with real-world cases, labs, and implementation roadmaps.

  • ISO 27001/27002/27005/27032/27035/22301 implementer & auditor tracks
  • CISSP, cloud, and cybersecurity fundamentals mentoring & exam coaching
  • Management systems auditing (ISO 19011 / ISO 17021-style approaches)
  • Hands-on SOC, incident response, and threat-hunting workshops
  • Tailored internal academies and capacity-building programs
Incident Response & DFIR

From Crisis to Controlled Recovery

Support for organizations facing security incidents who need both technical depth and executive-level guidance to recover and strengthen resilience.

  • Incident response playbooks and crisis management guidance
  • On-site and remote advisory during major incidents and investigations
  • Lessons-learned reviews, root-cause analysis, and remediation roadmaps
  • Tabletop exercises and cyber-crisis simulations for executives and teams
  • Integration of incident response with business continuity and DR
Speaking & Leadership

Keynotes, Panels & Advisory Boards

Engagements for organizations, events, universities, and communities looking for a pragmatic voice on modern cybersecurity, GRC, and cyber-resilience.

  • Keynotes and conference talks on strategy, risk, and SecOps/GRC alignment
  • Executive roundtables and board briefings on cyber risk and resilience
  • Advisory roles for startups, scale-ups, and national initiatives
  • Community-driven activities through OWASP & CSA chapters
  • Media, TV, and expert commentary on cybersecurity topics

Ready to discuss your next project?

Share your context, challenges, and objectives, and we will shape a tailored engagement – advisory, audit, certification support, or training – that delivers measurable value.

Contact me