Built by an engineer and architect, comfortable in the boardroom
Antonio Spera leads Antan, and still writes the code as readily as he sets strategy, combining governance and quantitative risk with hands-on engineering and applied AI.
For more than twenty-five years, I have built and led security functions for organisations that cannot afford to get it wrong, banks and credit bureaux, national infrastructure, public agencies, and global technology companies. The thread through all of it is a refusal to treat security as theatre. Controls exist not only to reduce loss but also to support the opportunities a business wants to pursue; if they do neither, they don’t earn their place.
My career has moved between the boardroom and the keyboard. As General Manager and Associate Director of Cyber Security, I have set strategy, led certification programmes, and translated technical risk into the language of directors and investors. As an engineer and architect, I have designed Security Operations Centres end-to-end, architected security for critical infrastructure, and written machine-learning classifiers that solve real detection problems. That duality, comfort in the boardroom and competence at the keyboard, is what I bring to an engagement.
I work quantitatively. Drawing on FAIR, ISO 31000, and Monte Carlo methods, I express cyber risk in dollars and probabilities, so the people holding the budget can decide on evidence rather than on a red-amber-green grid. The same discipline now extends to artificial intelligence: I help organisations apply AI to their security operations, and I help them secure the AI systems they are deploying, aligned to ISO/IEC 42001, the NIST AI Risk Management Framework, and the OWASP LLM Top 10.
Along the way, I have led organisations to ISO/IEC 27001:2022 and SOC 2 Type 2 certification, built Security Operations Centres from the ground up, contributed to the security architecture behind critical national infrastructure, and helped found a national chapter of a global software-security community. I have been entrusted with a national defence clearance and have held clearance overseas. I keep studying, covering quantum mechanics through an online university course, machine learning and data science, and post-quantum cryptography, because the threat landscape doesn’t stand still, and neither should the people defending against it.
Antan is how I do this work independently: senior advisory and delivery for organisations that want the experience of a security executive and the hands of an engineer and architect, without the overhead of a large firm.
Six principles I hold to
Quantitative over theatrical
Risk expressed in dollars and probabilities, not red-amber-green. If a control does not reduce expected loss, it does not earn its budget.
Engineer and architect first
I design the architecture, write the code, build the classifiers, and ship the systems. Strategy I cannot implement is just a slide deck.
Outcomes over artefacts
A certificate on the wall is not the goal. A measurably more resilient organisation is. The paperwork follows the outcome.
Clearance and confidentiality
Entrusted with a national defence clearance. Discretion is not a value-add; it is the baseline for the environments I work in.
Research and innovation
I stay at the working edge of the field, hands-on rather than just well-read: applied AI and machine learning, fine-tuning LLMs into specialised security models, secure application development, and quantum computing and post-quantum cryptography. The threats and the tools both keep moving, so I keep researching, building, and testing rather than resting on what worked last year.
Independent and vendor-neutral
No products to push and no quota to meet. The advice I give is the advice I would follow myself, chosen on the merits, not on what I happen to resell.
Clearances
- National defence clearancePreviously held
- Overseas defence clearancePreviously held
Discretion is the baseline for the environments I work in, not a value-add.
Memberships
- ISACA
- OWASP - Co-founder, NZ Chapter
- NZITF
- PECB
Continuing development
- Applied AI & LLM fine-tuning for specialised models
- Machine learning & data science bootcamp
- Secure application development
- Quantum mechanics (online university course)
- Quantum computing & post-quantum cryptography
Want the detail behind the summary?
Considering a vCISO, a security strategy and architecture, a SOC uplift, an AI assurance review, or a secure web build? Get in touch. The first conversation is on the house.