Security, from every perspective
I set out to understand security from every side, so over the years I've taken roles across the whole discipline, by design rather than by accident. What follows is that path, not a highlight reel.
I've never wanted to understand security from only one seat. So I've worked deliberately across the whole discipline, spanning hands-on engineering and penetration testing, security operations and incident response, architecture, governance and risk, and leadership. Each role was a way to see the field from another angle, and to learn how the parts actually fit together.
I'm at my most useful when I'm still learning, which is why I stay close to research and development, building classifiers, threat-modelling LLM and agentic systems, and keeping pace with where the threat landscape is heading. The day I stop learning is the day I'd stop being much use to anyone.
Roles I've held
A global software company
Senior security leadership
Security leadership for a global software organisation.
A major New Zealand technology organisation
GM & Associate Director, Cyber Security
Led ISO/IEC 27001:2022 and SOC 2 Type 2 attainment across the group, and built the security function across architecture, GRC, operations, and awareness.
A national government agency
Security Consultant
Built the Security Operations Centre end-to-end; collaborated on the security architecture for a major motorway tunnel; built an ML anti-phishing classifier; restructured the PCI-DSS compliance programme.
A credit union
Security consultant
Advisory and delivery across governance and operations.
An independent security consultancy
Principal consultant
Independent security advisory and assurance.
A global telecommunications vendor
Security leadership
Part of the security leadership for enterprise and carrier-grade environments.
A media and publishing group
Security lead
Security across media and digital platforms.
A national rail operator
Security leadership
Part of the security leadership for national rail infrastructure.
A security testing firm
Security consultant
Penetration testing and security assurance.
A national credit bureau
Security architect
Security architecture across credit and data services.
United Kingdom, earlier roles
Security engineering and operations
Foundational security engineering roles, including defence-cleared work.
Roles are indicative; full detail is available on request and via LinkedIn.
Sharing what I learn
I helped start the New Zealand chapter of OWASP, the global community for improving the security of software. Sharing what I learn openly is part of how the profession matures, and a way to keep myself honest.
Lately that has meant working through how we secure artificial intelligence, trying to bridge applied engineering and the governance frameworks now racing to keep pace with it. It's unfinished work, and I'm still learning as I go.
Let's talk about your security programme
Considering a vCISO, a security strategy and architecture, a SOC uplift, an AI assurance review, or a secure web build? Get in touch. The first conversation is on the house.