SC Cleared · Regulated Environments · CNI Experienced

Cyber SecurityConsultant

CNI · GRC · Cloud Security

I help regulated organisations build defensible security postures — from board-level strategy to technical implementation across Cloud, M365, and critical infrastructure environments.

Audit-readyGovernanceAudit & M365 AssuranceAI Security GovernanceSupply chain RiskBoard-level advisorySecure by DesignIncident readinessSecurity Architecture

Get in Touch View Experience

25+

Years Experience

CNI

Nuclear + Oil & Gas

Security Cleared

Cybersecurity operations centre with compliance dashboards for Cyber Essentials, ISO 27001 and NIST CSF

Cyber Security Consultant

All organisations face a growing gap between compliance obligations and operational security reality. I bridge that gap — providing independent consultancy across cloud security, GRC, and critical national infrastructure.

Cloud Security Architecture

Independent assurance of Azure and M365 environments — from secure configuration and identity governance to Defender suite optimisation and AI security controls.

GRC

Building governance frameworks that produce defensible, auditable security postures — not paper compliance. Risk registers, policy architecture, and control validation that hold under external scrutiny.

Critical infrastructure assurance

Independent security assurance for nuclear, electricity, and oil & gas environments — where IT/OT convergence, regulatory accountability, and safety risk demand a fundamentally different approach.

Audit & Control Validation

Producing the evidence that satisfies internal audit, regulatory assessment, and certification bodies — structured, defensible, and built to withstand scrutiny.

Threat detection & response

KQL-driven detection engineering across Microsoft Sentinel and Defender — translating telemetry into actionable intelligence and keeping detection logic ahead of evolving threats.

Board-level security advisory

Translating complex security risk into language boards act on — clear priorities, credible threat narrative, and strategic roadmaps aligned to business risk appetite.

Audio Introduction

Listen to a brief overview of my background and approach.

Consulting Philosophy

Strategy grounded in technical reality

Regulated organisations face a growing gap between compliance obligations and operational security reality. Independent consultancy closes that gap — not by adding process, but by building security postures that hold under scrutiny: from the regulator's desk to the board table to the OT control room floor.

Outcomes over outputs

Security programmes that satisfy auditors but fail under real pressure are not security programmes — they are risk. Every engagement I lead is designed to produce controls and governance that hold under scrutiny, not just on paper.

Technical depth enables strategic advice

Independent consultancy is most valuable when the advisor can operate at both board level and implementation depth. I translate between those layers — which means the strategy is grounded in what is technically achievable, and the technical delivery is aligned to genuine business risk.

Defensibility is the standard

In regulated and CNI environments, security posture must be demonstrably defensible — to regulators, auditors, insurers, and boards. That standard shapes every risk register, architecture decision, and governance artefact I produce.

Client Projects

My history of Enterprise Client security projects.

Cyber Security Specialist

Sizewell C | Nuclear CNI

Engage with internal and external partners to ensure services are secure by design.
Audit vulnerabilities and provide actionable mitigation strategies.
Conduct security reviews, risk assessments, and audits.
Ensure compliance alignment with recognised industry frameworks.
SC Cleared - Comfortable working in Highly Regulated Environments.

Security Consultant

Northern Power Grid | Electricity CNI

Endpoint security controls within OT pre-production environment using Carbon Black EDR.
Authored (HLD/LLD) security designs, contributing to defensible architecture.
Delivered tailored application control baselines and custom EDR rule sets.
Mentored internal teams on secure operations, post-project handover.

Infrastructure Security Consultant

Ineos Oil & Gas | Oil & Gas

Delivery of a NIST-aligned cyber security program across IT and OT infrastructure.
Oversaw onboarding of MSSP, SIEM (Dell SecureWorks), and tuning of IDS/IPS policies.
Deployed enterprise EDR, DNS security (Carbon Black, Cisco Umbrella), and IAM controls (OKTA).
Azure and O365 security architecture with hardened image deployments and automated patching.
Projects delivered despite the Global Covid shutdown.

Infrastructure Security Engineer

Kobalt Music Publishing | Media & Entertainment

Deployed global EDR and SIEM solutions (Carbon Black, Splunk), enhancing detection and response.
Onboarded IAM solutions (OKTA) and drove secure integration with AWS, Confluence, and JIRA.
Hardened systems using CIS benchmarks, with automation of secure Windows 10 builds.
Developed and enforced global security policies, procedures, and vulnerability management processes.

Network Systems Analyst

ACCOR Hotels UK & Ireland | Global Hospitality

Delivered secure infrastructure support across 250+ sites during a major digital transformation, contributing to PCI DSS compliance across UK & European hotel networks.
Migrated legacy Exchange to Office 365, enabling secure and scalable email infrastructure.
Decommissioned legacy VPNs and coordinated secure firewall upgrades across 200+ Cisco devices.
Implemented secure scripting, patching automation, and compliance monitoring using PowerShell, SCCM, and event log auditing.

Technical Credibility

Platform & Framework depth

Technical capability that underpins Consultant capabilities.

Cloud & Identity

Azure Security Center
Microsoft Sentinel
Defender for Cloud
Defender for Endpoint
Entra ID / PIM
Conditional Access
Microsoft Purview
DLP & Intune MDM
M365 Copilot security
NCSC Cloud Principles

GRC & Frameworks

ISO 27001
NIST CSF
CAF (NCSC)
ONR SyAPS
Cyber Essentials Plus
NIS2 / UK CSR Bill
Third-party SRA
Risk register design
Audit evidence packs

Detection & Response

KQL (advanced)
Microsoft Sentinel
Tenable One
Carbon Black EDR
Splunk SIEM
Azure Monitor
Log Analytics
IR plan design
Threat hunting

CNI & OT Security

IT/OT convergence
OT risk assessment
ONR regulatory assurance
Nuclear (Sizewell C)
Northern PowergridCNI
Oil & Gas CNI
SC Cleared delivery

Explore More Resources

Dive deeper into cybersecurity implementations, live monitoring, and expert guidance.

Case Studies

Visual showcase of cybersecurity implementations, security architecture diagrams, and project outcomes.

Documented security architectures
Framework alignment evidence
Detection and monitoring implementations
Delivered project outcomes

Explore Case Studies

AI Assistant

Chat with my AI assistant trained on my Cyber Security expertise. Discuss your project, assess fit, and get expert guidance.

Discuss your security challenge
Explore how I approach CNI and GRC engagements
Understand if this engagement is the right fit
Open a conversation before committing to a call

Ask Brian

Get in Touch

The right engagement for the right challenge.
I'm not the right fit for every project — and I'll tell you that upfront.
For regulated organisations, CNI operators, and complex GRC programmes, I bring the kind of focused, senior expertise that changes outcomes.

Please use the contact form or connect on LinkedIn.

Contact Me

Get in touch to discuss your cybersecurity needs or ask questions about my services.