ENGAGEMENT.OPS

    ADVISORY & CONSULTING

    I work with senior leaders in regulated and high-stakes environments — translating complex technical exposure into clear, defensible recommendations boards and regulators can act on.

    SECTORS

    MiningDefenceEnergyTelecomsCritical InfrastructureFinancial ServicesGovernmentManufacturing

    SERVICES.MENU

    WHAT I OFFER

    Board Advisory & Risk Governance

    Independent counsel for boards and executive teams on cyber and operational risk where the stakes are real and the decisions are visible.

    • Quarterly cyber risk briefings for boards and audit committees
    • Translating technical exposure into defensible business decisions
    • Pre-mortems and tabletop exercises for material incidents
    • Independent review of internal CISO recommendations

    OT / ICS Security Assessments

    Operational technology and industrial control system assessments built around real cyber-physical risk, not IT-style frameworks bolted onto plants.

    • Architecture and segmentation review for OT/ICS networks
    • Adversary-driven threat modelling for cyber-physical systems
    • IT/OT convergence risk assessment
    • Targeted technical testing in coordination with operations teams

    Technical Due Diligence (M&A)

    Pre-acquisition cybersecurity due diligence that surfaces value-destroying exposure before close — and structures remediation conditions when it does.

    • Tech and security DD for PE, VC, and corporate development
    • Material-issue triage and remediation cost estimation
    • Post-close integration risk assessment
    • Founder / CTO interview programme

    Fractional CISO

    Senior security leadership on a fractional basis for organisations that need governance and strategy without a full-time hire.

    • Programme design and roadmap ownership
    • Vendor and tooling strategy
    • Reporting line into CEO / Board
    • Mentorship for in-house security leads

    AI Governance & Compliance

    Practical AI oversight for organisations deploying GenAI, agentic systems, and ML in regulated environments — calibrated to actually survive scrutiny.

    • AI risk register and control mapping
    • Readiness for EU AI Act, NIST AI RMF, ISO 42001
    • Red-team and assurance pattern design
    • Board-level AI risk briefings

    Incident Response Retainer

    Senior-level engagement when material incidents occur — the kind that need governance and communication discipline as much as technical response.

    • On-call senior advisor for material incidents
    • Communications support for boards and regulators
    • Post-incident review and lessons-learned
    • Coordination with technical IR providers

    HOW WE WORK TOGETHER

    01

    Initial conversation

    A confidential call to understand the question you're actually trying to answer — not the question that's easy to scope.

    02

    Engagement design

    Written scope with clear deliverables, time horizon, and what's explicitly out-of-scope. Fixed fee or retainer depending on shape.

    03

    Delivery

    Direct work with you and your team — no sub-contracted juniors, no boilerplate decks. Senior attention end-to-end.

    04

    Ongoing relationship

    Most engagements continue as a quarterly check-in, board cycle, or on-call advisor relationship. Optional, never a default.

    START HERE

    Test the fit, in 30 minutes.

    Most full advisory engagements start with a single 30-minute conversation about the specific question you're sitting on. Self-serve booking — no email back-and-forth.

    STRATEGIC CONSULTATION

    Book a Strategic Consultation

    30 minutes. Your specific OT or AI security question. Direct, candid, non-sales.

    • Direct call with Matthew — not a sales conversation
    • Pre-call brief: I read what you send before we talk
    • Walk out with something concrete for your next board cycle
    $50030 minutes

    Already know the engagement is bigger than 30 minutes?