I work with small businesses and growing teams to make sense of AI adoption,
data protection obligations, and the security frameworks that come with them —
without the jargon or the enterprise price tag.
About
My background is in security assurance and architecture — I've spent years helping
large organisations in government, finance, and energy understand their risk,
meet their compliance obligations, and build secure systems. That work took me
through ISO 27001, NIST, NCSC CAF, NIS, and cloud transformation at scale.
Now I'm channelling all of that into something I find genuinely exciting: helping
organisations get AI right. That means understanding what the EU AI Act actually
requires, how it sits alongside GDPR and the NIS2 Directive, and what all of this
means in practice for a business that isn't a multinational with a 20-person legal team.
I work remotely, I keep things practical, and I'm comfortable with ambiguity —
which is exactly what this space requires right now.
What I focus on
🤖
AI Act Readiness
Risk classification, conformity assessments, and governance frameworks for EU AI Act compliance.
🛡️
Data Protection by Design
GDPR, privacy-by-design, and data governance for organisations building or adopting AI tools.
🌐
NIS2 & Regulatory Alignment
Helping organisations understand and meet NIS2, DORA, and emerging SEA regulatory requirements.
🏢
Security Assurance
Practical risk management, supplier assurance, and security architecture for regulated environments.
Frameworks & standards
EU AI ActGDPRNIS2 DirectiveDORAISO 27001NIST CSFNCSC CAFISO 27017/18PDPA (Thailand)PDPC (Singapore)SABSAISO 31000