Independent judgment on cyber and AI — that you can act on and defend.

I help organisations and their boards trust their security and AI — with evidence, not assertions.

What I do

Testing whether security and AI governance actually work.

For more than twenty years I have tested whether security and governance actually work — independently, against the evidence.

I bring both sides of the problem: the builder’s understanding of how cyber and AI systems are created, and the assessor’s discipline of testing whether they can be trusted.

I help the people accountable for cyber security and AI, whether that is a security team preparing for certification, an executive group governing risk, or a board that has to demonstrate oversight.

I also contribute to public understanding of cyber security, AI governance and assurance through radio and media commentary, including ABC, and conference work with groups such as AISA and ISACA.

Authority

Independent expertise where the standard matters.

I have supported the development of AI management system accreditation in Australia — and I assess the bodies that certify everyone else.

I provide judgment that can be tested, explained and defended. Where independence matters, the role and any prior involvement must be clear before the engagement starts.

The value is not another framework or opinion. It is judgment that survives scrutiny.
Co-FounderISO/IEC 27001 Lead AuditorISO/IEC 42001 Lead AuditorASD IRAP AssessorJAS-ANZ Technical Expert & Assessor20+ years across cyber, government and AI assurance

Who I work with

Where assurance needs to be credible.

Defence and industry, Australian government, critical infrastructure and technology.

Security and compliance leadersExecutives accountable for riskDirectors responsible for oversightAssurance and certification bodies

Independence

Independence is a role, not a personality.

I build, create and advise in the right context. When the work is independent assurance, I keep the assurance role clear.

Conflicts, prior involvement and delivery roles are checked before the engagement. Work is not described as independent unless the role supports that claim.

Start with the question.

If you need an independent, expert read on your security or AI — or your board does — start here.