Operationalising OT Cyber Risk
A Board-to-Plant-Floor Operating Model Translating Risk Appetite into PLC Configuration
Named governance doctrine Commercially decisive
Global Authority · 27 Years · Big 4 Lineage
Senior authority retained directly when boards face regulators they cannot satisfy with slideware — delivering doctrine that survives audit, market scrutiny, and the next inspection cycle.
The institutional operating model boards retain when contracts, regulators, and market confidence converge on the same fault line. Decision architecture for environments where information is incomplete and consequences are irreversible.
Organisations do not lose systems first. They lose decision authority. Then everything else follows.
This doctrine exists because the distance between a near-miss and a career-ending breach is one unsigned control.
Not advisory. Not consultancy. The governance infrastructure that holds when the regulator is already in the building.
DORANIS2EU AI ActISO 42001Zero TrustM&A Due DiligenceBoard Reporting Microsoft SentinelKQL DetectionAzure DefenderSplunkCAF A–DSOC Implementation
Technical Execution Stack
Sentinel · Splunk · Azure Defender · KQL · Wireshark · Burp Suite · Nessus · MITRE ATT&CK · Defender for Endpoint · Logic Apps SOAR
I accept 2–3 mandates per calendar year. Engagement requires executive authority or board resolution.
92%
Backlog Closed
147 → 12 findings · 84 days
0
Supervisory Findings
Across 3 review cycles
214
AI Models Governed
From 0 baseline · ISO 42001
14d → 2.1d
MTTR Compression
NIS2-aligned incident response
Who this is for
Boards & Audit Committees
Regulatory exposure, accountability frameworks, and evidence chains for board-level scrutiny under DORA and NIS2.
Explore governance doctrine →CISOs & Risk Officers
Operational resilience models, control collapse diagnostics, and crisis decision hierarchies built for regulated environments.
Explore resilience frameworks →PE & Deal Teams
Pre-acquisition cyber due diligence, failure cascade mapping, and post-deal control uplift programmes.
Explore due diligence doctrine →Regulated Enterprises
End-to-end delivery for DORA, NIS2, EU AI Act, ISO 42001, and GDPR obligations with full audit-trail evidence.
Explore compliance delivery → Contract Outcomes
Outcomes counterparties sign against
Representative outcomes (client identifiers withheld). Written in procurement language under regulatory scrutiny.
Tier-1 FS: DORA Transformation
Win condition: audit-ready operational resilience evidence chain.
DORAEvidence Chain Model™
Result 147 findings → 12 in 84 days · owner model · testing cadence · board KPIs
Regulated Enterprise: Outsourcing Controls
Win condition: contract clauses aligned to operational resilience, TPRM, and audit rights.
TPRMContract Control Matrix™
Result Negotiation cycle 22wk → 9wk · renegotiated control schedule · exit plan
AI Programme: Governance Reset
Win condition: ISO 42001-aligned governance, model inventory, assurance pathways.
ISO 42001AI Accountability Stack™
Result 0 → 214 models governed · control matrix · accountability map · audit artefacts
Global Bank: Incident Response Overhaul
Win condition: regulatory-grade incident classification, escalation, and evidence chain under NIS2.
NIS2Crisis Decision Hierarchy
Result MTTR 14d → 2.1d · 24/7 playbooks · board escalation SLA · regulator pack
Insurer: Cloud Security Architecture
Win condition: zero-trust posture validated against NIST 800-207 and FCA expectations.
NIST 800-207Board-Survivable Cyber Architecture™
Result 3 critical gaps → 0 · microsegmentation · PAM rollout · attestation dashboard
PE Portfolio: Cyber Due Diligence
Win condition: pre-acquisition security posture assessment with quantified remediation roadmap.
M&AOperational Integrity Index
Result 5 targets assessed · €2.3M risk quantified · 2 deal-breakers identified · remediation priced
Organisations do not lose systems first. They lose decision authority. Then everything else follows.
How I Engage
A predictable path from briefing to mandate.
Three stages. Procurement-grade artefacts at every step. Designed for boards under regulatory scrutiny.
Discovery Briefing
A 60-minute confidential conversation. We map the decision authority gap, regulatory exposure window, and the artefacts your board, regulator, or counterparty will require.
Mandate Definition
A signed scope tied to specific outcomes — control closures, evidence chains, governance architecture, or interim CISO coverage. Procurement-grade contract on day one.
Delivery & Artefacts
Doctrine-grade execution against the mandate. Every output is regulator-ready and board-survivable: control matrices, evidence chains, accountability maps, decision papers.
Why Retain Me
Senior authority. Direct delivery. No partner-tier markup.
When the regulator is already in the building, the work cannot be delegated to junior consultants. It has to land with the named principal.
Senior Authority Direct
The principal who signs the doctrine is the principal who delivers it. No partner-to-junior handoff.
vs Big-4: partner-led sale, manager-tier delivery, junior-tier execution.
Procurement-Grade Artefacts
Every output is regulator-ready and board-survivable. Evidence chains, accountability maps, decision papers — not slideware.
vs in-house: internal teams ship slide decks; mandates require artefact chains under audit-grade scrutiny.
Board-Survivable Doctrine
900 published doctrine frameworks, peer-reviewed at UCL & Imperial. The IP that the work runs on is named, citable, and counterparty-validated.
vs generic advisory: generic frameworks; this work runs on named, peer-reviewed doctrine.
Technical & Professional Profile
Skills & Competencies
Certifications
CISSPCISMCRISCCCSPTOGAF 9ISO 27001 LA/LIISO 42001ITILCOBIT
Governance & Risk
DORANIS2EU AI ActGDPRFCA / PRAIT Risk FrameworksKRI Library DesignGroup Policy HarmonisationBoard ReportingM&A Due DiligenceNIST CSFISO 31000BCM / DR
SIEM / SOC / Detection
Microsoft SentinelKQL DetectionIBM QRadarSplunkArcSight ESMDatadogUEBAML Anomaly DetectionSOC ImplementationDetection-as-Code
Endpoint / EDR / Cloud
CrowdStrike FalconSentinelOneMicrosoft Defender XDRAzure DefenderCarbon BlackQualysTenableRapid7 InsightVMZero TrustCAF A–D
SOAR / Automation / IR
Splunk SOARPalo Alto XSOARPython ScriptingDFIRThreat HuntingSTIX / TAXIIMITRE ATT&CKRegulator NotificationMSSP Governance
AI Engineering
RAG Pipeline ArchitectureLLM SecurityOWASP LLM Top 10RAGAS / DeepEvalFAISS / Vector SearchWhisper / ASRBM25 Hybrid SearchAI Governance
Governance Lineage Deloitte PwC EY KPMG
Research & Publications Peer-Reviewed Research UCL & Imperials ISACA & (ISC)² Regulatory Frameworks Institutional Doctrine
Explore
Institutional Governance Architecture
Navigate the complete governance doctrine — from proprietary frameworks and research to regulatory intelligence and strategic threat analysis.
2026 Threat Frontier
AI + Cyber Security
As AI reshapes the attack surface — LLM exploitation, adversarial prompts, deepfake phishing — your security architecture must operate at the intersection of governance and engineering. 27 years of cyber delivery meets the 2026 AI threat landscape.
LLM SecurityOWASP Top 10
Prompt Injection & LLM Defence
Adversarial prompt testing, jailbreak detection, and output sanitisation frameworks. OWASP LLM Top 10 assessment methodology. AI model sandboxing, guardrail architecture, and data leakage prevention for enterprise LLM deployments.
- → Prompt injection penetration testing
- → System prompt extraction prevention
- → RAG poisoning defences
- → Output filtering architectures
Azure MLSIEM AI
AI-Driven Threat Detection
ML anomaly detection integrated with Microsoft Sentinel. Behavioural baselines using Azure ML. Automated triage reduction: 60% fewer false positives through ML-assisted rule tuning. UEBA (User & Entity Behaviour Analytics) deployment for insider threat detection.
- → Sentinel ML-powered detection
- → Behavioural anomaly baselines
- → UEBA insider threat modelling
- → AI-assisted SOC automation
EU AI ActISO 42001
AI Governance & Model Risk
EU AI Act Article 9 risk management. Model inventory, bias testing, and transparency documentation for high-risk AI systems. AI incident classification under DORA and NIS2. ISO 42001 AI management system implementation and certification readiness.
- → High-risk AI system registration
- → Model risk register & testing
- → AI incident reporting (DORA/NIS2)
- → ISO 42001 gap analysis
AI Threat Coverage
Deepfake phishing · Model inversion · Training data poisoning · Supply chain AI attacks · Shadow AI governance
2026-05-10 · OT / ICS Doctrine
Industrial Resilience Doctrine — 21 Papers, May 2026
Latest institutional release: 21 OT/ICS doctrine papers (v4.0/v4.1) covering Purdue, IEC 62443-3-3, DORA Chapter III, NIS2 Article 21, IEC 61511, and IEC 62439-3 PRP/HSR alignment for board-grade cyber-physical resilience. Read the local PDF or view the Drive mirror.
From Compliance to Control
A Clause-by-Clause Engineering Crosswalk Between IEC 62443-3-3 DORA Chapter III and NIS2 Article 21
Industrial Cyber Resilience by Design
Cyber-Physical Systems Under IEC 61511 Functional Safety and Adversarial Cyber Stress
Engineering Survivable OT Architectures
IEC 62439-3 PRP-HSR Graceful Degradation and Island-Mode Under Adversarial Compromise
Quantifying OT Risk
A Transparent Monte Carlo Method for Translating SCADA ICS and DCS Threats into Defensible Capital Decisions
Design Authority for Industrial Networks
A Charter Operating Model and Conflict-Resolution Framework for IT-OT Convergent Network Governance
Enterprise Network Architecture for OT
Evolving Purdue — Modbus-DNP3-CIP DPI Micro-Segmentation and IIoT Vendor Access
Designing Hybrid OT Connectivity
Azure AWS Edge and Data-Centre Integration Under Latency and Sovereignty Constraints
Governing Multi-Vendor Network Architectures in Critical Infrastructure
SBOMs DORA CTPP and Vendor-Governance for Industrial Estates
Industrial Network Resilience
PROFINET IRT IEC 61850 GOOSE BGP-MPLS Failover and Deterministic Networking for Mission-Critical Industrial Estates
Zero Trust for ICS in Practice
Identity-Aware Overlays Protocol Proxies and Lateral-Movement Defeat for Headless Industrial Devices
Industrial Segmentation Reimagined
Static VLANs to Software-Defined Plant Networks with Risk-Based OT-Aware Peer-to-Peer Zones
Designing the Industrial DMZ
Reverse Proxies Jump Servers Dual-Homed Historians and Data Diodes — Engineering the IT-OT Trust Boundary
Identity and Privileged Access in OT
Break-Glass Procedures Just-in-Time Vendor Access and the MFA Constraint on the Plant Floor
OT/ICS Resilience Doctrine — Volume 15 (Drive Mirror)
Institutional cyber-physical doctrine release — drive mirror entry pending local PDF availability.
Failover Without Failure
Engineering Sub-Millisecond Continuity in Industrial Control Systems Using IEC 62439-3 PRP-HSR
Dependency Mapping in OT Systems
Eliminating Hidden Single Points of Failure Through Passive Discovery and Graph Analysis
SACDA Architecture for Modern Industry
Formal Specification of the Safe Autonomous Connected Distributed Edge-Native Architecture
SACDA Resilience Engineering
Run-Time Operationalisation of the Autonomous Edge — Local Control and Telemetry Queuing
Industrial Transformation Without Downtime
Ships-in-the-Night Architecture and Choreographed Cut-Over for 24-7 Industrial Estates