Practitioner-led advisory
for complex risk.
Technically grounded, policy-literate, and direct. We work with organisations that have outgrown generic compliance frameworks and need someone who understands the actual systems involved.
AI Governance Advisory
Strategy and implementation support for AI risk management, regulatory alignment, and governance framework design, from board briefings to technical controls.
Board-level briefings · Compliance gap analyses
EU AI Act readiness · Internal audit support
Digital Sovereignty
Assessing and strengthening organisational control over data, infrastructure, AI systems, and vendor relationships, with particular focus on critical and public sector environments.
Control frameworks · Procurement guidance
Confidential computing architecture
Open Source Security
DevSecOps strategy, software supply chain security, SBOM implementation, and OpenSSF adoption for organisations where the software supply chain is a material risk.
SBOM tooling selection and implementation
OpenSSF Scorecard baseline · Training
Technical Due Diligence
Security and governance review for M&A, investment decisions, or procurement, covering AI systems, software supply chains, and security posture.
Remediation priority lists
Vendor assessment frameworks
Where we work.
We focus on environments where security and governance failures have real consequences: regulated industries, public sector, and critical national infrastructure.
Retained Advisory
Ongoing relationship with agreed scope. Suitable for organisations building capability or navigating a multi-year programme.
Project-Based
Defined scope, timeline, and deliverables. Suitable for assessments, audits, framework design, and due diligence.
Workshops & Training
Half-day or full-day sessions for technical or executive teams. Topics include AI governance, supply chain security, and digital sovereignty.
Speaking
Keynotes, panels, and technical presentations for conferences, policy forums, and industry events.