vCISO · Security Leader · EDUC4TE Founder · Mentor
Securing people,
process, and technology.
I help organisations build and sustain real security — not just compliance. With over 25 years across Microsoft security, enterprise architecture, and defence-grade systems — I bridge the gap between technical controls and strategic outcomes.
25+
Years in Microsoft Security
100+
Security professionals led
E8 ML2
Essential 8 achieved
3
Continents
Areas of Expertise
Cybersecurity Architecture
Designing and delivering defence-grade security architecture. Proven delivery of IRAP-accredited, ISM-compliant systems for PROTECTED workloads on Microsoft Azure.
Microsoft 365 & Entra ID Security
Deep expertise in Microsoft 365 security, SharePoint governance, Entra ID, Defender Suite, and Microsoft Sentinel — securing enterprise and government environments at scale.
ASD Essential 8 & IRAP
Achieving Essential 8 Maturity Level 2 and IRAP PROTECTED accreditation. Practical implementation of ISM controls, risk registers, and evidence packages for Authority to Operate.
People & Security Leadership
Building and scaling high-performance security teams. Scaled Avanade's security practice from 8 to 100+ professionals, including championing the Women in Security initiative.
vCISO Advisory
Fractional CISO services for organisations that need executive security leadership without the full-time cost. Security strategy, governance uplift, and C-suite communication.
Security Mentorship
Guiding professionals into and through cybersecurity careers. Mentoring career changers, graduates, and returning workers on entering and growing within the security industry.
The longer version
I started as an infrastructure engineer, building and automating systems across government, telecommunications, and enterprise. Over time I moved deeper into security — designing Zero Trust architectures, leading IRAP accreditation programs, and securing defence-grade workloads on Microsoft Azure. That engineering foundation shapes how I think about security: it has to be practical, it has to be implementable, and it has to hold up under real-world pressure.
I spent over a decade at Avanade leading security architecture for Defence and National Security clients — including achieving IRAP PROTECTED accreditation and Essential 8 ML2 for critical government systems. I then founded EDUC4TE to bring that experience to organisations and individuals who need it most: through consulting, education, and mentorship.
How I work
I'm a pragmatist. Good security doesn't happen from frameworks alone — it happens when people understand why controls matter and how to apply them in context. I meet organisations where they are and help them move forward: whether that's achieving Essential 8 Maturity Level 2, standing up a Microsoft 365 governance program, or building a security culture from scratch.
Whether I'm advising a CISO, mentoring a career changer entering security, or delivering an IRAP accreditation — the goal is always the same: practical outcomes, measurable improvement, real security uplift.
Want to work together?
Get in touch to discuss how I can help secure your organisation.