Jan 2025 – Present · 1 yr 3 mos · Europe · Remote

• vCISO for a fast-growing manufacturing group operating across Europe and USA (12 sites, 5 business entities). Responsible for designing and deploying a multi-year cybersecurity roadmap to support the holding's external growth strategy through mergers and acquisitions. Aligning cybersecurity initiatives with the IT transformation roadmap and NIST CSF 2.0 framework, including priortised remediation planning to reduce technical debt and address legacy technology risks across a diverse hybrid cloud / on-prem / multi-site IT environment.
• Driving increased cybersecurity maturity to meet the evolving requirements of investors and stakeholders. Overseeing user awareness and training programs, leading Managed SOC and EDR deployments, and implementing a comprehensive cyber risk management framework along with third-party risk management processes. Actively involved in cyber insurance strategy and contract negotiations with vendors and service providers to ensure adequate risk coverage and compliance.
• Leading the cybersecurity steering committee and reporting directly to the board of directors on security posture, progress, and budget.

Aug 2024 – Present · 1 yr 8 mos · New Zealand · Hybrid

• Cybersecurity Consultant for the fastest-growing council in New Zealand. Conducted a full perimeter security audit and a comprehensive NIST CSF 2.0 assessment using a tailored “Organisational Profile” for cities and municipalities.
• Established a pragmatic and context-specific cybersecurity maturity goal, aligned with Selwyn District Council’s unique risks, requirements, and digital strategy. Identified and prioritised security measures across all NIST CSF domains based on risk impact and business requirements, focusing on actions with the greatest potential for risk reduction. Developed a cybersecurity programme with 8 initiatives and actionable, measurable steps, including task descriptions, budget estimates, and success criteria.
• Aligned all cybersecurity initiatives with the council’s 5-year digital strategy roadmap. Delivered executive presentations and facilitated workshops with key stakeholders including IT Operations, Legal, Risk Management, and Audit & Risk Committee to ensure strategic alignment and governance.

Jul 2023 – Dec 2023 · 5 mos · New Zealand · On-site

• Cybersecurity Technical Lead for a multi-million cybersecurity programme, responsible for supporting the delivery of strategic initiatives across a complex environment, including Information Protection using Microsoft Purview across the Azure and M365 ecosystem, extension of log sources for SIEM to improve visibility and threat detection, Secure Software Development Lifecycle (SSDLC) enablement, Cloud Web Application and API Protection, Cloud-Native Application Protection Platform (CNAPP), Password Manager implementation and assurance.

Jun 2023 – Present · 2 yrs 10 mos · Paris, France · Remote

• Cybersecurity Consultant for a large food manufacturing company in France (1,200 employees, 8 production sites, 9 patrimonial brands of ready-to-eat French cuisine). Conducted a comprehensive technical and control-based security audit aligned with the NIST CSF framework, defining both the current and target maturity states. Developed a 3-year cybersecurity roadmap aligned with quality, Health & Safety risk management, Food Defence principles (HACCP, VACCP), and retail market requirements, with a focus on ensuring system availability to support traceability as an essential component of the food manufacturing process.
• Strategically positioned cybersecurity governance for the group and provided training and mentoring to the IT System and Network Manager, enabling their transition into CISO role through a tailored support plan. Created and implemented the full Information Security Policy and ISMS, along with supporting processes including Risk Management, Governance, Compliance, Reporting, IT Vendor Security Management, and Security Awareness.
• Delivered a company-wide Business Impact Analysis for IT outages and cybersecurity scenarios, and developed a Cyber Incident Response Plan covering multiple threat scenarios. Supported the internal team in implementing the security roadmap and processes (SOC, XDR, awareness, phishing reporting and simulation, incident response, Privileged Access Management, Multi-Factor Authentication, and technology debt reduction), including CAPEX and OPEX budget management.

Jul 2022 – Feb 2023 · 7 mos · France · Remote

• Cybersecurity Consultant for the No. 1 agricultural equipment distributor in Europe (France/Poland). Conducted a full security audit based on the NIST CSF framework, including vulnerability scans and the development of a strategic cybersecurity roadmap. Defined the complete Cyber Incident Response Plan and Business Continuity Plan.
• Designed and led a cyber incident simulation exercise (Tabletop Exercise) involving 30 participants, including executive leadership and board members, to assess and strengthen the organization’s response capabilities.

Feb 2022 – Present · 4 yrs 2 mos · Pacific | North America | Europe · Hybrid

• Founder and owner of a global cybersecurity consulting firm. Leading local and overseas operations, strategic partnerships, and the delivery of cybersecurity consulting services across three continents. 🔒 Enhance your cybersecurity posture with a comprehensive cybersecurity assessment, aligned with top industry standards (NIST CSF, ISO 27001).
• 🚀 Empower yourself through a strategic advisory consulting engagement (cybersecurity programme manager, technical lead, CISO / IT Security Manager coaching, training, and support).
• 🛡️ Get ready with a Cyber Incident Response assessment and Plan, which equip you to proactively anticipate and respond to cyber threats.

Jul 2020 – Dec 2020 · 5 mos · New Zealand · On-site

• Led UC's cybersecurity strategy, operations, and governance. Conducted a full NIST CSF audit aligned with the CAUDIT framework and the university’s core value chain. Developed and implemented a robust incident response plan, ensuring the university is equipped to manage and recover from cyber threats in a timely and coordinated manner.
• Assumed the transitional CISO role in a complex, open, diverse, and increasingly threatened environment, enabling academic freedom, research excellence, and community engagement while safeguarding critical assets, PII, medical and sensitive research data.
• Participated in the recruitment and selection process for the university’s full-time CISO, helping to identify, attract, recruit, and transition candidates capable of evolving the role and meeting UC strategic needs.

Jun 2019 – Jan 2022 · 2 yrs 7 mos · New Zealand | Australia

• Cybersecurity Consultant and Team Lead for Datacom South Island, I delivered numerous cybersecurity engagements across various industries and clients (manufacturing, agri-food, transportation and logistics, health, education). I assisted many private and public organisations by implementing information security that supports people and business objectives (audit, cyber incident readiness and response, and IT security manager).

May 2011 – May 2011 · 0 mo

• After the January 2010 earthquake, I undertook two short-term international cooperation missions in Haiti. These missions were focused on rebuilding and securing banking networks for a credit union micro-finance institution.

Dec 2010 – Jun 2019 · 8 yrs 6 mos

• Desjardins is the largest cooperative financial group in Canada, boasting 60,000 employees. Reporting to the group Chief Information Security Officer (CISO), I held the role of Business Information Security Officer, responsible for the Wealth Management and Life Insurance sectors.

Apr 2010 – Nov 2010 · 7 mos

• I served as a Cybersecurity Architect on strategic projects involving cyber defense, and security operations. My role was pivotal in establishing the foundation of the SOC/SIEM and Vulnerability Management for the financial institution.

Sep 2002 – Feb 2010 · 7 yrs 5 mos · France | Switzerland

• I led a team of network engineers and cybersecurity consultant as the Team Lead for Cybersecurity Advisory Services, within a company offering IT services across Europe, including France and Switzerland (Flow Line Technologies, acquired by SCC Group).