$ whoami — security · communications · research · action

Works in theory.
Works in practice.

Head of information security & compliance at a private risk advisory — sole owner of its security, compliance and IT function.

I built its ISO 27001 management system to UKAS-accredited certification, designed its security architecture, and deliver evidence-grade investigations to legal standard — increasingly AI-assisted, on a private local model stack I built and run.

Before this, eight years in UK policing: child-abuse investigator, sergeant, and operational communications manager leading a team of seven. Trained in philosophy and public policy, with mixed-methods research at the core of how I work.

$ key achievements
ISO
27001:2022 ISMS taken to UKAS-accredited certification — covering all 93 Annex A controls.
218
individuals found unlawfully over-checked in a screening gap analysis across all 1,429 staff of a client.
482
exhibits assembled into an evidence-grade corpus — a second case ran to 321 exhibits, integrity-stamped with SHA-256 + OpenTimestamps.
£270k
budget negotiated to build a nine-person communications team from scratch — recruitment, licensing, training and CPD.
2,000
officers and staff reached through daily and weekly internal news; led all communications across South-Central London during Operation Bridges.
Nat'l
rollout of the "Walk and Talk" police–public engagement campaign — designed it, then trained other forces to implement it across the country.
$ experience
·
  • Built the ISO/IEC 27001:2022 ISMS to UKAS-accredited certification: all 93 Annex A controls in an approved Statement of Applicability, a full policy suite, risk register, asset register and supplier-assurance process.
  • Consolidated the controlled document set from ~120 to 68, cutting monthly review load from nine documents to five while retaining every mandatory ISO record.
  • Hold and renew Cyber Essentials (2025, v3.2; 2026 renewal in progress, v3.3), with live remediation during assessment — disabled SSH password authentication, confirmed default-drop host firewalls, and separated admin from standard accounts.
  • Run the UK GDPR / Data Protection Act programme: ROPA, DPIA and data-subject-rights procedures, a personal-data-breach procedure with the 72-hour ICO notification path built into business continuity, and lawful-basis analysis underpinning every investigation.
  • Designed and maintained security architecture — VLAN segmentation, context-aware access control, data loss prevention, and more.
  • Business development: authored a screening-governance proposal that converted into live delivery, ran a UK public-procurement tender pipeline, and developed the firm's Trust Centre and brand assets.
  • Managed the operational communications function, directing messaging and information flow across live incidents.
  • Supervised and developed a team of seven — tasking, welfare, standards and performance.
  • Made time-critical decisions in fast-moving situations, coordinating between frontline units and command.
  • Conducted safeguarding investigations, building court-standard case files and managing evidence with rigorous chain of custody.
  • Worked across multi-agency safeguarding arrangements — social care, health and the CPS.
  • Balanced victim care and welfare with evidential and procedural demands under sustained emotional load.
  • Joined via Police Now's competitive graduate leadership scheme, policing a dedicated neighbourhood as a frontline emergency-response officer.
  • Assisted the major investigation Operation Knowlton, which saw five defendants jailed for life for murder; managed the initial scene of a fatal road-traffic collision — first aid, evidence, and coordination of arriving responders.
  • Built community trust, handled incidents end-to-end, and developed the investigative and communication foundations the later roles were built on.
  • Worked in a small team on a knowledge-management and recruitment problem in British law enforcement, applying the ArchiMate business-architecture framework.
  • Combined the team's analysis into recommendations that were well received by the client.
$ selected work

Selected work across security, compliance, investigations, applied AI and communications. Details generalised to protect client confidentiality.

Built the organisation's ISO/IEC 27001:2022 ISMS to UKAS-accredited certification — all 93 Annex A controls in an approved Statement of Applicability, a full policy suite, and the risk, asset and supplier-assurance processes behind them. Consolidated the controlled document set from ~120 to 68 while retaining every mandatory record.

Assembled and structured a 482-exhibit evidence corpus documenting intimidation and its business impact, organised and cross-referenced to withstand legal scrutiny.

Delivered a solicitor-instructed asset-tracing investigation across 321 exhibits, applying SHA-256 hashing and OpenTimestamps integrity stamping so every exhibit's authenticity and timing can be independently verified.

Assessed the screening status of all 1,429 staff of a client, surfacing 218 individuals unlawfully over-checked and two hard legal safeguarding gaps — turning the findings into a remediation and governance proposal.

Designed and built a private, locally-hosted team of models for investigative work — subject identities never leave the premises. Models chosen for intelligence, independence and integrity, with every output verified against source; paired with a redaction gateway that strips personal and client-confidential data before any prompt reaches a cloud model.

Created the “Walk and Talk” campaign to improve communication between police and the public — designed the internal administrative structure, the feedback and information-gathering survey, and all marketing materials, then trained other forces to implement it across the country.

Managed all communications across South-Central London during Operation Bridges following the Queen's passing — social-media monitoring, live local campaigning, internal operational communications, and advising management, colleagues and partners.

$ certifications
ISO/IEC 27001:2022 — built and run the organisation's certified ISMS (UKAS-accredited)
ORG CERTIFIED
Cyber Essentials — certified 2025 (v3.2); renewal in progress (v3.3)
2025 · RENEWING
ISC2 Certified in Cybersecurity (CC)
CERTIFIED
UK GDPR / Data Protection Act — programme owner (ROPA, DPIA, DSR, breach & retention)
PROGRAMME
$ education
MSc, Public Policy — Maastricht Graduate School of Governance
2016
MSc, Human Development — United Nations University (UNU-MERIT)
2016
BA, Social Science — University of Manchester; Philosophy, Politics & Anthropology
2015
$ capabilities
Security & Compliance
ISO 27001 UK GDPR / DPA Cyber Essentials Risk management Policy & governance Supplier assurance
Investigations & OSINT
Evidence handling Chain of custody Asset tracing Screening & vetting Intelligence analysis
Engineering
Network segmentation Firewalls / VLAN Google Workspace admin Linux / RPi hardening Python Self-hosting
Research & Methods
Mixed-methods Quantitative analysis Qualitative research Survey design Interviews Statistical software
Communications
Crisis & ops comms Public affairs & media Media production Campaign design Audience insight Writing & rhetoric
$ applied ai
Speed of delivery
AI-assisted workflow

Use AI across research, drafting, and analysis to compress work that would otherwise take days into hours — while verifying every output against source.

Private local model team
3 GPUs · ~72 GB VRAM · fully local

Built a private, locally-hosted team of models for investigations — subject identities never leave the premises. Models chosen for intelligence, independence, and integrity.

Custom quantisation & pruning
in progress

Currently building my own custom quant/prune to fit capable models to the hardware without surrendering accuracy on the tasks that matter.

Redaction gateway
cloud-LLM safety boundary

Strips personal and client-confidential data before any prompt reaches a cloud model.

$ research & writing
Re-Peel
an ethical framework for policing
#philosophy#policing#virtue-ethics

Argues that policing has lacked thorough ethical examination since Robert Peel, and proposes capacity-based and virtue-ethical alternatives to guide policy.

On Gödel
undergraduate thesis
#logic#philosophy-of-maths

Undergraduate thesis on Gödel's theorems, artificial intelligence, and the language of thought.

More in the Enquiry Log →

$ making / homelab
Photography
street & documentary · London

See the gallery →

Miniature painting
hand-painted · 28mm

Hand-painted tabletop miniatures.