§ about

Twenty-plus years of security work.

Career background across architecture, infrastructure, security, and solutions, plus the skills, certifications, and thinking behind the practice.

Background

My background spans hands-on technical delivery through to executive advisory work. That includes enterprise, infrastructure, security, and solution architecture, along with security leadership, programme design, privacy, and governance across regulated organisations in Australia and New Zealand.

More recently, a growing part of the work has been around AI: helping organisations make sensible use of generative AI, assess vendor and data-handling risk, put governance and guardrails in place, and keep security, privacy, and delivery teams aligned.

2018 – present

Independent advisory

Running WHC, a boutique security and privacy practice. Work spans fractional CISO engagements, security programme design, privacy advisory, and governance - across financial services, healthcare, technology, and the public sector in AU and NZ.

2015 – 2018

Enterprise security leadership

Senior security roles at scale across APAC and London. Led teams, held a CISO title, and ran security programmes inside regulated industries. Developed deep experience in enterprise risk, compliance, and stakeholder engagement at the executive level.

2010 – 2015

Security consulting

Founded and ran a security consultancy across New Zealand. Built a practice covering GRC, cloud architecture, identity and access management, and security programme delivery - working across government, financial services, and utilities.

2001 – 2009

Technical foundations

Started as a web developer and co-founder, progressed through network engineering and enterprise, infrastructure, security, and solution architecture in professional services and higher education. Built a strong grounding in systems design, infrastructure, and how technology holds together under pressure.

More detail on LinkedIn and via references, including feedback from founders, CTOs, and engineering leaders on security, compliance, and pragmatic advisory work.

Top human skills

Leadership

Leading by exampleExcellent team playerGood listenerOpen-mindedPragmaticSAFe/Agile practitionerMentor and trainerResource and conflict management

Business

Stakeholder managementTraining and awarenessNegotiationBusiness analysisPlanning and deliverySLA/OLA and KPISupplier management

Collaboration

C-level engagementPresentations (various levels, 100+ attendees)Meeting chairTech leadTechnical and end-user documentation

Top hard skills

Governance, Risk and Compliance (GRC)

Information security governanceRisk managementBusiness continuity planningCompliance and regulatory frameworks (NZ/AU Privacy Act, PSR-NZISM, PSPF-ISM, GDPR, MAS, HKMA, ISO 27001, SOC 2, PCI DSS, NIST, OWASP, CCPA)

Security and Privacy

Security solution designSecurity and privacy reviewsPlatform and application hardeningApplication development securityVulnerability managementIncident detection and responseNetwork and cloud securityIdentity and Access Management (IAM)Data Loss Prevention (DLP)Cryptography

Technology

Enterprise, infrastructure, security, and solution architecture (Azure, AWS, M365)Cloud integration and automationAI and machine learningStorage platforms, HA and redundancyNetworks and large multi-site environmentsVirtualisation

Certifications

2024Governance Essentials - Institute of Directors in New Zealand

2024Finance Essentials - Institute of Directors in New Zealand

2020Certified Scaled Agile Framework (SAFe) 5 Practitioner

2020AWS Certified Solutions Architect - Associate

2018Machine Learning, Stanford University (online)

2015ISACA Certified Risk and Information Systems Control (CRISC)scored in the top 5%

2015PCI Security Standards Council - PCI Professional (PCIP)

2014ISACA Certified Information Security Manager (CISM)highest score in Oceania

2012(ISC)² Certified Information Systems Security Professional (CISSP)

—ITIL, Microsoft enterprise architect, Cisco, VMWare, Compellent, Novell…