Works in theory.
Works in practice.
Head of information security & compliance at a private risk advisory — sole owner of its security, compliance and IT function.
I built its ISO 27001 management system to UKAS-accredited certification, designed its security architecture, and deliver evidence-grade investigations to legal standard — increasingly AI-assisted, on a private local model stack I built and run.
Before this, eight years in UK policing: child-abuse investigator, sergeant, and operational communications manager leading a team of seven. Trained in philosophy and public policy, with mixed-methods research at the core of how I work.
- Built the ISO/IEC 27001:2022 ISMS to UKAS-accredited certification: all 93 Annex A controls in an approved Statement of Applicability, a full policy suite, risk register, asset register and supplier-assurance process.
- Consolidated the controlled document set from ~120 to 68, cutting monthly review load from nine documents to five while retaining every mandatory ISO record.
- Hold and renew Cyber Essentials (2025, v3.2; 2026 renewal in progress, v3.3), with live remediation during assessment — disabled SSH password authentication, confirmed default-drop host firewalls, and separated admin from standard accounts.
- Run the UK GDPR / Data Protection Act programme: ROPA, DPIA and data-subject-rights procedures, a personal-data-breach procedure with the 72-hour ICO notification path built into business continuity, and lawful-basis analysis underpinning every investigation.
- Designed and maintained security architecture — VLAN segmentation, context-aware access control, data loss prevention, and more.
- Business development: authored a screening-governance proposal that converted into live delivery, ran a UK public-procurement tender pipeline, and developed the firm's Trust Centre and brand assets.
- Managed the operational communications function, directing messaging and information flow across live incidents.
- Supervised and developed a team of seven — tasking, welfare, standards and performance.
- Made time-critical decisions in fast-moving situations, coordinating between frontline units and command.
- Conducted safeguarding investigations, building court-standard case files and managing evidence with rigorous chain of custody.
- Worked across multi-agency safeguarding arrangements — social care, health and the CPS.
- Balanced victim care and welfare with evidential and procedural demands under sustained emotional load.
- Joined via Police Now's competitive graduate leadership scheme, policing a dedicated neighbourhood as a frontline emergency-response officer.
- Assisted the major investigation Operation Knowlton, which saw five defendants jailed for life for murder; managed the initial scene of a fatal road-traffic collision — first aid, evidence, and coordination of arriving responders.
- Built community trust, handled incidents end-to-end, and developed the investigative and communication foundations the later roles were built on.
- Worked in a small team on a knowledge-management and recruitment problem in British law enforcement, applying the ArchiMate business-architecture framework.
- Combined the team's analysis into recommendations that were well received by the client.
Selected work across security, compliance, investigations, applied AI and communications. Details generalised to protect client confidentiality.
Built the organisation's ISO/IEC 27001:2022 ISMS to UKAS-accredited certification — all 93 Annex A controls in an approved Statement of Applicability, a full policy suite, and the risk, asset and supplier-assurance processes behind them. Consolidated the controlled document set from ~120 to 68 while retaining every mandatory record.
Assembled and structured a 482-exhibit evidence corpus documenting intimidation and its business impact, organised and cross-referenced to withstand legal scrutiny.
Delivered a solicitor-instructed asset-tracing investigation across 321 exhibits, applying SHA-256 hashing and OpenTimestamps integrity stamping so every exhibit's authenticity and timing can be independently verified.
Assessed the screening status of all 1,429 staff of a client, surfacing 218 individuals unlawfully over-checked and two hard legal safeguarding gaps — turning the findings into a remediation and governance proposal.
Designed and built a private, locally-hosted team of models for investigative work — subject identities never leave the premises. Models chosen for intelligence, independence and integrity, with every output verified against source; paired with a redaction gateway that strips personal and client-confidential data before any prompt reaches a cloud model.
Created the “Walk and Talk” campaign to improve communication between police and the public — designed the internal administrative structure, the feedback and information-gathering survey, and all marketing materials, then trained other forces to implement it across the country.
Managed all communications across South-Central London during Operation Bridges following the Queen's passing — social-media monitoring, live local campaigning, internal operational communications, and advising management, colleagues and partners.
Use AI across research, drafting, and analysis to compress work that would otherwise take days into hours — while verifying every output against source.
Built a private, locally-hosted team of models for investigations — subject identities never leave the premises. Models chosen for intelligence, independence, and integrity.
Currently building my own custom quant/prune to fit capable models to the hardware without surrendering accuracy on the tasks that matter.
Strips personal and client-confidential data before any prompt reaches a cloud model.
Argues that policing has lacked thorough ethical examination since Robert Peel, and proposes capacity-based and virtue-ethical alternatives to guide policy.
Undergraduate thesis on Gödel's theorems, artificial intelligence, and the language of thought.
More in the Enquiry Log →
Hand-painted tabletop miniatures.