About me
I'm a Computer Engieer by training (BASc and MEng), who got into infosec way back in the late 90s. I originally thought Infosec was an engineering problem, turns out it's a risk management problem.In my time in the profession, I've done a bunch of stuff: operations, vulnerability management, asset management, compliance, risk management, etc.
For the past 10-15 years, I've focused on applying modern risk management approaches to cybersecurity. Data driven security, risk quanitfication, or at the very least applying the principles of FAIR and Rick Howard to build a sane Cyber Risk Managment Program (nee ISMS).
Outside of the profession we can talk about scifi, Stoicism, CrossFit, soccer, fitness, AI, retrogaming, golden era hip-hop, a bit of everything really.
LinkedIn