Everyone thinks that moving to the cloud is easy. Choose a platform, write a few scripts and start saving thousands a month by no longer needing a data centre.
When transitioning your organisation to a cloud centre of excellence, the strategy and operating model has to be the number one priority. Working out what skills you need, how your teams interact and how the existing service and finance processes will be effected are critical. That's where I come in. My advisory retainer gives you access to the strategic and tactical expertise you need to succeed, avoiding the gotchas.
How it works
Our agreement gives you unlimited access to me via phone, email and Microsoft Teams. I am there to assist, direct and assure you and your organisation that you are making the right decisions at the right time.
These are the types of things I can help you with:
- Initial security strategy planning session where I work with you and your key stakeholders to define long term goals, bring myself up to speed with your existing capability and the organisational challenges you currently face.
- Regular meetings with you or a primary stakeholder to discuss inflight delivery, any blockers or strategy, longer term issues and business goals.
- Strategic and tactical advice as the project runs, acting as a sounding board as you work to achieve project completion.
- Access to my cyber security framework that covers key artefacts such as policies, standards and target state architectures.
- Review of operating model processes, goals, roadmaps and organisation structures and architectural governance. Where appropriate, I will provide samples, inputs and workshops to assist with definition.
- Technical reviews of cloud security designs, patterns, roadmaps or platforms. Feeding in experience from industry standards and previous deliveries.
- Strategy and Architecture consulting and recommendations on technical landscape, target architecture, roadmaps and recommended technologies to align to business goals.
- 24x7 situational and reactive access to my knowledge in the event of an issue that may not be known (e.g. support issue, security incident or disaster recovery scenario)
- Cybersecurity and risk management consultancy, covering risk management, security controls and regulatory compliance.
Who I work with
As much as I would love to work across the whole team, my advisory retainer is geared towards organisational change and strategic initiatives. The goal is to drive change within your cyber security and cloud programmes, therefore it is recommended I work with your C-suite, director level or heads-of.
It's not just me
Over the years I have worked with some of the best technologists, architects, engineers and business analysts. I've stayed in touch and am able to call upon these skills when required.
What about projects?
Where a key delivery is required, for example a high level design or script deployment, I will provide a fixed price, outcome based project statement of work that will cover the work, and would be separate to the advisory retainer. The retainer is for strategic advice rather than hands on delivery.
Who have I helped?
I have worked with a whole host of organisations across several verticals. Some key deliveries over the years have been:
Interim head of cloud strategy and security - This was for a big four consulting firm for a well known government organisation in the UK. Responsible for building out a new organisation to delivery cloud security in a highly regulated environment. I covered operating model, strategy, organisation structure and running a team of 6.
Modern IAM Strategy- A leading UK e-commerce retailer who also offer financial services to their clients. Over an 18 month period I worked with them to define and deliver a modern identity and access management strategy and roadmap that revamped their security posture. Covered capabilities such as Entitlement management, Joiner/Leaver/Mover and moved them to a passwordless organisation.
Landing Zone and security remediation - Working for a consulting company, I was delivering a security remediation strategy to a global financial services organisation. The key delivery was to remediate key critical security risks after a security incident. This covered delivering Azure enterprise scale, update of security roadmap and strategy and deliver a zero trust methodology to improve their security posture.
Global Network detection and response - Working with another consultancy, I was a delivering an enterprise security architecture service to roll-out a network, detection and response platform across a global footprint of AWS, Azure and physical datacentres. This included full integration and customisation into the Microsoft Defender suite and Sentinel.