Meet Our Experts

This work draws on his experience leading the world’s first successful implementation of BS 7799 (now ISO 27001).

Alan has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He also teaches the IT Governance: Foundations and Principles course (also accredited by IBITGQ). Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.

<< Less

In addition to sitting on the UK National Standards Body’s technical committees for RM/1 (risk management) and RM/1/-/3 (responsible for BS 31111, Cyber risk and resilience), IST/33 (Information technology – Security techniques) and sub-committee IST/33/1 (Information security management systems), he is chair of IST/33/1 Panel 2 (Certification and audits), which is responsible for the UK’s contributions to ISO 27006, 27007, 27008, 27021 and CEN TC 428 on e-competence and ICT professionalism

Steve is an authority on information security management and ISO 27001 implementation, and is co-author (with Alan Calder) of the definitive compliance guide, IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (now in its sixth edition).

<< Less

He has helped one of the first companies in the UK to achieve full certification under BS25999-2 (now ISO22301) and is currently delivering a number of ISO27001 ISMS projects for companies in the UK and overseas. He is also a leading business continuity author of ITGP titles A Manager’s Guide to ISO22301; ISO 22301: A Pocket Guide, and Everything You want to Know about Business Continuity.

Tony is a full member of BCI and is a certified Lead Implementer and Lead Auditor for ISO 27001 and ISO 22301. He also holds CRISC, CISMP and ITIL Foundation certificates.

<< Less

He has successfully supported a wide variety of organisations, from SMEs to global corporations spanning the private and public sectors, through to accredited certification, to all of these standards.

Nick is a certified ISO20000 Practitioner and is our resident Green IT/EN16001 and ISO50001 expert.

<< Less

He has a strong technical background, with experience of ethical hacking, digital forensics and wireless security issues. Geraint has broad technical expertise in security and IT infrastructure, including high performance computing.

He holds certifications in security and digital forensics including CISSP, CREST Registered Tester, CEH and CHFI.

<< Less

He has a BSc in computer security and forensics, an MSc in information management and security, and is an (ISC)2 Associate for CISSP and PCI Lead Implementer.

<< Less

He has supported and developed PCI DSS and PA DSS-compliant payment applications, as well as SaaS products for hosted payment solutions.

Jeremy is also an ISMS Lead Implementer and Lead Auditor, and PCI Lead Implementer, as well as an (ISC)² Member for CISSP.

<< Less

He also delivers IT Governance’s CRISC revision course and is an ISO 27001 certified Lead Auditor.

Gareth holds the ISACA certification in Risk and Information Systems Controls (CRISC) and is a CESG Certified Professional (CCP).

<< Less

Adrian’s background in the law provides him with in-depth, specialist knowledge of the legal landscape; combined with his experience consulting in the business world, he is uniquely placed to identify, design and implement business-friendly solutions to the complexities of maintaining legal compliance. Adrian has particular expertise in data protection law, as well as holding ISO 27001 Lead Implementer and Lead Auditor qualifications, which, combined with his MBA, positions him well to consult with organisations burdened by an ever more complex regulatory environment.

<< Less

Richard has near-encyclopaedic knowledge of the UK’s Data Protection Act, as well as considerable experience with data protection laws and regulations from a host of other jurisdictions, including the US and European Union. He has helped a number of organisations determine their obligations under the DPA, as well as identifying and implementing solutions.

Richard has nearly two decades’ experience in information security, including developing information security management frameworks for major multinationals. Combined with his impressive knowledge of legal and regulatory frameworks, he is able to support clients in maximising both security of information and compliance with legal requirements.

<< Less