TL;DR Cybersecurity consultant, ethical hacker, and forensic investigator with 17 years of enterprise IT experience — spanning governance, operations management, business systems analysis and red teaming.
Over the past year I've rapidly compounded my certifications across ethical hacking, cloud security, and data privacy — and I'm not slowing down. The ISO 27032, Microsoft Cybersecurity Architect, and IAPP CIPT are scheduled in the coming months. The threat landscape changes weekly; staying ahead is a discipline, not an event.
My background is unusual on purpose. Strategic governance and business analysis on one side; deep offensive technical work and red teaming on the other. That blend means I can advise clients on security posture, operational resilience, and regulatory alignment without flipping between three different consultants.
I've delivered across financial services, SaaS and professional services — identifying risks, designing both defensive and offensive strategies, and most importantly making sure cybersecurity initiatives actually align with what the business is trying to do.
The philosophy.
Security work fails when it's bolted on. The technologists don't talk to the auditors; the auditors don't talk to the product team; the product team doesn't know what shadow IT the marketing team is running. My job is to be the connective tissue — fluent in attacker tradecraft, comfortable in a board briefing, and patient enough to map the actual workflows before recommending anything.
I work like an adversary because that's the only honest test. I document like an auditor because that's the only thing that survives a regulator's questions. And I build like a product owner because that's the only way a security programme keeps working after I leave.
Where I sit.
Based in Porto, Portugal — working in English, Afrikaans, and (slowly improving) Portuguese. Comfortable with EU regulatory contexts and equally fluent in Southern African data protection landscapes (POPIA). Most engagements happen remote-first; on-site in European Union and Southern Africa.
Outside the perimeter.
When I'm not in someone else's network with permission, I'm building HAX — a monitoring platform for analysing real-world hacking tools — running CTF practice, and reading more privacy regulation than is medically advised. Caped crusader by night, as the tagline goes.