Senior capabilities
The primary engagement at CyberPOPE is the retained security partnership for founder-led SMEs. The capabilities below are senior work I have led inside larger organisations. They are listed here so the work is discoverable, not promoted as a service.
These engagements assume an organisation already operates around CIS IG3 CIS IG3 The highest implementation group of the CIS Critical Security Controls. Intended for organisations with sensitive data, dedicated security teams, and regulated obligations. or a mature, working ISMS ISMS Information Security Management System. Mature means policies, risk treatment, evidence, review cycles, and control ownership are actively maintained - not only documented. under ISO 27001. If you are still building a baseline, start with the SME paths instead.
Enterprise track record
Four areas of work
Each entry below is work I have led or built inside a larger organisation. The scope, team structure, and reporting line are agreed before any engagement starts.
DevSecOps
Security built into the pipeline
Threat modelling at design, SAST and DAST SAST / DAST Static and dynamic application security testing. Code-level scanning during build and behavioural testing of the running application. gating in the build, SBOM SBOM Software Bill of Materials. A machine-readable inventory of components in a build, used to track vulnerabilities and licence exposure across the supply chain. and supply-chain controls, secret scanning, IaC IaC Infrastructure as Code. Cloud and platform configuration written as version-controlled files (Terraform, Bicep, Pulumi). Reviewed and tested like application code. review, signed builds, and runtime feedback that reaches developers without slowing the team down.
The goal is fewer late-stage findings and a release process that engineering trusts.
Cyber Threat Intelligence
Standing up a CTI function
Mandate, source mix across OSINT, commercial feeds and ISAC membership, analyst tasking and tradecraft, reporting cadence to the SOC and to the board, and tight integration with detection engineering and risk management.
I have built this capability inside a large enterprise, from charter to first board-level briefing.
Threat Hunting
Hypothesis-driven hunting
Hunting cycles built on concrete hypotheses, purple-team loops with the SOC, and measurable coverage against MITRE ATT&CK MITRE ATT&CK A public knowledge base of adversary techniques. Used to measure where detection coverage exists, where it is missing, and how to prioritise new detections. - not a generic dashboard.
Findings feed back into detection content, so each hunt improves the standing posture.
Incident Response & Crisis
Leading major incidents
Incident command, coordination across legal, communications and the executive team, regulator notifications where they apply, and post-incident review that changes controls instead of producing a long document.
Available as senior support to an existing IR function, not as a 24/7 SOC replacement.
When this is for you
Who this fits
Fits
- A working ISMS with active risk treatment, evidence and review cycles.
- A dedicated security team or SOC already in place.
- Regular board-level security reporting.
- Budget and mandate for senior advisory work on a defined initiative.
If this matches you, use the Discovery Calculator to size a retainer around the capability you need. We agree the goal, then mature the programme month by month.
Does not fit yet
- Still building a baseline. Start with the SME retainer instead.
- Looking for a 24/7 managed SOC. This is advisory work, not an operational replacement.
- Looking for a fixed-scope project. I work by retainer, sized in hours against an agreed goal.
If the SME retainer is the better starting point, see Retained Partnership, Practical Security, or ISO 27001.
If the scope fits
Book a call
Engagements at this level start with a scoping conversation, not a proposal template. Pick whichever channel suits you.
