Metis Security exists because of how I have spent my career, and how I believe cybersecurity should be delivered.
When people first hear what I do, they often assume I am “just” a penetration tester or a hacker. That is an understandable assumption. Technical security testing has been a core part of my work for well over two decades, and it remains a fundamental part of what I do today. I am still a hands-on technical consultant. However, that has never been the whole story.
From early on, my work has sat at the point where detailed technical assessment meets real organisational decision-making. I have spent years delivering complex testing and assurance work, but also explaining what those findings actually mean in practice — for systems, for risk, and for the people accountable for both. Metis Security was created to bring that combination together in a focused and deliberate way.
I came into cybersecurity long before it was a clearly defined profession. There were fewer labels, fewer specialisms, and little room to hide behind process. You were expected to understand systems properly, take responsibility for the quality of your work, and stand behind your conclusions. That experience still shapes how I work today.
It taught me that technical depth matters enormously, but only delivers value when it is applied with judgement, clarity, and care.
My career has always remained technical at its core. I have led and delivered large-scale penetration testing and assurance programmes, worked on high-pressure environments, and been trusted with systems where failure was not an option. That experience informs how I assess environments, how I prioritise issues, and how I judge what really matters.
Alongside this, I have spent many years working with senior leaders, regulators, and business stakeholders. Not to simplify the technical reality, but to ensure it is communicated accurately and responsibly. Good security advice does not lose precision when it is explained clearly; it gains impact.
Over time, I have often found myself acting as a bridge between deeply technical teams and business-focused leadership. That role requires calm, credibility, and consistency. It also requires being able to say “this matters” and “this does not” with equal confidence — and to be trusted when doing so.
I remain closely involved in delivery, but I am equally comfortable shaping how security services are defined, run, and improved. How assessments are scoped, how results are presented, and how organisations move from findings to meaningful improvement. These are not separate disciplines; they are part of the same responsibility.
Metis Security was founded to reflect a particular way of working.
Rather than operating as a high-volume consultancy, the focus is on quality, continuity, and outcomes. I work directly with clients, bringing both technical capability and informed judgement to each engagement. There are no unnecessary layers, and no dilution of responsibility.
I care about the organisations I work with, and about the people accountable for security decisions. That care shows up in how engagements are run, how findings are communicated, and how recommendations are framed. It also shows up in being selective. Metis Security is not designed for organisations looking for the cheapest option or a purely compliance-driven exercise.
For clients who want a safe pair of hands — someone who understands the detail, respects the pressure they are under, and can be relied upon to deliver work of a consistently high standard — Metis Security offers a professional, dependable approach.
I believe effective security work should be rigorous, calm, and proportionate. It should hold up technically, but also make sense in the real world. It should reduce uncertainty, not add to it.
Much of the most valuable work happens quietly: careful assessment, clear explanation, sensible prioritisation, and steady improvement over time. There is no need for drama, exaggeration, or unnecessary complexity.
Care is central to how I work, but it is expressed through professionalism rather than promises. That means being thorough, dependable, and honest — even when the message is uncomfortable. It also means respecting constraints, timelines, and business realities, and helping clients navigate them rather than ignoring them.
Metis Security is intended to be a long-term consultancy, built on trust, consistency, and quality of delivery. Not large, not impersonal, but reliable and effective.
If this resonates, I would welcome a conversation. Not a sales discussion, but a practical one — about your environment, your risks, and how security can support what you are trying to achieve.
Good security is built on trust, and trust is built over time. That is what Metis Security is here to provide.
Trusted Microsoft Cloud Security Advisor with 27 years experience | Empowering Businesses to Embrace Cloud Innovation with Confidence
