Our Practices · London & Dubai

Four practices.
One strategic mandate.

Fractional CISO leadership, compliance gap analysis, independent vendor evaluation, and a dedicated DFSA · FSRA regulatory practice — engaged independently or combined as a multi-track programme.

/ 01 — Practices

Four practices.
One strategic
mandate.

Each practice area can be engaged independently or combined as a multi-track programme. All engagements are scoped to outcomes — governance maturity, audit readiness, cost reduction, or technology lift — not to billable hours.

i
Practice I

Fractional CISO

Also known as vCISO · CISO-as-a-Service

Board-level security leadership on retainer. Govern risk, translate threat posture into executive decisions, and lead your security programme without the full-time overhead.

  • Security strategy & governance frameworks
  • Board & stakeholder reporting
  • Zero Trust architecture design
  • SOC uplift & incident response planning
Learn more
ii
Practice II

Compliance Gap Analysis

Structured readiness assessments against ISO 27001, PCI DSS, GDPR, and UAE PDPL. Surface the gaps, prioritise remediation, and enter your audit with confidence.

  • ISO 27001:2022 gap analysis & SoA
  • PCI DSS v4.0 readiness assessment
  • GDPR & UAE PDPL alignment
  • Risk register & remediation roadmap
Learn more
iii
Practice III

Vendor Evaluation & Negotiation

Independent technical evaluation and commercial negotiation for major security and infrastructure purchases. No vendor kickbacks — your interests only.

  • RFP design & technical evaluation
  • Contract negotiation & TCO modelling
  • Vendor due diligence & risk assessment
  • Renewal reviews & cost optimisation
Learn more
iv
Practice IV

DFSA · FSRA Regulatory Practice

A dedicated practice for DIFC and ADGM authorised firms — cybersecurity, operational resilience, and business continuity delivered in the language regulators recognise.

  • DFSA GEN 5.5 cyber risk framework alignment
  • FSRA operational risk & continuity readiness
  • Named CISO appointments for regulated firms
  • Thematic review & examination preparation
Learn more
v
Practice V

AI Security Readiness

Governance and gap analysis for firms deploying AI — from board policy to model inventory. Aligned to ISO/IEC 42001, the EU AI Act, and emerging DIFC & ADGM supervisory expectations.

  • ISO/IEC 42001 & EU AI Act readiness
  • AI risk register & model inventory
  • LLM & GenAI usage assessment
  • Vendor & third-party AI due diligence
Learn more
+
Bespoke Engagements

Something else in mind?

M&A security due diligence, breach recovery, or a multi-disciplinary mandate? Every engagement begins with a confidential conversation.

Start a Conversation
/ 02 — Retainers

Transparent tiers.
Outcome-driven.

Monthly retainers scaled to organisational complexity. Every plan begins with a scoping call and can be paused or expanded at any time.

Three new engagements accepted per quarter
Starter
On request
Half-day bi-weekly
  • Initial gap analysis
  • Online consulting sessions
  • Policy template library
  • Email support (48h SLA)
Begin Engagement
Seed
On request
1 day bi-weekly
  • Everything in Starter
  • ISO 27001 / PCI DSS gap analysis
  • Quarterly board report
  • Risk register & roadmap
  • Priority chat support
Begin Engagement
Enterprise
On request
2 days a week
  • Everything in Growth
  • Formally appointed CISO
  • Regulator dialogue & examination support
  • Incident response retainer
  • 24/7 critical escalation
Begin Engagement

All plans include initial scoping call · Month-to-month · No lock-in contracts

Begin with a
strategic conversation.

Thirty minutes with a senior practitioner. No slides, no pitch — a candid assessment of where you stand.

Book a Consultation