For Organisations & Professionals
Banking, finance, and institutional security
Practitioner-level GRC and compliance consulting — for financial institutions, auditors, and compliance teams who need someone who has actually done the work, not just studied the framework.
SWIFT CSP Independent Assessment
Formal independent assessments conducted against the SWIFT Customer Security Controls Framework (CSCF v2025). Active SWIFT CSP Assessor credentials. Work includes scoping, evidence review, control testing against all mandatory and applicable advisory controls, and the formal attestation package. I assess — I don't implement and then assess my own work.
Read about SWIFT CSP →ISO 27001 Implementation
End-to-end ISMS implementation for banks, NBFIs, payment processors, and financial institutions. 12 implementations completed — all in financial services. Scope definition, gap assessment, documentation framework, risk treatment, internal audit readiness, and certification preparation. Not a template-and-go service — built around how the institution actually operates.
Read about ISO 27001 →PCI DSS Consultancy
Gap assessments, readiness reviews, and ROC support for banks, payment service providers, and payment switch operators. 27+ full Reports on Compliance written. Scoped to where you actually are in the process — pre-assessment readiness is different work from post-finding remediation, and I treat them differently.
IT Audit
IT general controls audits, system access reviews, change management audits, and IT infrastructure reviews for financial institutions. Methodology aligned with ISACA standards. Structured to produce evidence that stands up to regulatory scrutiny, not just internal review.
For Individuals
Personal security — your device, your accounts, your home
The same methodology applied to banking infrastructure — applied to your personal digital life. Practical, specific, and done by someone who assesses this professionally. Not a generic checklist.
Personal Security Consultation
A structured conversation about your specific situation — what happened, what you're worried about, what needs protecting. I'll assess the risk and tell you exactly what to do next. No jargon. No upselling. Remote, via call or message.
Device & Account Security Audit
A hands-on review of your phone, laptop, and key accounts — checking for signs of compromise, removing threats, and hardening settings. Done remotely with step-by-step guidance, or in-person where possible. The same evidence-first approach used in enterprise security reviews.
Read about device security →Home Network Security Setup
Router configuration, guest network isolation, device segmentation, and basic monitoring setup. The principles applied to enterprise network security — translated to a home environment without the enterprise budget.
Device Sanitization
If you suspect your device has been compromised — malware, stalkerware, or unauthorized remote access — I run a structured check before recommending any drastic action. Evidence first. Factory reset only when nothing else clears it. What was accessed, how, and how to stop it happening again.
Read about scam awareness →Who this is for
Organisations & professionals
- In-house compliance teams at banks and NBFIs preparing for SWIFT CSP, PCI DSS, or ISO 27001
- IT auditors at financial institutions who need an independent assessor or specialist input
- GRC consultants who need a practitioner for a specific engagement they don't have the depth for
- Compliance officers who want a straight answer on what a standard actually requires — not what the marketing brochure says
Individuals
- Anyone who has experienced a security incident — hacked account, suspected malware, phishing, or scam
- People who want to get their personal cybersecurity in order properly, not by following generic online advice
- Individuals who need a specific technical task done — device check, router setup, account audit
- People who want to understand their personal risk and get a clear action plan
Who this is not for
Being specific about this saves everyone's time.
Certification on paper only
If the goal is to achieve a certification without doing the underlying work — to have documentation that looks right without controls that actually function — that's not something I'll help with. Every framework I work with exists for a reason. The work is real or it isn't.
Unauthorized or unethical assistance
Requests for unauthorized account access, bypassing authentication, recovering access to accounts you can't verify ownership of, or any work that involves compromising systems without explicit permission. Not available at any price, under any framing.
If you're not sure whether your situation fits — reach out anyway. The conversation costs nothing.
How it works
Three steps. No commitment until you decide there's a fit.
01
Reach out
Fill out the form below or send a WhatsApp message. Tell me what you're dealing with in a few sentences — no formal brief needed. Just what's happening and what you need.
02
We scope it
A short conversation — call, message, or email — to understand the situation properly. What the work involves, whether I can actually help, and what it would look like. No commitment on either side at this point.
03
We work
If there's a fit, we agree on what the engagement looks like and get started. The scope, timeline, and format depend entirely on what you actually need — not a pre-packaged service.