I've advised on cybersecurity governance and risk for organizations including Bell Canada, Nortel Networks, HP Canada, NAV Canada, and federal and provincial government bodies. That work spans practical implementation, audit, and education — supporting executives making decisions, organizations meeting external requirements, and professionals building their expertise.
45 Years in IT Security. Real Audits, Real Boardrooms.
CISSP since 2005, CISA since 2012. Former Internal Auditor at HP Canada. I help organizations manage cybersecurity risk, meet regulatory and insurance requirements, and strengthen resilience — using what actually works in practice, not just what's in the Body of Knowledge.
Choose Your Focus
For Professionals & Students
Focused instruction to build understanding, prepare for certification,
and strengthen key areas.
Learn more →
For Insurance & Compliance
Practical guidance to meet insurer expectations, reduce exposure,
and demonstrate due diligence.
Learn more →
For Executives
Fractional / Virtual CISO support to manage risk, guide decisions,
and align cybersecurity with business priorities.
Learn more →
Background
I graduated from Queen's University in Kingston in 1985 with a B.A. in Computer Science, having worked four summers at IBM. I worked as a security consultant for numerous companies including Bell Canada, PetroCanada, Nortel Networks, HP Canada, and NAV Canada, and in the public sector at the federal and provincial levels. I obtained the CISSP certification in 2005 and CISA in 2012. I became an IT Auditor at HP Canada and worked in Internal Audit until I retired in 2018. I have been a freelance instructor since 2019, delivering 160 courses and counting, both on-site and online.
I have been teaching certification courses for six years, including CISA, CISM, CISSP and related subjects. The course material is taken from the Body of Knowledge (BOK) sources for these credentials — but the BOKs stop short of showing how to actually put the credentials into practice. A newly certified professional can pass the exam and still have no idea how to write an audit report that survives management scrutiny. A new manager can receive that report and have no idea what to do with it. That gap is what my work fills.
My approach is grounded in decades of hands-on experience, beginning with early personal computing and evolving with modern enterprise environments. From implementing practical access controls in shared systems to advising on governance and risk, my focus has remained consistent: understand systems at a fundamental level, and apply that understanding to solve real-world problems — the kind the BOK doesn't cover.
You can contact me if you have suggestions or questions.