20+ years protecting IT and OT environments for utilities, energy, and government. Now available to advise your organization.
Previously served as Head of IT & Cybersecurity Assurance — Dubai Electricity & Water Authority (DEWA)
Independent advisory engagements offered in personal capacity
Services
Six service lines built around the way critical-infrastructure organizations actually work — engineering, audit, board, and everywhere in between.
Independent assurance across IT and OT — finding what your internal teams can't, before regulators do.
Learn moreFrameworks that survive an audit and don't drown the business.
Learn moreSecuring what your engineers shipped last sprint.
Learn moreIEC 62443 in practice — substations, water networks, control rooms.
Learn moreBriefings that turn cyber risk into business decisions.
Learn moreBuilding security organisms, not security checklists.
Learn moreFor
Power generation, transmission, water networks. SCADA, ICS, IEC 62443.
Critical national infrastructure, regulators, sovereign assurance frameworks.
Regulated GRC, ISO 27001, ISO 22301, internal audit, third-party assurance.
Cyber strategy, board briefings, M&A due diligence, post-incident reviews.
03 / Experience
From early ERP implementations to leading AI-driven assurance — every chapter compounds. The OT audit work in 2006 is the foundation that makes today's IIoT and Copilot governance possible.
Pak Petrochemicals, Artistic Milliners
Built foundations across ERP rollouts, IT operations, and process automation.
Pak Arab Refinery
Hands-on SCADA/DCS audits across oil & gas — including pipeline pilferage controls.
Ernst & Young
IT/OT strategy, SAP GRC, COBIT, and SOX engagements across multiple sectors.
Dubai Electricity & Water Authority
Designed the IT/OT audit program. Delivered the first SAP GRC implementation in the Middle East.
Dubai Electricity & Water Authority
Built the ISO 37301 compliance framework and digitized compliance operations.
Dubai Electricity & Water Authority
Leading AI/Copilot analytics, IoT, Cloud, and IIoT governance programs.
04 / Credentials
Each one represents real fieldwork — from offensive engagements to OT plant audits to board-level governance design.
Offensive Security Certified Professional
OffSec
GIAC Penetration Tester
GIAC / SANS
GIAC Exploit Researcher and Advanced Penetration Tester
GIAC / SANS
GIAC Cloud Penetration Tester
GIAC / SANS
Offensive Security Wireless Professional
OffSec
Certified Ethical Hacker
EC-Council
Certified Red Team Professional
Altered Security
Corelan Advanced Exploit Development
Corelan
Global Industrial Cyber Security Professional
GIAC / SANS
ISA/IEC 62443 Cybersecurity Expert
ISA
ICS Cybersecurity In-Depth
SANS
GIAC Critical Controls Certification
GIAC / SANS
Certified Internal Auditor
IIA
Certified Information Systems Auditor
ISACA
GIAC Certified Forensic Examiner
GIAC / SANS
Certified Information Systems Security Professional
(ISC)²
Certified Information Security Manager
ISACA
Certified in the Governance of Enterprise IT
ISACA
Certified in Risk and Information Systems Control
ISACA
Certified Data Privacy Solutions Engineer
ISACA
Cybersecurity Practitioner
ISACA
Certified Chief Information Security Officer
EC-Council
GRC Professional
OCEG
GRC Auditor
OCEG
Project Management Professional
PMI
05 / Selected engagements
Client identities are protected. Outcomes are real.
Designed and delivered the IT/OT Cybersecurity Assurance Program for a major Middle East utility — full coverage across IEC 62443, NIST CSF, and DESC ISR.
First integrated SAP GRC implementation (AC, PC, RM) in the Middle East.
Reduced audit cycle time by 25% using Power BI, Copilot, and automation.
Stood up a Compliance Department supporting transition from state-owned to publicly listed entity (SCA / DFM regulated).
Developed ISO 37301-aligned compliance framework leading to certification.
Reduced manual whistleblowing-case effort by 80% via digital channels.
Delivered cybersecurity assurance on oil pipeline operations — addressed pilferage and theft controls.
07 / How to engage
All commercials on request — sized to scope, sector, and the level of regulatory scrutiny involved.
Monthly executive advisory, board prep, and on-call guidance.
Best for
CISOs, CIOs, and Audit Committees who need a sounding board year-round.
Defined-scope assessments, audits, and framework design.
Best for
Programs with clear deliverables — typically 4–16 weeks.
Board briefings, executive cyber simulations, and OT security workshops.
Best for
Leadership teams that need to align fast on cyber posture.
Multi-day cohort training on the body of knowledge for major IT/OT certifications (IEC 62443, GICSP, CISSP, CISM, OSCP and more).
Best for
In-house corporate programs and executive bootcamps focused on applied knowledge.