Selected Projects

A selection of recent architecture, identity, cloud, risk and transformation projects delivered for global enterprises, public institutions and critical-infrastructure organizations.

Each project demonstrates structured architecture, practical governance, clear ownership and security improvements that can be implemented and operated

Sysco — M&A Cybersecurity Governance 

Global Distribution · 2024 

Improved cybersecurity integration practices for acquisitions by standardizing documentation, security baselines, asset discovery, AD consolidation planning, vulnerability remediation and follow-up. Created Armis IoT discovery and deployment procedures and network documentation standards for acquired companies.

Key outcomes:

• Reduced onboarding and integration risk

• Clear technical and governance requirements

• Improved cross-team accountability

• Better visibility of inherited infrastructure and unmanaged assets

Sanoma — Post-Acquisition Cybersecurity Integration

Media / Education · 2022–2023

Assessed IAM, infrastructure, application and security governance gaps during acquisition integration. Coordinated vulnerability remediation, reviewed controls and delivered ISO 27001 / Secure SDLC awareness to support integration readiness.

Key outcomes:

• Improved security visibility

• Clear remediation responsibilities

• Better application-owner awareness

• Structured integration support

Ørsted — OT Remote Access & Zero Trust Architecture

Energy · 2022

Performed OT remote access assessment for ICS / SCADA operations. Delivered a 60-page configuration review and designed a secure access model aligned with Purdue and IEC 62443 principles.

Key outcomes:

• Hardened Citrix-based remote access

• Clear RBAC and identity governance recommendations

• MFA, monitoring, segmentation and PAM integration guidance

• Audit-ready documentation for security and operational stakeholders

Electrolux — Azure Governance, AD Tier 0 and PAM Framework

Manufacturing · 2022–2023

Drove security architecture improvements across Azure, Active Directory and PAM. Defined AD Tier 0 isolation, Azure RBAC governance and BeyondTrust PAM onboarding/support framework aligned with ISO 27001.

Key outcomes:

• Reduced risk around Domain Admin access

• Clearer delegation and privileged access model

• PAM operating procedures and ownership structure

• Stronger auditability and privileged access governance

Ahold Delhaize via TCS — Hybrid Identity Stabilization

Retail · 2023

Acted as escalation lead for one of the world’s largest hybrid AD and Entra environments, supporting more than 700k users. Resolved cross-domain issues, misconfigured trusts, DNS/Infoblox problems, GPO failures and high-impact outages. Built PowerShell automation for IAM operations and incident recovery.

Key outcomes:

• Improved operational stability

• Faster incident response and service request fulfillment

• Reduced configuration drift

• Stronger reliability across complex directory services

Howden Group — ISO 27001 Audit Readiness

Insurance · 2021–2022 

Localized ISO 27001 controls and security policies for the Polish branch. Delivered training, evidence packs, Microsoft Defender and Tenable rollout support, and access-control improvements.

Key outcome:

• Improved audit readiness from approximately 30% to 80% with supporting evidence

Earlier Projects (Condensed) 

• UBS — IT Risk & Control

Infrastructure risk assessments, control mapping and regulatory readiness.

• GAIN Capital — Identity & Threat Response

Identity-related remediation after Citrix NetScaler compromise.

• EY — Incident Response & PKI Governance

NIST/ISO-aligned incident response plans and Venafi-based PKI governance.

• Earlier Enterprise Infrastructure & IAM Roles

AD, Citrix, VMware, PKI, VPN, GPO, access governance and endpoint security.

• Founder of IT Consultancy

Secure LANs, remote access, endpoint protection and IT support services for SMB and public-sector clients.