What I do.
Four core capabilities, built on seventeen years of doing this for real. Every service exists because I've seen what happens when organisations try to do without it.
Secure-by-Design Architecture
NCSC-aligned. CIS-hardened. Built right from the start.
Most environments are built first and secured later — if they're secured at all. Flat Active Directory structures where Domain Admins log into workstations. Servers deployed with default configurations that haven't changed since the original build. Privilege creep that nobody audits. Then someone runs an audit, and it's hundreds of findings and no plan to fix them.
I design and implement environments where security is structural. Active Directory tiering aligned to NCSC best practice — Tier 0, 1, and 2 separation with dedicated admin workstations, tiered service accounts, and least privilege enforced through Group Policy at every level. CIS benchmark hardening applied from inception on new builds, or retrofitted systematically across existing estates. Server upgrades from end-of-life platforms like 2012 R2 through to Server 2022 and 2025 — clean builds, not in-place upgrades, with every new server deploying pre-hardened.
Whether it's a greenfield build or an estate that's been accumulating technical debt for a decade, the approach is the same: assess, design, implement, and hand over something that meets the standard — not just on paper, but in practice.
Who it's for
Organisations running flat AD structures, untiered admin access, unhardened servers, or end-of-life platforms. Government departments, defence primes, and regulated industries where NCSC and CIS compliance isn't optional.
What it solves
Eliminates lateral movement risk through proper AD tiering and least privilege. Brings environments into CIS and NCSC compliance. Gets organisations off unsupported platforms and onto hardened, modern infrastructure.
Private AI Solutions
Your data. Your models. Your infrastructure.
Large language models and AI tooling are transforming how organisations work. But if your data is sensitive — classified, commercially confidential, regulated — sending it to a third-party API is not an option.
I design and deploy fully private AI solutions. Self-hosted, air-gapped if needed, running on your infrastructure. I built my own private AI stack from scratch — not because it was fashionable, but because I needed one that I could trust. Now I build them for clients who need the same.
This isn't a chatbot on a website. This is enterprise-grade AI that runs where you control it, trained on what you choose, accessible only to the people you authorise.
Who it's for
Defence contractors, legal firms, healthcare providers, financial institutions — anyone whose data cannot leave their perimeter.
What it solves
Gives you the productivity advantage of modern AI without the data sovereignty risk. Full control, zero exposure.
AI-First Automation
If a human does it repeatedly, an AI agent should own it.
Every organisation has them — the processes that eat hours, the manual steps that someone does because that's how it's always been done. User provisioning. Compliance reporting. Data validation. Incident triage. Tasks that follow a pattern, every time, but still land on a person's desk.
I build AI agents and multi-agent systems (MAS) that take ownership of these workflows end to end. Not simple scripts or basic RPA — intelligent agents that understand context, handle exceptions, coordinate with each other, and execute autonomously. One agent provisions the account, another configures the mailbox, an orchestrator manages the sequence. The human submits the request. The agents do everything else.
This is an AI-first approach to automation. Every repetitive process is a candidate for an agent. Every manual handoff is a gap an AI system can close. I identify the work your team shouldn't be doing, design the agent architecture, build it, and hand over a system that runs itself.
Who it's for
Organisations where skilled people are wasting hours on repetitive tasks. IT teams buried in provisioning, reporting, and manual processes. Any operation where the work follows a pattern and a human is only there because nobody built the agent yet.
What it solves
Replaces recurring manual effort with autonomous AI agents that execute faster, more accurately, and without intervention. Measurable ROI from week one — not a slide deck promise, a working system.
IT Consultancy & Contracting
I don't advise. I build.
There's a type of consultant who produces a report and leaves. I'm not that. I embed with your team, take ownership of the problem, build the solution, and hand over something that works — documented, tested, and ready for your people to run.
Seventeen years of contract work across UK defence has taught me how to walk into complex environments, assess what's broken, and deliver under pressure. No ramp-up theatre. No six-week discovery phase to tell you what you already know.
I work on contract engagements ranging from targeted builds to long-term embedded roles. If you need a senior engineer who owns problems end-to-end, that's what I do.
Who it's for
CTOs who need senior delivery capability without permanent headcount. Programme leads who need someone who can hit the ground running. Defence primes and government departments who need cleared, proven contractors.
What it solves
Gets senior engineering capability into your team without the overhead of permanent hire. Delivers working systems, not slide decks.
Not sure which service fits?
Most engagements combine more than one. Tell me the problem — I'll tell you what it takes to solve it.
Start a Conversation