01 — Profile

Where law, security and the cloud meet.

A rare blend: a privacy lawyer who ships security, and the founder of NormShift. I translate regulation into controls, and controls into trust.

Over four years bridging the gap between legal obligation and technical execution — combining qualified privacy-law expertise (CIPP/E) with hands-on security delivery as a CISA- and AWS-certified practitioner.

From data-protection programmes under the DPDP Act and GDPR to ISO 27001 and SOC 2 compliance, cloud security, third-party risk and incident response — I've built and run these functions inside regulated environments where the cost of getting it wrong is real.

Today I'm the founder of NormShift, where I help fintechs and regulated entities bridge regulation and innovation. Before that, as a CISO I chaired security committees, reported to boards, ran security operations centres, and trained over 900 people. What ties it together is a conviction that security and privacy aren't checkboxes — they're how a business earns the right to grow.

"Compliance isn't a burden — done right, it's the engine that fuels future growth."

Privacy lawyer

Qualified in law, specialising in cyber-law, data-protection & digital governance.

Security operator

Built & ran SOCs, SIEM, VAPT and end-to-end incident response.

Cloud-native

AWS zero-trust, IAM least-privilege & continuous compliance.

Board-level

Chaired security committees; reported to executives & the board.

How I work

Principles that travel with me.

P / 01

Risk over ritual

Controls should reduce real risk — not just satisfy a clause. I prioritise what actually moves the threat needle.

P / 02

Build to last

Frameworks, not firefighting. I design programmes that survive audits, growth and the next regulation.

P / 03

Translate fluently

Legal, technical and executive all speak different languages. My job is to make them agree.

P / 04

Default to least-privilege

Zero-trust isn't a slogan — it's the baseline. Access is earned, scoped and continuously verified.

P / 05

Measure everything

RPO, RTO, coverage, cost. If it matters to the board, it gets a number and a trend.

P / 06

People are the perimeter

The strongest control is an aware team. Training at scale is security infrastructure.

Curious how I'd approach your environment?

Let's talk about where you are, where regulation is heading, and how to get ahead of it.

Get in touch