Dave is a cyber risk management expert with a difference. Rather than implementing information security to comply with the “rule book”, he promotes a business-oriented approach to the whole subject – assess your risks, protect yourself to an appropriate and affordable level, and get some business benefits -along the way. He instilled this ethos into Ascentor, which he co-founded in 2004.
With a background as an Information Assurance practitioner and accreditor in the military and central government, Dave brings solid experience of information security in the most demanding of environments to the wider business world. He devotes much of his time to spreading the word on the importance of managing information risk throughout a business and building it into all new projects and initiatives from the very beginning, not as an afterthought.
Outside of work, Dave enjoys family life and the great outdoors, where he gets away from the serious cerebral stuff with some serious skiing, climbing, hillwalking, mountaineering and sailing.
The Houses of Parliament engaged Ascentor to provide experienced guidance to implement a cloud information assurance process from scratch.
We quickly introduced a risk appetite statement for both Houses that reflected the concerns of the two SIROs and laid the groundwork for how information risks were to be treated.
The assurance process is now well-established. Risks are regularly reappraised and managed to ensure they stay consistent with the risk appetite statement and continually improve.
SeeByte UK engaged Ascentor to provide independent guidance to form a centralised approach to security that satisfied customer expectations in meeting multiple standards.
SeeByte UK and Ascentor worked together to develop a strategy to simplify and demonstrate its existing alignment with complex and varied cyber security and information assurance requirements.
Based on Ascentor’s advice and guidance, SeeByte UK was able to make informed decisions about the most pragmatic approach to take.
The Office for Nuclear Regulation (ONR) engaged Ascentor to help develop a risk-based assessment methodology for CS&IA inspections of List N facilities.
The findings of our inspections built a risk-informed picture of the maturity of CS&IA arrangements across 26 List N facilities.
The client commented on Ascentor’s “proportionate, pragmatic and flexible approach” which has significantly accelerated ONR’s ability to improve CS&IA-focused regulatory oversight across List N facilities.
This nuclear energy company engaged Ascentor as an independent Design Authority to strengthen cyber security assurance on design projects.
We engaged with a wide group within the business and conducted a cyber security assessment with improvement recommendations in just 20 days.
The client was impressed with our in-depth knowledge of the challenges of delivering cyber security into complex environments and the clarity of our delivery.
This major MOD programme involved development of a complex bespoke system for use in a high threat environment.
Ascentor helped the prime contractor deliver a fully compliant system in accordance with the MOD policy and requirements in just under four months.
The system subsequently achieved full accreditation and Ascentor was asked to support the prime contractor on another project.
This MOD delivery team needed security advice and guidance on an operationally important project demanding highly specialised capability.
Ascentor’s advice and guidance were commended by the accreditor and information asset owner (IAO).
The accreditor commented that the Security Assurance Coordinator (SAC) consultant from Ascentor was: “One of the best SACs I have worked with.”
The MOD needed security advice and guidance for this UOR to core project – used to procure equipment to support military needs in an emergency.
Ascentor assigned one of its qualified CESG Certified Professional Security and Information Risk Advisor consultants to support the project, achieving a successful transition in three months.
The accreditor endorsed the deliverables as well as Ascentor’s pragmatic and cost-effective approach.
Resilient, a pioneering provider of smart voice services, engaged Ascentor to help guide their security improvement and certification journey.
They needed to reduce risk and also wanted customers to have confidence and trust in Resilient as a safe and secure service provider.
Ascentor’s support steered Resilient down a smooth certification path towards a strong security culture – while avoiding the common pitfalls that can waste time, effort and money.