[go: up one dir, main page]

Intelligence. Not Artificial

Senior Independent Security Expert providing strategic security leadership and technical expertise:

  • Systems evaluation & architectural review
  • Adversarial analysis & security assessments
  • Secure systems design & implementation
  • Legacy systems security
  • CISO-as-a-Service & CSO-as-a-Service

background image: NASA/JHUAPL/SwRI/AndreaLuck

background image: NASA/JHUAPL

Professional Services

Systems Evaluation and Architectural review

Comprehensive assessment of existing IT systems to identify performance bottlenecks, security vulnerabilities, and optimisation opportunities. In-depth analysis of system architecture to ensure scalability, reliability, and alignment with business objectives.

  • Architectural reviews to ensure that the design is optimal, scalable and future-proof.
  • Security analysis to verify that the design is secure with no hidden weaknesses.
  • Analyse systems from early high-level conceptual designs to production systems requiring a review.
  • Pre-production architectural review.

Adversarial Analysis and Security Assessments

Proactive identification of potential attack vectors and threat modelling to strengthen system resilience against sophisticated threats. Rigorous evaluation of security controls and protocols to protect critical assets and maintain compliance with industry standards.

  • Bespoke vulnerability analysis against specific threats.
  • Full red-teaming scenarios covering all attack vectors.
  • Tabletop exercises with security and operations management.
  • Wargames with design and development teams.

Secure Systems Design & Implementation

Design and implementation of robust security architectures that integrate protection mechanisms throughout the system lifecycle.

  • Design from scratch secure systems matching business requirements and objectives.
  • Implement secure systems with appropriate technology.
  • Pragmatically choose technology with emphasis on reliability and dependability.
  • Prepare disaster recovery and business continuity plans for the design.
  • Sovereign data design and implementation.

Legacy Systems Security

Modernisation and hardening of legacy systems to address contemporary security challenges while maintaining operational continuity.

  • Mainframe security analysis.
  • SCADA / ICS / OT security analysis.
  • Isolation of legacy systems which cannot be secured against modern threats due to obsolescence.
  • Pragmatic approach to securing legacy systems without replacing them needlessly.

C[I]SO-as-a-Service

Providing experienced leadership in information security governance, risk management, and compliance programmes. On-demand Incident Response leadership and guidance.

  • ISO27001, ISAE 3402, SOC 2 Type II, DORA.
  • 3rd-party security validation and due-diligence, with specific DORA focus.
  • 3rd-party exit strategies, both for SaaS and on-prem models.
  • Disaster recovery and business continuity.
  • Security policies and procedures.
  • Technical leadership for security operations.
  • SIEM/SOC design, procurement and operation.
  • Sovereign data design and implementation.
  • On-demand Incident Response leadership.
  • Contract negotiation and pre-purchase evaluation.

About

Arrigo Triulzi Lampugnani is an accomplished, highly-technical, IT security all-rounder, offering CISO-as-a-Service alongside comprehensive expertise in systems evaluation, adversarial analysis and red-teaming, architectural review, security assessments, secure systems design, and legacy systems security.

A highly-skilled, independent security expert, Arrigo is renowned for his exceptional analytical capabilities, particularly in adversarial thinking—commonly described as "thinking out of the box"—enabling the development of sophisticated attack strategies and innovative security mechanisms.

He represents an ideal technical director for security, particularly within complex environments such as critical infrastructure where dependability and reliability are paramount, or as a Chief Security Officer benefiting from his extensive knowledge and expertise in both offensive and defensive security disciplines.