I work on security risk in industry and energy environments, where downtime means safety incidents and production losses.

15+ years in security governance and risk management at enterprise scale, working across international industry and energy operations. Previously architected a global cybersecurity improvement programme covering 40+ industrial sites.

Sector experience spans paper, pulp, plywood, biofuels, timber, packaging materials, packaging solutions, biomaterials, and hydro power plants.

IT/OT convergence is where I operate: assessing operational risk across diverse business units while balancing security requirements against production continuity. Each site presents different threat profiles, different production constraints, different risk tolerances.

My approach to risk-based thinking comes from facilitating accreditations for classified systems in defence, where system compromise meant national security implications. That methodology transferred directly to industrial environments: assess threats, quantify business impact, enable informed risk decisions.

I work at the governance level, translating between executive risk appetite and operational security reality. Executive priorities become practical controls and processes teams can implement. Operational posture becomes risk language executives use for decisions.

ISMS governance, ISO 27001, strategic risk assessments, IT and OT site security assessments, vulnerability management programmes, system security assessments.

I’ve adapted military system security frameworks for enterprise compliance and lifecycle management, established 24/7 incident response governance, designed security architecture that enables business operations without unacceptable risk.

Based in Finland. ISACA and ISF member.

Get in touch

Open to conversations about security governance, architecture, and risk in industry and energy.

[email protected]LinkedIn