Cyber security advisory

Katherine is the Head of Proactive Cyber Services based in Manchester, UK.

Katherine has 15 years of experience in cyber security advisory. As a Head of Proactive Cyber Services at S-RM, Katherine leads on developing the strategy for advisory, offensive security and private equity cyber services, supporting clients on their cyber transformation journeys. 

Prior to joining S-RM Katherine was a Senior Manager in PwC for just short of 4 years, specialising in cyber security advisory across private and public sector clients including cyber transformation, strategy, operating model, cyber risk assessment and management engagements. Katherine is an SME in supply chain security and was leading PwC’s third-party security risk management services helping clients identify critical third parties, assess and manage the risks they pose.  

Before PwC, Katherine was and Executive Principal Consultant at the NCC Group where she worked for 11 years, managing a security audit team and leading on the third-party risk services. Under Katherine’s leadership the audit team conducted PCI Card Production audits globally, comprising of security assessments of payment cards production facilities against the security standards of multiple payment schemes. 

Katherine is CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional), ISO27001 Lead Auditor and previously PCI QSA.

Paul is S-RM’s Head of Cyber Security, Americas. Paul has over 20 years of experience spanning both the private and government sectors in roles across leadership, military intelligence and counterterrorism, and cyber security leadership & engagement delivery. Before joining S-RM, he was the Managing Director of Incident Response for a global consulting firm. In this role, he used his experience to help clients who were experiencing complex ransomware attacks.

After a career in the U.S. Army, where he was a subject matter specialist in various facets of the Intelligence and Special Operations fields, Paul joined PwC. At PwC, he was an engagement manager and focused on cyber security strategic transformation projects. He has significant experience advising Fortune 100 clients through proactive security transformation efforts and post-breach remediation activities. He has a strong track record of partnering with senior security leaders to mature their cyber security programs on their strategic journeys.

Paul holds an MBA from Norwich University. He was in the first graduating class of the Norwich University Strategic Studies and Defence Analysis program. He is also the co-author of “Security Supervision and Management: Theory and Practice of Asset Protection.”

Mike leads S-RM’s Cyber Advisory practice in the UK and specialises in the delivery of strategic governance and cyber risk management services, overseeing engagements with clients from a diverse range of sectors to make their organizations more resilient to cyber security risks.

Mike joined S-RM’s Risk Consulting Team in 2015 as a corporate security operations manager focusing on the provision of terrorism and political violence response services. He subsequently led the development of S-RM’s crisis preparedness functions for corporate clients from a range of sectors and developed specialisms in the design and delivery of emergency management training. In 2018 Mike was seconded to Cape Town as S-RM’s Head of South Africa, taking responsibility for the company’s staff and business activities in sub-Saharan Africa. He returned to the UK to head S-RM’s Cyber Advisory function in 2020.

Before joining S-RM, Mike spent five years in the British Army, leaving at the rank of captain. Mike holds an honours degree in History and Politics from the University of Exeter and is SANS GSEC certified.

Lenoy is a Director in S-RM’s cyber security division. She has over 10 years’ experience spanning security risk management and strategic consulting. Since joining S-RM in 2018, Lenoy has supported clients working through complex cyber and physical security challenges, and has led projects spanning the financial services and insurance, energy, manufacturing and FMCG sectors, among others.

Prior to joining S-RM, she worked as a portfolio manager for a global asset management firm. She is a CFA Charterholder and has an MA in International Relations from King’s College London.

Michael has over 15 years of experience working in “Big 4” accounting firms and reputable global consulting firms operationalizing IT Risk, Cyber Supply Chain Risk, and Governance, Risk, and Compliance (GRC) strategies and programs across multiple industries, including Financial Services, Pharma, Tech, Manufacturing, Retail, Energy, and Rail Transportation.

Specifically, Michael’s experience includes leading and supporting largescale global transformations, strategy development, maturity/current state assessments against industry-leading frameworks, program design and implementation, project management, change management, GRC technology selection and implementation, leading and conducting IT and supply chain risk audits, and various other related strategic activities in support of assisting clients to solve complex problems with pragmatic solutions. 

Prior to S-RM, Michael worked at PwC as a Senior Manager first within the Performance, Governance, Risk, & Compliance team and later within the Cyber, Risk and Regulations practice as part of the Third-Party Risk Management team. Michael also worked at EY in the IT Risk Assurance practice as a Manager focused on IT audits (including SOX audits), vendor risk control assessments, and SOC reports. Prior to starting his career in the civilian sector, Michael served in the US Army as a commissioned officer where he honed his leadership and problem-solving skills leading soldiers in combat missions while deployed.

Gideon Teerenstra is Head of Cyber Advisory Benelux for S-RM’s Cyber practice. With over 10 years in the industry, Gideon has worked closely with our clients to develop tailored solutions that map their precise requirements for cyber strategy and implementation based on their locations, exposure, and objectives. Prior to joining S-RM, he worked for the Cyber Strategy team of Deloitte Netherlands and has been the CISO of a university medical centre.

Gideon holds a bachelor’s degree in Industrial Engineering & Management, and a master’s degree (honours) in Business Information Technology, specialising in Innovation & Management.