Details

Skills

Cybersecurity Strategy & Governance
Security operating model design
Cybersecurity strategy development
Security policy creation and rollout
Security organisation design and restructuring
Risk management (qualitative and quantitative)
Return on risk analysis
Benchmarking and maturity assessments
Cybersecurity legislation alignment (NIS2, DORA, ISO27001, IEC 62443)
Scalable governance frameworks
Security service catalogue definition
Stakeholder alignment and negotiation
Positioning security as internal consultancy

Compliance, Standards & Frameworks
ISO27001 implementation and certification (incl. turnaround cases)
IEC 62443 for OT/industrial security
NIS2 directive compliance
DORA regulatory alignment
SOA (Statement of Applicability) development
Risk-based prioritisation of controls
Audit preparation and delivery (internal and external)
Security tooling selection and implementation
Business continuity planning and exercises

DevSecOps & Cloud Security
DevSecOps pipeline development
Secure Software Development Lifecycle (SDLC)
Static/Dynamic Application Security Testing (SAST/DAST)
Code quality improvement and automation
Cloud-native security (implicit in DevSecOps work)
Reduced time to deploy secure features
Automation of security testing and CI/CD integration

Cybersecurity Testing & Technical Security
Penetration testing
Red teaming (social, technical, and physical vectors)
Threat modelling
Vulnerability assessment
OT/IoT risk simulation tools (e.g. windfarm modelling)
Secure by design principles
Technical prototyping
Cyber risk simulation and cost modelling

Cybersecurity Response & Crisis Leadership
Incident response planning and execution
Acting CISO in high-risk transitions and carve-outs
Crisis leadership and alignment under pressure
Post-breach remediation planning
Communications and change facilitation in resistant organisations
Coordination of risk, compliance, and engineering under time pressure

Artificial Intelligence & Data Science
Applied AI in real-world systems
Transitioning AI research to early-stage prototypes
Anonymisation of live medical video and unstructured data
Data privacy and inference risk mitigation
Support for regulatory acceptance of AI-powered tools

Leadership & Consulting
Executive-level sparring
High-performance team development
Cross-functional team leadership (GRC, SecOps, Engineering)
Recruitment and mentoring of technical staff
Workshop facilitation (internal and external stakeholders)
Empathetic leadership with cultural sensitivity
Communicating technical concepts to non-technical audiences
Trusted advisor roles with CISO/CIO stakeholders

Certifications & Qualifications
CISSP – Certified Information Systems Security Professional
ITIL Practitioner
ISO 31000 Risk Management Professional
Certified GRC Professional (GRCP)
IEC 62443 Cybersecurity Specialist
Executive MBA – London Business School
PhD & MSc Computer Science – DTU
BSc Mathematics – University of Manchester

About

Luke Herbert-Andersen is a seasoned cybersecurity consultant with over 15 years of experience helping organisations solve complex, high-stakes security challenges. He combines deep technical expertise with a strong strategic and business-oriented mindset, enabling him to design security operating models, lead regulatory alignment (e.g. ISO27001, NIS2, DORA), and drive transformation across both enterprise IT and OT/IoT environments.

Luke has served as acting CISO, built DevSecOps pipelines, and led security responses during incidents and carve-outs. His ability to bridge technical, regulatory, and organisational domains has made him a trusted advisor to CISOs, boards, and transformation teams alike. He is particularly effective in environments under pressure — where clarity, alignment, and delivery are critical.

With a PhD in Computer Science, an Executive MBA from London Business School, and certifications including CISSP and IEC 62443, Luke brings both academic depth and practical leadership. He is known for his innovative thinking, empathic leadership style, and talent for building high-performing teams that deliver real-world impact.