I started out as a pentester, working on side-channel evaluations at SGS Brightsight. Within Brightsight, I moved into site audits, learning how secure development environments and processes come together behind the scenes. A few years later, I became a lead Common Criteria evaluator in Brightsight, guiding complex projects from first draft to final certificate.
After about eight years on the evaluation side, I moved into certification and today, I primarily work with TrustCB, a certification body handling nearly 100 high-assurance certificates each year. This transition gave me a rare perspective: I’ve now seen the process from every angle; pentesting, auditing, evaluation, and certification.
Through Arrow Cybersecurity Consultancy, I focus on a small set of highly specialised consultancy services — limited in number, but deep in expertise:
- Common Criteria/EUCC – practical, hands-on support to help you navigate evaluations and interact effectively with labs and certification bodies.
- CRA Compliance – guidance on aligning your security processes with the new Cyber Resilience Act.
- Site certification gap analysis – assessing your readiness for Common criteria or EMVCo site certification and identifying what’s needed to close the gaps.
- Training – tailored sessions on side channel, Common Criteria, EUCC, and certification best practices, built on real-world experience.
This is a very niche field, and that’s exactly what I enjoy about it. Every project brings new challenges, and the key to success is understanding how all the pieces, technical, procedural, and human can fit together.
Have a look at the Services section on this website and if you think I can help, let’s talk.