Everyone thinks that moving to the cloud is easy. Choose a platform, write a few scripts and start saving thousands a month by no longer needing a data centre. As many people are quickly finding out, the technology isn't the only challenge.

When transitioning your organisation to a cloud centre of excellence, the strategy and operating model has to be the number one priority. Working out what skills you need, how your teams interact and how the existing service and finance processes will be effected are critical. That's where I come in. My advisory retainer gives you access to the strategic and tactical expertise you need to succeed, avoiding the gotchas.

How does it work?

Our agreement gives you unlimited access to me via phone, email and Microsoft Teams. I am there to assist, direct and assure you and your organisation that you are making the right decisions at the right time.

These are the types of things I can help you with:

  • Initial security strategy planning session where I work with you and your key stakeholders to define long term goals, bring myself up to speed with your existing capability and the organisational challenges you currently face.
  • Regular meetings with you or a primary stakeholder to discuss inflight delivery, any blockers or strategy, longer term issues and business goals.
  • Strategic and tactical advice as the project runs, acting as a sounding board as you work to achieve project completion.
  • Access to my cyber security framework that covers key artefacts such as policies, standards and target state architectures.
  • Review of operating model processes, goals, roadmaps and organisation structures and architectural governance. Where appropriate, I will provide samples, inputs and workshops to assist with definition.
  • Technical reviews of cloud security designs, patterns, roadmaps or platforms. Feeding in experience from industry standards and previous deliveries.
  • Strategy and Architecture consulting and recommendations on technical landscape, target architecture, roadmaps and recommended technologies to align to business goals.
  • 24x7 situational and reactive access to my knowledge in the event of an issue that may not be known (e.g. support issue, security incident or disaster recovery scenario)
  • Cybersecurity and risk management consultancy, covering risk management, security controls and regulatory compliance.

Who I work with

As much as I would love to work across the whole team, my advisory retainer is geared towards organisational change and strategic initiatives. The goal is to drive change within your cyber security and cloud programmes, therefore it is recommended I work with your C-suite, director level or heads-of.

It's not just me

Over the years I have worked with some of the best technologists, architects, engineers and business analysts. I've stayed in touch and am able to call upon these skills when required.

How much?

My fee is £15,000 (excl. VAT) a month, and is all inclusive of any travel or expenses. It also includes access to my associate network for when their advisory services are needed. Discounts are available based on quarterly and annual arrangements. Scope can be adjusted to include or exclude different services listed above.

I only take on a small number of clients at a time, so space is limited. If I don't have availability, you are more than welcome to join the waiting list.

To secure my services, payment for the retainer will be up front.

What about projects?

Where a key delivery is required, for example a high level design or script deployment, I will provide a fixed price, outcome based project statement of work that will cover the work, and would be separate to the advisory retainer. The retainer is for strategic advice rather than hands on delivery.

Who have I helped?

I have worked with a whole host of organisations across several verticals. Some key deliveries over the years have been:

Interim head of cloud strategy and security - This was for a big four consulting firm for a well known government organisation in the UK. Responsible for building out a new organisation to delivery cloud security in a highly regulated environment. I covered operating model, strategy, organisation structure and running a team of 6.

Modern IAM Strategy- A leading UK e-commerce retailer who also offer financial services to their clients. Over an 18 month period I worked with them to define and deliver a modern identity and access management strategy and roadmap that revamped their security posture. Covered capabilities such as Entitlement management, Joiner/Leaver/Mover and moved them to a passwordless organisation.

Landing Zone and security remediation - Working for a consulting company, I was delivering a security remediation strategy to a global financial services organisation. The key delivery was to remediate key critical security risks after a security incident. This covered delivering Azure enterprise scale, update of security roadmap and strategy and deliver a zero trust methodology to improve their security posture.

Global Network detection and response - Working with another consultancy, I was a delivering an enterprise security architecture service to roll-out a network, detection and response platform across a global footprint of AWS, Azure and physical datacentres. This included full integration and customisation into the Microsoft Defender suite and Sentinel.

Get in touch

To book my services, or have a chat about how I can help, drop me an email to

You've successfully subscribed to A blog by Paul Sanders
Great! Next, complete checkout for full access to A blog by Paul Sanders
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.