What Should Our Cyber Security Goal...
For many SMEs, one of the first cyber security questions is how to define a clear and realistic objective. In...
Read More
I’m Geoff Poulter, and I work with AJC clients on a range of cyber security projects and ongoing support roles. My work is focused on helping organisations strengthen their cyber security in a practical, straightforward way, whether that means improving their overall security posture, supporting audits and assessments, or providing experienced second-line expertise to internal teams.
With more than 35 years of experience in IT, I have worked across a wide range of sectors, including financial services, insurance, military systems, manufacturing and professional sport. I am also an experienced ISO 27001 implementer and one of a limited number of SWIFT qualified assessors worldwide. Whatever the engagement looks like, my aim is always to make sure security works in the real world, not just on paper.
At AJC, I work closely with clients on both one-off projects and ongoing roles, depending on what their organisation needs. Cyber security can cover a wide range of issues, and no two clients are exactly the same. Some are looking to improve resilience, some need support with compliance requirements, and many need help with both.
I work alongside IT teams and wider business functions, including internal audit and shared services, to help ensure security is embedded in a way that is realistic and workable. The focus is always on practical improvements that suit the business, rather than theoretical solutions that are difficult to apply in day-to-day operations.
Whether I am supporting a specific project or acting as an ongoing adviser, I also aim to be a trusted sounding board for wider cyber security questions as they arise.
I get real satisfaction from knowing that every piece of work I undertake helps a client become that bit more resilient. AJC does not have a technology product to sell. The focus is on helping organisations improve their processes, strengthen their controls and understand where meaningful improvements can be made.
Even an audit can be highly valuable because it gives clients a clearer picture of where gaps exist and what they can do next. I also enjoy the working relationships that develop during each engagement, and being valued as part of the wider team, even when I am providing second-line support.
The work I do with clients can take many different forms, but it is always centred on helping them improve their security in a meaningful and manageable way. That can include developing cyber security strategies, creating and reviewing policies, supporting cyber incident response planning, and carrying out assessments aligned to recognised frameworks such as ISO 27001 and NIST.
I also support organisations with ISMS development, independent security assessments, and more hands-on work involving security tools and operations. In many cases, clients benefit from having experienced cyber security input that complements their internal capabilities and helps them move forward with greater confidence.
For many organisations, the risk of a serious cyber incident is one of the issues that weighs most heavily on leadership teams. A key part of my role is helping clients reduce that risk, improve visibility, and bring a greater sense of control to an increasingly complex digital environment.
AI is creating some of the newest and most significant cyber security challenges for organisations. Its use now spans large language models, such as ChatGPT, Claude and Copilot, as well as AI functionality built into business systems.
AI offers considerable opportunities, including better insight, improved efficiency and faster access to information. However, it also introduces risks that organisations need to understand and manage carefully.
AI outputs cannot be assumed to be correct simply because they have been produced by a system. They may be incomplete, inaccurate or affected by bias in the underlying data, so organisations need to verify information before it is used. “That’s what the system said” is not a defence.
My biggest concern is the risk of hidden data exfiltration. Information entered into an AI system may be retained or used as training data, depending on the platform and licensing arrangements in place. Organisations need to understand how their data is being used, insist on appropriate privacy arrangements, and make sure staff know what can and cannot be entered into AI tools. If someone uploads sensitive information by mistake, there may be no simple way to undo it.
Before joining AJC, I worked as the IT Manager for a fintech organisation, where I was responsible for internal IT across the UK, Europe and Africa. That role gave me broad responsibility across systems, infrastructure and operational delivery, while also reinforcing how important cyber security is to the effective running of a modern organisation.
After completing my IT degree, I began my career in business analysis before moving into software development project management, initially for financial organisations and later within a commercial software house. From there, I progressed into IT infrastructure management and then into broader senior IT leadership roles. Cyber security was a significant part of those roles throughout, and over time I chose to focus more directly on this area, building on my practical experience with professional qualifications and specialist expertise.
That combination of technical, operational and leadership experience allows me to understand cyber security not just as a control function, but as something that needs to support the wider business and work effectively in practice.
Each industry sector has its own nuances, often linked to the pace of change in its operating environment. However, some principles remain constant. Organisations need to be accurate, they need to be safe, and they need to recognise that they are potential targets.
The mindset now has to be that every organisation is likely to be attacked at some point, rather than asking whether an attack will happen. Some attacks may still get through, even if that is through something as simple as a social engineering or phishing email. Strong defences are essential, but they need to be accompanied by a clear plan for what happens if those defences are breached.
In some industries, the pace of change required in cyber defences is faster than in others. However, that gap is narrowing. For example, the UK Government-backed Cyber Essentials Plus standard now requires organisations to complete patch roll-out across their estate within 14 days of patches becoming available. To me, that shows how expectations are shifting. Across sectors, organisations are being pushed towards a more urgent, agile and disciplined approach to cyber security.
What makes AJC stand out is its practical and client-focused approach. The business is not interested in applying a one-size-fits-all model or offering advice that sounds good in theory but is difficult to implement. Instead, the focus is on understanding each organisation’s specific risks, requirements and objectives, then providing support that is proportionate, relevant and genuinely useful.
That approach is particularly important in cyber security, where organisations often need clear guidance and realistic support rather than complexity for its own sake. Being able to work in that way, and to support clients with solutions that fit their environment, is a strong part of what makes the role rewarding.
What has impressed me most working with AJC is the quality of the people. They are experts in their fields, positive, driven and great to work with.
Every engagement is focused on the client’s specific needs, with no “cookie cutter” approach. AJC takes the time to understand each organisation, then provides advice and support that is practical, proportionate and relevant. That makes a real difference, particularly in cyber security, where organisations need guidance they can actually apply.
Outside of work, I have a few interests that help me switch off and keep life varied. I have a flock of pet parrots at home, and they have plenty of character. They enjoy chatting and singing along to the radio and, over time, I have discovered that they seem to have favourite artists, including Phil Collins.
Music has always been an important part of my life. I have played several instruments over the years, and I now sing in a choir that performs arrangements of pop songs.
I also enjoy spending time on the water rather than in it. In my spare time, I go kayaking and, as a qualified Skipper, I have enjoyed sailing in different parts of the UK and the Mediterranean.
Cyber threats continue to grow in scale and complexity, and organisations need support that is both effective and realistic. At AJC, I work with clients to deliver practical cyber security improvements, whether through a specific engagement or as part of an ongoing relationship.
For organisations that need experienced second-line expertise, external support can be a cost-effective way to strengthen internal capability and improve confidence in their cyber security arrangements.
If you would like to find out more about how AJC can help, you can get in touch via our contact page or contact me directly at geoff.poulter@ajollyconsulting.co.uk.
For many SMEs, one of the first cyber security questions is how to define a clear and realistic objective. In...
Read More
For many small and medium-sized organisations, improving cyber security can feel daunting, especially when formal standards start to enter the...
Read More
The GDPR requirement to report certain personal data breaches within 72 hours is one of the most widely cited obligations...
Read More