About Us

Information security — or cyber security, if we’re being fashionable — is rarely a role you’re thanked for.

You’re told you’re slowing the business down. Internal Audit quietly expands your remit to include everything. Project managers stop responding as go-live approaches. And when something inevitably breaks — usually late on a Friday — security becomes everyone’s top priority. Suddenly, the same voices that dismissed the risk are competing to be seen as decisive, while actively complicating the response.

If you’ve held a CISO role, none of this will surprise you. The average tenure barely clears three years. Accountability routinely exceeds authority. You’re expected to own risks you didn’t create, remediate them with budgets you don’t control, and do so without disrupting someone else’s “critical” delivery.

That reality is why the Secure Information Handling Academy exists.

We’re here for security leaders operating in real organisations — not theoretical ones. Organisations with legacy estates, political constraints, outsourced technology, and stakeholders who only care about security when it’s already gone wrong.

We provide pragmatic guidance, defensible policy frameworks, and security artefacts that are designed to survive governance forums, delivery pressures, and executive scrutiny — not just audits.

Everything here has been built by experienced practitioners, including CISO-level leaders from FTSE 100 and Fortune 500 organisations.

This isn’t aspirational security. It’s what works — and what lasts.

If information security leadership has ever felt like controlled damage limitation with a risk register, you’re among peers.