Founded by a practitioner who spent over 25 years working at the sharp end of information security — not in advisory roles at arm's length, but embedded inside some of the largest and most regulated organisations in the world.
That career spanned roles as a Field CISO, Security Architect, and Global Security Director across financial services, technology outsourcing, and critical national infrastructure. It included leading security programmes for organisations designated as systemically important by central banking regulators, directing globally dispersed security teams of 50–60 personnel, and advising on digital transformation programmes valued in excess of €1 billion.
The common thread across all of it was the gap between what security vendors sell and what organisations actually need. Pragmatic Security was built to close that gap — for businesses that don't have a CISO on staff, don't have a dedicated security team, and don't need one full-time, but do need the same quality of thinking that the largest organisations in the world rely on.
Our team is deliberately small and senior. Every client works directly with experienced practitioners — not a partner who sells the engagement and a junior consultant who delivers it.
Our team's collective background spans the most demanding security environments in the world. That depth informs every engagement we take on — regardless of the size of the client.
Senior security leadership at institutions regulated by central banking authorities and financial market regulators across Europe and the United States, including organisations designated as systemically important at a federal level.
Field CISO accountability for infrastructure operating under its own regulatory regime, directing globally dispersed security teams and overseeing managed security service providers across all security operations domains.
Global Security Director and Enterprise Security Architect roles spanning large-scale managed security programmes across 60+ countries, including pre-sales security design for nine-figure outsourcing engagements.
Information Security Manager and consultant roles at leading asset managers and global insurance groups, covering risk assessment, compliance, and security architecture across regulated financial environments.
Independent security advisor on a €1 billion+ digital transformation programme for an international financial institution, designing security architecture across 70 concurrent programmes of work.
Security advisory and architecture engagements across professional services, HR outsourcing, and technology consulting environments, with experience supporting Big Four-adjacent consulting programmes.
We hold the most respected certifications in the profession. We are active members of ISC2 Ireland and ISACA, and our founder has spoken publicly at ISC2 events on security leadership and online safety education.
Four principles that guide every engagement we take on.
We will tell you what you need to hear, not what you want to hear. If your security posture has gaps, we will name them clearly and tell you how to close them.
We design security programmes that fit your business — your size, your risk appetite, your budget, and your team's capacity. We do not sell you a framework built for a bank if you are a 20-person accountancy firm.
We measure success by whether your business is genuinely more secure and more resilient — not by the number of policies written or the length of our reports.
Good security should make your business more capable, not less. Our approach is to find the path that protects you without creating unnecessary friction.
Alongside large-scale enterprise engagements, we work directly with smaller Irish businesses facing very real, very immediate security challenges. These are a selection of recent engagements — anonymised to protect client confidentiality.
A large food processing company had been designated an 'Important Entity' under NIS2 and needed to understand which of its business processes had IT dependencies — and where single points of failure existed that could halt production.
A regional Donegal-based multi-national group of companies suffered a business email compromise (BEC) attack in which fraudsters intercepted and manipulated email communications to redirect a significant payment. The group lost over €1 million before the fraud was detected.
A fishing industry firm suffered a ransomware attack that took over ten office staff offline for three weeks. Their backups existed but had never been properly tested or validated — meaning the recovery process was far slower and more painful than it needed to be. Approximately two weeks of operational capability was lost, and significant data had to be manually re-captured.
An operator of essential services in the healthcare sector needed to implement a formal third-party risk management programme. The organisation relied on a wide range of suppliers and technology vendors, but had no structured process for assessing the security risk those relationships introduced into its supply chain.
A Donegal-based hotel needed to provide reliable, secure Wi-Fi for guests while ensuring that guest devices were completely isolated from the hotel's own business network — including its property management system, payment terminals, and back-office systems.