Specialist infrastructure and security consulting for London financial-services SMBs. VPN architecture, Zero Trust access, secure remote working and data residency — designed around how your traders, advisers and back office actually work. Independent since 2020. 25+ years in IT infrastructure.
Your data is sensitive. Your traders need low-latency access from anywhere. Your compliance team needs audit trails. Your clients expect enterprise-grade security from a 15-person firm. Off-the-shelf managed IT, designed for generic SMBs, leaves gaps that only become visible after an incident.
I’ve spent 25+ years designing infrastructure for sites where security wasn’t optional — from Chelsea FC matchday operations to The Shard. Since 2020 I’ve applied that same architecture discipline to London brokers, investment firms and City traders under confidential contracts.
Client trades, positions, research — all sensitive, often regulated. AI tools that send data to third-party providers create compliance risk you can’t unwind. I deploy private AI and secure pipelines that keep data inside your infrastructure.
Traders working from offices, clubs, homes, abroad. Most VPN setups I inherit are end-of-life, single-factor, or bolted together in 2020 and never revisited. I redesign around Zero Trust principles so access is per-application, not whole-network.
Trading desks can’t tolerate five-second VPN handshakes or flaky Wi-Fi. Network architecture designed for the actual workload — not generic office-worker defaults.
FCA, GDPR, MIFID, internal compliance — every access request, every config change, logged and retrievable. Most firms I audit have no centralised logging at all. That’s fixable in weeks, not months.
Three pillars, integrated. Designed around how financial-services SMBs actually operate — not retrofitted from a managed-IT template.
Modern VPN architecture (WireGuard, IPSec, Fortinet/Cisco), Zero Trust Network Access (ZTNA) so users connect to specific applications not whole networks, MFA everywhere, device posture checks, privileged access management.
Self-hosted LLMs running inside your infrastructure. Research summarisation, client communication drafts, compliance-ready document classification — with zero data sent externally. No ChatGPT leaking client positions.
Network segmentation, firewall hardening, endpoint detection & response (EDR), DNS filtering, centralised logging for audit, backup architecture that survives ransomware. The basics, done properly.
Independent since 2020. All current client work delivered under confidential contracts. Past project experience includes senior infrastructure roles at The Shard, Chelsea FC, Silverstone Racing Circuit, Manchester Arndale and Ealing Council. References available on request.
Free 20-minute strategy call to diagnose. Paid scoping session if we progress. Written scope and fixed fee before any work starts. Weekly check-ins throughout. Full documentation — network diagrams, runbooks, credential vault, training — on handover. No vendor lock-in. Optional monthly retainer for ongoing strategic support.
Typical engagement: 4–6 weeks for a complete network refresh or secure-access overhaul. Larger programmes (cloud migration, private-AI deployment) run 10–20 weeks. Emergency interventions can start in days. See the full process →
If your current IT setup was stitched together in a hurry, bolted-on over years, or inherited without documentation — book a free 20-minute strategy call. I’ll tell you honestly whether you need a full refresh or a surgical fix.
Free 20-min Strategy Call