CISSP Domain Expertise — All 8 Domains
Security and Risk Management
Kai brings board-level fluency to risk management — translating technical threat exposure into financial and regulatory risk language that boards and audit committees act on. He has designed governance frameworks, defined risk appetite and owned regulatory relationships across multiple sectors.
Asset Security
From data classification policy to secure disposal of decommissioned infrastructure, Kai has managed the full asset security lifecycle in environments where data sensitivity ranges from commercially confidential to national security classified.
Security Architecture and Engineering
A core specialism. Kai has designed Zero Trust architectures for cloud-hybrid environments, implemented defence-in-depth layering across network, identity and application tiers, and engineered cryptographic key management systems at financial services scale.
Communication and Network Security
Kai has hardened network architectures across distributed, multi-site enterprises including aviation ground systems and government wide-area networks — spanning secure protocol design, wireless security and the microsegmentation strategies that contain lateral movement.
Identity and Access Management (IAM)
IAM is Kai's primary domain specialism. He has architected and implemented enterprise IAM programmes — including federation, SSO, MFA, lifecycle management and privileged access — in environments where an identity compromise has regulatory and national security consequences.
Security Assessment and Testing
Kai has commissioned, structured and quality-assured penetration testing programmes, vulnerability management cycles, red team exercises and internal security audits. He understands assurance testing as a leadership tool — not just a technical checkbox.
Security Operations
Having led security operations functions through multiple material incidents, Kai has developed and rehearsed incident response playbooks, managed SIEM and SOC implementations and navigated the regulatory notification requirements that follow a significant breach in a regulated sector.
Software Development Security
Kai has embedded secure development practices into DevOps pipelines, overseen application security programmes and — critically — managed the third-party software supply chain risk that has become the dominant attack vector in critical infrastructure environments.
IAM and PAM — Identity as the Control Plane
Identity and Access Management in Depth
Kai London's IAM expertise spans the full lifecycle of identity — from provisioning and federation to deprovisioning and forensic audit. In environments where identity compromise can trigger regulatory penalties or national security consequences, the quality of IAM architecture is not a technical preference; it is an organisational survival question.
His IAM programme designs are built on zero-standing-privilege principles, using just-in-time (JIT) access provisioning, conditional access policies and continuous authentication signals to ensure that access is appropriate, current and auditable at every point. He has implemented identity federation across multi-organisation environments — aviation consortia, government joint ventures and banking group structures — where cross-domain trust must be established without creating unacceptable attack surface.
Privileged Access Management — Stopping Credential-Based Attacks
Kai's PAM architecture work addresses the reality that privileged credential abuse is the mechanism behind the majority of material breaches in regulated industries. His PAM designs incorporate session recording, just-enough-access assignment, time-limited credential vaulting and break-glass procedures that preserve operational resilience without creating persistent high-privilege pathways.
In defence and critical infrastructure environments, Kai has implemented air-gapped PAM solutions for operational technology (OT) environments, where the threat model includes nation-state actors targeting industrial control systems. His approach treats PAM not as a tool deployment but as a programme — with governance, policy, privileged account discovery, certification cycles and ongoing assurance woven into the operating model.
Cloud Security Architecture
Securing the Cloud-Hybrid Enterprise
Kai has led security architecture for cloud migrations across AWS, Azure and GCP in regulated sectors where data sovereignty, residency requirements and audit obligations significantly constrain architectural choices. His cloud security programmes are built on Cloud Security Posture Management (CSPM), infrastructure-as-code security scanning, runtime protection and the identity-centric access models that replace perimeter-based thinking.
In aviation and banking environments, Kai has navigated the regulatory complexity of cloud adoption — satisfying supervisory expectations (PRA, FCA, EASA, NIS Regulations) while achieving the operational flexibility that cloud migration is intended to deliver. He approaches SASE (Secure Access Service Edge) architectures as the convergence of network and security controls appropriate for distributed workforces accessing cloud-native services.
His cloud security work consistently returns to identity as the perimeter. In a world where workload identity — service accounts, machine identities, API keys and ephemeral compute roles — outnumbers human identities by orders of magnitude, the governance discipline applied to non-human identities determines the effective security of the cloud estate.
Kai London's Professional Profiles
Books on Security, Trust and Resilience
Kai London's books address the security challenges boards, CISOs and practitioners face — from identity-based attacks to AI governance, wireless security to organisational trust failure. Available via Amazon.co.uk.
Every breach begins with a login that should have been stopped. A practitioner's guide to the identity threats that bypass perimeter controls and why credential compromise is the opening move in nearly every major incident.
The complete enterprise wireless security programme — from radio frequency threat modelling to Zero Trust airspace design. Essential reading for CISOs in aviation, campus and hybrid-work environments.
When organisational trust fails, the business fails. A diagnostic and recovery framework for CISOs and boards dealing with the aftermath of a material breach, insider incident or supply chain compromise.
A systematic approach to hardening the enterprise against the most common attack paths — credential abuse, phishing, misconfiguration and supply chain risk — with controls mapped to CISSP domains and regulatory expectations.
As AI agents proliferate across the enterprise, governance and control frameworks must evolve. This book addresses AI security architecture, identity governance for AI workloads and the risk management questions boards are beginning to ask.