Discuss a decision
Independent buyer-side cyber advisory

Cybersecurity advisory for high-stakes decisions.

Straylight helps founders, investors, and public-sector leaders test claims, sharpen strategy, and make defensible choices before capital, reputation, or mission outcomes are committed.

Start a confidential conversation View engagement types
Experience includes
UK government intelligence Microsoft Threat Intelligence Center Industrial cybersecurity leadership NATO · Various NCSCs · ENISA · Black Hat Europe Quoted in WIRED · BBC · TechCrunch · The Register

Much cybersecurity advisory is shaped by the vendor side of the market: how to pitch, position, and sell. Straylight is shaped by the operator and buyer side — building intelligence capabilities, tracking adversaries, evaluating products, and deciding what would actually work under pressure.

We help clients test claims, sharpen decisions, and close the gap between strategic ambition and operational reality.

When we're useful

Most useful when the decision is important, the claims are difficult to test, and the cost of getting it wrong is high.

Who we advise

Advisory from the buyer side, regardless of who's in the room.

Cybersecurity companies

For founders preparing for serious buyers.

Founders and leadership teams preparing for enterprise, industrial, government, or national-security buyers who will test claims hard.

Typical focus: positioning, proof-of-concept readiness, buyer objection mapping, procurement narrative, GTM pressure-testing.

Engage before a major sales push, government-market entry, strategic partnership, fundraise, or board positioning decision.

Investors

For investors testing cyber claims before conviction.

Venture, growth, and strategic investors evaluating cybersecurity companies, technical claims, buyer adoption risk, and market substance.

Typical focus: technical credibility testing, market timing, buyer willingness to adopt, competitive landscape, management strength.

Useful when the company sounds credible and the real question is whether serious security teams will buy, deploy, and renew.

Public sector & critical infrastructure

For leaders making high-consequence capability decisions.

Public-sector, national-security, and critical-infrastructure leaders making high-consequence cyber and intelligence capability decisions.

Typical focus: requirements definition, supplier evaluation, operating models, adoption risk, operational reality versus proposal claims.

Before major capability investments, supplier evaluations, or intelligence programme redesigns.

Engagement types

Four common engagements. Each is principal-led, scoped around a specific decision, and designed to produce clear outputs.

Engagement

Buyer Readiness Review

For cybersecurity startups preparing for serious buyers.

Outputs
  • Positioning pressure-test and gap assessment
  • Buyer objection map
  • Proof and credibility gap assessment
  • Procurement narrative recommendations
  • Messaging and positioning changes
Engagement

Investor Diligence

For funds evaluating cybersecurity deals.

Outputs
  • Expert call or written diligence memo
  • Technical claim pressure-testing
  • Buyer adoption risk assessment
  • Market and competitive landscape read
  • Red flags and follow-up diligence directions
Engagement

Intelligence Capability Design

For organisations building or reshaping intelligence functions.

Outputs
  • Operating model and workflow design
  • Governance and team structure
  • Tooling and architecture recommendations
  • Decision-support model design
  • Implementation roadmap
Engagement

Retained Strategic Advisory

For leadership teams facing consequential decisions.

Outputs
  • Monthly or quarterly advisory sessions
  • Board or executive counsel
  • Product, market, and capability reviews
  • Consequential decision support
  • Discreet counsel and scenario planning
Selected experience

Experience shaped by building, tracking, and evaluating.

Evidence 01

Built a threat intelligence practice from zero

Defined the service offering, hired and led the team, created the initial client pipeline, and grew it into a revenue-generating capability.

Evidence 02

Led intelligence response to nation-state campaigns

At Microsoft, built and operated threat intelligence and response operations directly shaping defensive posture for a global customer base facing Russia's most capable state-sponsored threat actors.

Evidence 03

Evaluated security platforms from the buyer side

Led comparative assessments of threat intelligence and security products, balancing analyst need, operational fit, procurement reality, and cost-benefit across multiple vendor cycles.

Evidence 04

Advised CISOs and intelligence leaders

Provided counsel to security and intelligence leaders across energy, manufacturing, transport, and government on capability design, supplier evaluation, and strategic programme decisions.

Evidence 05

Engaged national security and government stakeholders

Led national-security-level engagement with various NCSCs, NATO, CERT-EU, and ENISA — translating operational threat intelligence into policy-relevant briefings for allied governments, regulators, and critical infrastructure programmes. Led RFP participation for a NATO body, securing the initial contract.

How we work

Principal-led advisory. Direct judgement.

Limited engagements

We intentionally limit active work to a small number of concurrent engagements to preserve principal-level involvement and focused delivery.

Direct engagement

We work directly with clients, not through intermediaries. Every project receives the principal's full attention and judgement — not a junior team with occasional senior input.

Clear outputs

Every engagement produces defined deliverables — memos, diligence reports, operating models, board briefings, or strategic counsel — with clear success criteria from the outset.

Conflict screening

We screen every engagement upfront for conflicts of interest and work with one side per engagement. Any concerns are raised before substantive discussion begins.

Built from the buyer side

We've built programmes, tracked adversaries, and led procurement evaluations. Our counsel is grounded in operational reality — not vendor claims, not consulting theatre.

Have a consequential decision ahead? Start a confidential conversation →
Principal & founder

The judgement behind every engagement.

Principal & Founder

Two decades building intelligence capabilities, tracking adversaries, advising security leaders, and evaluating cyber capability from the buyer side. Background spans UK government intelligence, the Microsoft Threat Intelligence Center, and industrial cybersecurity leadership.

Experience advising CISOs, intelligence teams, and senior leaders across government, energy, manufacturing, transport, and technology on capability design, supplier evaluation, and high-stakes strategic decisions. Work focused on the intersection where technical claims, operational reality, and consequential decisions meet.

Recognition. Speaker at NATO CTI Conference, various NCSCs, CERT-EU, ENISA, Black Hat Europe, Microsoft BlueHat, SANS CyberThreat, and closed-trust intelligence forums. Quoted in WIRED, BBC, TechCrunch, The Register. Published in Computer Weekly and the Microsoft Security Blog.

UK government intelligence Microsoft MSTIC Industrial cybersecurity NATO CTI Conference Various NCSCs CERT-EU ENISA Black Hat Europe OT / ICS Critical infrastructure Five Eyes
Email
Get in touch

Start with a confidential conversation.

Initial conversations are used to understand the decision, screen for conflicts, and determine whether Straylight can add material value. There is no obligation and no pitch.

Send an enquiry
Email hello@straylightstrategies.com

Buyer readiness · Investor diligence · Capability design · Government advisory

Confidentiality

All enquiries are treated as confidential. Conflict checks are available before substantive discussion begins. Secure communications can be arranged.

Response

Serious enquiries are normally reviewed within one business day.