Max
Alhourani
Master of Information Technology · Cybersecurity · Merit
Senior security and governance leadership for AI, SaaS and data driven companies in regulated Europe, without a full time hire. A technical CISO, boardroom to keyboard.
Profile
I am Max, a CISO with 18+ years building and leading security programs. I now work as a fractional CISO, giving AI, SaaS and data driven companies senior security and governance leadership without a full time hire. My focus is regulated European markets, from EU AI Act and GDPR readiness to ISO 27001 and ISO 42001 programs, with real engineering never far from hand.
How we work together
Three ways to bring in a CISO, sized to what you actually need.
Ongoing security leadership on a retainer. I own your security and governance: strategy, risk, policy, vendor and customer assurance, and board level reporting.
Time boxed help for a specific decision or milestone: enterprise or investor due diligence, an architecture or tooling call, a board paper, or a security questionnaire that needs answering well.
A structured path to ISO 27001, SOC 2, EU AI Act or GDPR readiness. I run the gap assessment, build the roadmap, and lead delivery up to audit, working with your team and your auditor.
Who I work with
I work best with AI, SaaS and data driven companies in regulated European markets that need ISO 27001, SOC 2, or EU AI Act and GDPR readiness, but cannot yet justify a full time CISO. Usually founders and execs at startups and scale ups who need senior security judgement now, not another permanent hire.
Proof
Representative outcomes from security programs I have led
Expertise
AI Governance & EU AI Act
Risk classification, controls for high risk systems, human oversight, ISO 42001.
Data Protection & Privacy
GDPR · DPIAs · cross border transfers (SCCs) · automated decision safeguards.
Security Strategy & Leadership
Building the security program, roadmap, budget ownership, board & executive reporting.
Risk, Compliance & Frameworks
ISO 27001 · SOC 2 · NIST CSF · third party & vendor risk.
Incident Response & Resilience
IR leadership, post incident review, BCP/DR, tabletop exercises.
Security Automation & Engineering
Python · Bash · Terraform · SIEM/SOAR · cloud (AWS · Azure · Cloudflare).
Experience
- Led incident response in high pressure, mission critical operational environments.
- Established and streamlined ITIL based processes, raising operational efficiency and compliance.
- Built and led security operations and automation programs, setting detection strategy that cut false positives 42% and improved response time 28%.
- Embedded security into CI/CD and cloud infrastructure (DevSecOps) with Ansible and Terraform, hardening environments by design.
- Owned SOC 2 and ISO 27001 audit readiness, automating evidence collection and shortening audit cycles 20%+.
- Established post incident review and governance, reducing repeat incidents ~30% across critical infrastructure.
- Directed vulnerability management and red team assessments, prioritising remediation by business risk.
- Advised executives and stakeholders across energy, transport and public sector on security strategy and compliance.
- Published open source security tooling and led cybersecurity awareness and training programmes.
Education
Mentoring
Developing security talent and the next generation of practitioners, from the fundamentals through hands on offensive security.
Research
Ongoing research in secure infrastructure and security automation, currently under peer review.
Contact
Let's talk about your security and governance.
Tell me about your company and where you need support. Send a note and I will come back to you to set up a call.