Fractional CISO | IT Director | AI Architect

I help SMEs, PE-backed and high-growth businesses build secure, scalable technology without losing delivery pace. My work sits at the point where cyber security, IT leadership, cloud modernisation and practical AI adoption meet: clear ownership, defensible governance, and systems that can be operated in the real world.

• Website: richardham.co.uk
• LinkedIn: uk.linkedin.com/in/hamrichard
• GitHub: github.com/zebadee2kk

• Secure AI and agentic workflows — designing AI-assisted operating models with human approval gates, audit trails, cost control and security boundaries.
• Cyber security and governance — turning security, compliance and risk from reactive tasks into owned programmes with clear evidence and accountability.
• IT leadership — providing fractional CTO / IT Director / CISO capability for organisations that need senior technology ownership without a full-time executive hire.
• Cloud and infrastructure modernisation — improving Microsoft 365, Azure, hosting, networking and operational foundations so they are secure, observable and maintainable.
• M&A technology due diligence — assessing technology estates, security posture, operational risk and integration readiness before and after transactions.
• Compliance readiness — preparing for Cyber Essentials, ISO 27001, SOC 2, GDPR and client security questionnaires with practical delivery plans rather than shelfware.
• Automation and control planes — building lightweight tooling, repo governance, documentation systems and operational workflows that reduce manual effort while preserving control.

This GitHub account shows the practical engineering side of my work: secure automation, AI control planes, infrastructure governance and reusable operating patterns. Public repositories are reference implementations or reusable tooling; private repositories may be listed only at a high level where they represent a canonical workstream.

Archived, migrated or legacy source repositories are intentionally not presented here as active work. Where useful, they are retained as public reference material with lifecycle status documented in the relevant repository.

On client work I focus on outcomes that boards and leadership teams can act on:

• security strategy that maps to business risk;
• compliance preparation with evidence, ownership and follow-through;
• Microsoft 365, Azure and cloud infrastructure improvement;
• AI strategy, AI governance and secure automation adoption;
• M&A technology due diligence and post-deal integration planning;
• pragmatic delivery roadmaps for teams that need momentum, not theatre.

I am especially interested in organisations that have outgrown informal IT decision-making, are facing client or insurer security pressure, or are introducing AI faster than their governance model can safely support.

For commercial context, see richardham.co.uk.

• Security first, delivery always — controls should reduce risk without stopping useful work.
• Human approval at critical gates — automation is powerful, but accountability must remain explicit.
• Evidence over aspiration — governance should leave a trail that can be reviewed, audited and improved.
• Pragmatism over theatre — small, well-controlled changes usually beat large, fragile transformation programmes.
• Public/private boundaries matter — this profile avoids confidential client detail and does not present private client work as open source.

• Website: https://richardham.co.uk
• LinkedIn: https://uk.linkedin.com/in/hamrichard
• GitHub: https://github.com/zebadee2kk

Last updated: May 2026.