Europe · Australasia · MENA

MaxAlhourani

Chief Information Security Officer
Security Strategy · Risk & Governance · Cyber Resilience

Master of Information Technology
Cybersecurity · Merit

A hands-on CISO — turning security strategy into measurable, automated outcomes.

01 · Profile

Chief Information Security Officer with 18+ years building and leading security programs — setting strategy, owning risk and governance, and aligning security with the business. A technical leader at heart, with automation the throughline: turning security from a cost centre into measurable, repeatable outcomes that hold up under pressure.

02 · Expertise

Security Strategy & Leadership

Program build-out, security roadmap, budget ownership, board & executive reporting.

Risk & Governance

Enterprise risk management, security policy, third-party & vendor risk.

Compliance & Frameworks

SOC 2 · ISO 27001 · HIPAA · NIST CSF · evidence automation.

Incident Response & Resilience

IR leadership, post incident review, BCP/DR, tabletop exercises.

Cloud Security Architecture

AWS · Azure · Cloudflare · zero trust · infrastructure as code.

Security Automation & Engineering

Python · Bash · Terraform · SIEM/SOAR · detection engineering.

03 · Selected impact
42%

fewer false positives across the security operation

28%

faster incident response through automated triage

~30%

fewer repeat incidents through post incident review & governance

20%+

faster SOC 2 / ISO 27001 audit cycles via evidence automation

04 · Experience
Military Experience
  • Led incident response in high pressure, mission critical operational environments.
  • Established and streamlined ITIL based processes, raising operational efficiency and compliance.
Enterprise Experience
  • Built and led security operations and automation programs, setting detection strategy that cut false positives 42% and improved response time 28%.
  • Embedded security into CI/CD and cloud infrastructure (DevSecOps) with Ansible and Terraform, hardening environments by design.
  • Owned SOC 2 and ISO 27001 audit readiness, automating evidence collection and shortening audit cycles 20%+.
  • Established post incident review and governance, reducing repeat incidents ~30% across critical infrastructure.
  • Directed vulnerability management and red team assessments, prioritising remediation by business risk.
  • Advised executives and stakeholders across energy, transport and public sector on security strategy and compliance.
  • Published open source security tooling and led cybersecurity awareness and training programmes.
05 · Education
Master of Information Technology · Cybersecurity Merit Whitecliffe Technology & Innovation
06 · Certifications & Training
CEHCertified Ethical Hacker · course completed
Cybersecurity TechnicianCourse completed
AI Red TeamingHack The Box path · in progress
07 · Mentoring

Developing security talent and the next generation of practitioners — from fundamentals through hands on offensive security.

100+
person cohort organised together with a mentee through Cisco Networking Academy · Introduction to Cybersecurity. Currently guiding mentees through the Hack The Box AI Red Teamer path.
08 · Research

Paper under peer review · IEEE 2026. Ongoing research in secure infrastructure and security automation.

09 · Contact

Looking for a security leader, an advisor, or a conversation? Send a note.