Skip to Content

Enterprise Risk · Security · Resilience

Enterprise risk governance from someone who has done the work.

Thirty years leading risk, security and resilience functions in environments where failure was not theoretical. Critical infrastructure. Crisis response. Capital programs into the billions. The product is not comfort. It is a finding that holds when a regulator, a court or an audit committee tests it.

Credentials

MSc  ·  CSyP  ·  FSyI  ·  SRMCP  ·  CAS  ·  PhD Candidate

CSyP

Chartered Security Professional

FSyI

Fellow, Security Institute

SRMCP

Security Risk Management Certified

CAS

Certified Anti-Terrorism Specialist

PhD Candidate

Charles Sturt University

19,500+

LinkedIn Newsletter Subscribers

Membership

Practitioner knowledge, on a membership.

Monthly executive briefings, quarterly research reports, masterclasses, a template library and member Q&A. Built from thirty years leading risk, security and resilience where failure was not theoretical.

Professional
A$35 / month or A$350 / year
Founding · limited
A$280 / year, locked-in rate

View membership & join

Independent by structure

No delivery arm to feed, no panel seat to protect. The work can say what the evidence supports, including that a control does not work.

Defensible, not just presentable

Work product built to survive a regulator, coroner, court or audit committee, with every assumption and scope limit in the body.

Capability, not dependency

Deliverables are yours to own, run and defend. Where the work can be done internally, that is said, even when it means a smaller engagement.

From checklists to sensemaking.

Most risk advice runs on one register. A standards house recites the standard. A vendor sells a rating. A consultant supplies a slide library. This practice holds six disciplines together, governance, standards, practice, intelligence, methods and science, and reads the situation before choosing which to deploy. Standards are the floor, never the ceiling, and never a substitute for the judgement that decides when they apply.

30+
Years of Leadership

Risk, security and resilience in environments where failure is not theoretical

40+
Countries

Operational experience across critical infrastructure globally

$104B
Assets Managed

Critical asset portfolio oversight at the highest executive levels

19,500+
Newsletter Subscribers

Practitioners and professionals across the risk and security ecosystem

A note on the words we use

The same words don’t mean the same thing

"Safe", "secure", "risk" and "resilient" carry different meanings across disciplines, across legislation and across the people who sign them off. That gap is where assurance fails. It is also where most of my work sits.

See where definitions, law and competence collide

About Tony Ridley

30 years of practitioner-grade risk, security, and resilience leadership

Tony Ridley

Tony Ridley MSc CSyP FSyI SRMCP

Enterprise Risk, Security & Resilience Advisor

Tony translates 30+ years of executive risk, security, and resilience leadership into practical frameworks that organisations can actually use. From soldier to APAC Director, he has operated across critical infrastructure, Federal and State Government programs, billion-dollar asset portfolios, and $6B+ dispute proceedings as an expert witness.

Credentials: MSc | CSyP | CAS | FSyI | SRMCP | 40+ countries | $104B managed assets | 19,500+ newsletter subscribers

LinkedIn Podcast Enquire Now

Podcast

Risk + Safety + Security + Sciences

Practitioner-grade audio on enterprise risk, security, resilience, and threat analysis. Available on Podbean, Apple Podcasts, Spotify, and all major platforms.

All Resources & Episodes →

Frequently Asked Questions

In this section, you can efficiently address common inquiries.


Services span enterprise risk governance, security program design, critical infrastructure compliance (SOCI/CIRMP), travel risk and duty of care frameworks (ISO 31030), board and executive advisory, expert witness engagements, and bespoke intelligence and risk assessment. All engagements draw on 30+ years of real-world practitioner experience rather than recycled consulting frameworks.

Outline your situation using the contact form or by direct message on LinkedIn. There is no intake form and no sales process. Scope and fit are established in the first exchange. If it is not the right match, that is said clearly.

Engagements are scoped to the specific situation, not drawn from a pre-packaged methodology. Most begin with a scoping conversation to establish the problem, the decision being made, and the standard of defensibility required. Scope, deliverables and timeline are agreed before work starts.

Start a scoping conversation.

No intake forms. No sales team. Outline your situation and we will establish scope and fit. If it is not the right match, that is said clearly.

FREE PRACTITIONER LIBRARY

Risk + Safety + Security + Sciences

Six practitioner libraries. Graded resources. Download free. Join the list and the next release comes to your inbox, not your feed.

Published on LinkedIn. Free to subscribe. No spam.

Free · No Paywall · Direct to Your Feed

19,500 subscribers. 46,000+ followers. Published on LinkedIn.

Practitioner perspectives on enterprise risk, security, and resilience. Published on LinkedIn. No spam. Unsubscribe any time.

Subscribe on LinkedIn