Services

The experience of a CTO and CISO, without the full-time hire.

Each engagement is shaped around the decision you're facing — whether that's a roadmap, a regulator, an AI bet, or a deal. Here's how we work, what we deliver, and the questions we get asked most.

Ways to engage

Pick the shape that fits the moment.

01

Fractional

Ongoing leadership, a day or two a week.

A standing seat at your leadership table as CTO or CISO — enough to own the strategy and the hard calls, sized so it makes sense for your stage.

02

Project & Consultancy

A defined outcome, a fixed scope.

A specific piece of work with a clear deliverable — a strategy, an audit, an AI proof-of-concept, a due-diligence report — delivered to a deadline.

03

Advisory

A trusted sounding board, on call.

Lightweight, ongoing access to senior judgement for founders and leaders who mostly need the right question asked at the right moment.

What we do

Six engagements, one standard.

Technology leadership

Fractional CTO

Senior technology leadership on a fraction of a full-time hire — strategy, architecture, and a team that ships.

  • Technology strategy and a costed
  • Architecture and platform decisions
  • Engineering leadership: hiring
Read more
Security leadership

Fractional CISO

An accountable security leader who owns risk, satisfies the regulator, and unblocks the deal — part-time.

  • Security strategy and a risk-led
  • Governance: policies
  • Readiness for ISO 27001
Read more
Applied AI

AI Strategy & Advisory

Cut through the AI noise. Find the few use cases worth doing, ship them safely, and govern them properly.

  • AI opportunity assessment
  • Pragmatic build vs buy vs fine-tune decisions
  • Reference architecture for LLM/agent systems: evals
Read more
Regulated industries

Security & Compliance

Security and compliance programmes for regulated environments — built to pass scrutiny and survive an incident.

  • Gap assessment against ISO 27001
  • Control design and implementation that engineers will actually adopt
  • Third-party and supply-chain risk management
Read more
Investors & acquirers

Technical Due Diligence

An independent read on technology, security, and team risk before you commit the capital.

  • Architecture
  • Security
  • Engineering team
Read more
Cover & transition

Interim Technology Leadership

Steady hands to lead through a gap, a transformation, or a turnaround — and to leave it better than you found it.

  • Rapid assessment and a stabilisation plan in the first weeks
  • Hands-on leadership of engineering and security delivery
  • Recruitment and onboarding of the permanent leader
Read more
How an engagement works

From first conversation to clean hand-over.

01

Discover

A focused conversation to understand the business, the decision in front of you, and what good looks like.

02

Diagnose

A fast, honest read on where you are — architecture, security, team, and risk — and what's actually worth doing.

03

Plan

A prioritised, costed plan tied to outcomes, not a wish-list. The hard calls written down with their trade-offs.

04

Deliver

We lead it, not just advise it — working alongside your team through delivery, audit, or the deal.

05

Hand over

We leave you stronger than we found you: documentation, a capable team, and a clear runway to carry on.

Questions

The things people ask first.

How much of your time do we get?+

It flexes with the work. A fractional CTO or CISO engagement is typically a day or two a week; a project or due-diligence piece is scoped to its deliverable; advisory can be a few hours a month. We size it so it makes sense for your stage.

Is this just advice, or do you actually do the work?+

We lead, not just advise. That means owning the strategy and the hard calls, working alongside your engineers and security people, and being accountable for the outcome — not handing over a slide deck and leaving.

CTO or CISO — which do we need?+

Often the honest answer is 'some of both, for now'. We'll tell you which problem is most pressing and shape the engagement around it, rather than selling you a title you don't need.

Do you work with regulated businesses?+

Yes — financial services (FCA, PRA, operational resilience), testing & inspection, and manufacturing among them, as well as unregulated software and professional services. The discipline travels across both.

How do engagements usually start?+

With a short, no-obligation conversation about the problem. If we're a fit, we propose a scope and a way of working; if we're not, we'll say so and point you in a better direction.

Not sure which fits?

Tell us the problem and we'll tell you honestly whether — and how — we can help.

Book a consultationphil.baker@amaya.technology