// INDEPENDENT ADVISORY

Strategic Security Solutions

Father-son consulting practice bringing 30+ years of combined experience in network security, risk management, and compliance across diverse industries.

SCHEDULE CONSULTATION
30+
Combined Years
2
Senior Consultants
50+
Compliance Assessments
100%
Independent
// WHO WE ARE

About Tilling Group

A father-son security advisory practice built on decades of experience and a shared commitment to practical, business-focused security solutions.

Tilling Group began as a natural evolution of our combined expertise in security and risk management. What started as informal conversations about the changing security landscape evolved into a formal partnership, bringing together complementary perspectives from different generations of security professionals.

Our approach combines Michael's deep technical foundation in network security and infrastructure with Sam's modern perspective on governance frameworks and regulatory compliance. This blend of hands-on technical expertise and contemporary risk management allows us to help organizations navigate both traditional infrastructure challenges and evolving compliance requirements.

Add Photo
MT

Michael Tilling

Senior Principal | Network Security Specialist

With over 25 years in information security, Michael brings extensive experience in network architecture, infrastructure security, and security operations. His career has spanned roles from hands-on network engineering to strategic security leadership across enterprise environments.

Michael's expertise centers on designing and securing complex network infrastructures, with particular depth in segmentation strategies, secure architecture design, and operational security practices. He's passionate about translating technical security controls into business-enabling solutions.

Areas of Focus: Network Security Architecture, Infrastructure Design, Security Operations, Technical Risk Assessment

Add Photo
ST

Sam Tilling

Principal Consultant | Risk & Compliance

With over 5 years in cybersecurity, Sam has led security programs across startups, high-compliance sectors, and managed security service providers. Currently serving as Head of Information Security at Icon Investments, he specializes in building security operations from the ground up and achieving regulatory compliance.

Sam's experience spans from hands-on technical roles to executive-level strategy, including reducing cloud infrastructure costs by 53%, achieving ISO 27001 certification, and implementing Essential Eight frameworks across 20+ environments. He's particularly passionate about making security practical and accessible for organizations of all sizes.

Areas of Focus: Security Program Development, ISO 27001 & Essential Eight, Cloud Security (AWS), Vendor Risk Assessment, Compliance & Governance

// CAPABILITIES

Advisory Services

Practical guidance on security strategy, risk management, and regulatory compliance tailored to your organization's needs.

{R}

Risk Assessment & Analysis

Comprehensive evaluation of security risks aligned with business objectives and regulatory frameworks.

  • Enterprise Risk Assessment
  • Third-Party Risk Management
  • Business Impact Analysis
  • Control Gap Analysis
[C]

Compliance & Governance

Framework implementation and assessment to meet industry standards and regulatory obligations.

  • ISO 27001 Implementation
  • SOC 2 Readiness & Audit Support
  • NIST CSF Alignment
  • Policy Development & Review
<A>

Security Strategy

Developing practical security approaches aligned with business objectives and resource constraints.

  • Security Program Design
  • Control Framework Selection
  • Technology Roadmapping
  • Budget & Resource Planning
[P]

Program Development

Building and maturing security programs from strategy through implementation.

  • Security Strategy & Roadmap
  • Program Maturity Assessment
  • Metrics & KPI Development
  • Executive Reporting
{V}

Vendor Assessment

Due diligence and ongoing evaluation of third-party security practices and controls.

  • Security Questionnaire Review
  • Vendor Risk Scoring
  • Contract Security Language
  • Ongoing Monitoring Programs
<S>

Strategic Advisory

Ongoing trusted advisor relationship providing guidance on emerging risks and opportunities.

  • Monthly Advisory Sessions
  • Emerging Threat Briefings
  • Strategic Planning Support
  • Ad-hoc Consultation
// CREDENTIALS

Qualifications & Certifications

Industry-recognized certifications and extensive practical experience in cybersecurity.

CCNP

Cisco Certified Network Professional

Advanced networking certification demonstrating expertise in enterprise network architecture, routing, switching, and troubleshooting.

CISSP

Certified Information Systems Security Professional

Advanced security certification demonstrating expertise across eight domains of information security practice.

Sophos Certified Engineer

Sophos Central Platform

Professional-level certification in deploying and managing Sophos security solutions including endpoint protection and network security.

AWS Security Fundamentals

Amazon Web Services

Training in cloud security architecture, identity and access management, and AWS security best practices.

BSc (Hons) Cybersecurity

The Open University (In Progress)

Comprehensive study in cybersecurity fundamentals, secure systems design, and information assurance.

Our Team

Sam & Michael Tilling

Father-son practice combining 25+ years of enterprise security experience with 5+ years of modern risk management expertise across financial services, healthcare, and manufacturing.

Start a Conversation

Interested in discussing how we can support your security initiatives? Let's connect.