Stratia Consulting specialise in Information Assurance and Risk Management.

We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Contact Info

Executive Leadership

Lou Mahanty

Managing Director - MBE BSc (Hons) MSc MBA

Lou Mahanty MBE is our Managing Director. He has a broad business, public service and security background. He has worked as a firefighter, soldier, consultant, businessman and team leader for over 40 years. Military service began at Sandhurst and culminated in command of a regiment. On retirement from active service in 1999, his attentions turned to aerospace, defence and security.

For the larger consultancy houses (Ernst & Young, Capgemini) he contributed to very significant growth in defence aviation repair, oil and gas, and e-commerce. For Serco, he was part of its successful drive into the defence consultancy and advisory space. For CSC he was responsible for defence and intelligence in UK. For Fujitsu he supported major new bids into Government. These were interspersed with periods in smaller IT focused companies involved in internet service provision (Patersons Consulting), 3D Visualisation and Virtual Reality (Luminova) and IT consultancy services (Cornwell Consulting). This included setting up of sectors from scratch. As an independent he has consulted to BAE Systems, Mercer, Fujitsu, Landmark and government.

Within the broad cyber area of business, Lou was CSC’s Director for Intelligence. The role involved strategic and operational control of its intelligence business in the UK including responsibility for a joint CSC/Logica team of 350 vetted specialists who provided high security managed storage, infrastructure and related services to government agencies. He left having successfully delivered a 2 year extension of business.

Lou draws from this rich tapestry of experience, tradecraft, knowhow and contacts.

Paul Maxwell

Director - BSc (Hons) MBCS CISSP CCSP CISA M.inst.ISP LCCP CITP

Paul is a founding Director of Stratia Consulting and an experienced Risk Management and Security Architect, with excellent technical, communication and leadership skills. He is highly respected by his previous and current clients and enjoys working closely with demanding customers to deliver mutually beneficial outcomes. He has extensive experience working on Government and Commercial systems.

Paul has built up his consultancy experience since leaving his role as a Sensors engineer in the Royal Navy and has carried out roles as diverse as the Operational and Computer Network Defence Manager for MOD DII systems, Lead Security Architect at HM Coastguard, Desktop Accreditor for Top Secret systems to the Security Assurance Manager for GCHQ. His most recent MOD deployment was as Lead Security Architect for the service provider that delivers the MOD’s pay and pension systems for Defence Business Services.

Paul is a CCSC Head Consultant and is a Lead CESG Certified Professional Security and Information Risk Advisor, a Certified IT Professional member of the British Computer Society, a Certified Information Systems Auditor and a member of the Institute of System Engineers. Paul is also a ISC2 Certified Cloud Security Professional CCSP.

Dr. Paul Massey

Director - PhD MEng (Hons) CEng MIET M.Inst.ISP CCP (Lead SIRA) CCSC (Head Consultant)

Paul is an information security professional with 15 years’ experience in the industry. He is one of the few security consultants in the country who is certified at the highest level - Lead Practitioner - under the CESG Certified Professional (CCP) scheme, specifically in the Security and Information Risk Advisor (SIRA) role. As such, he specialises in managing information risk at the corporate level, advising SIROs/CIOs and corporate boards on proportionate and cost-effective risk management solutions. In addition, he has recently been appointed as one of the first Head Consultants in the CESG Certified Cyber Security Consultancy scheme.

Paul is a founder full member of the Institute of Information Security Professionals (IISP). He is also a full member of the Institute of Engineering of Technology, a Chartered Engineer, an assessor for the Cyber Essentials and IASME standards, and a certified Lead Implementer for the ISO 27000 series of standards (recently requalified against the 2013 update of ISO 27001).

Away from information assurance, Paul has non-executive director experience in audit, risk management and governance roles. For six years, he was Chairman of the Audit Committee of Cheltenham Borough Council, an organisation with an annual budget of £35m. In this role, he had responsibility for supervising internal and external audit functions, overseeing the council’s risk management procedures, and approving the annual accounts and statement of internal control. He has also served on the audit committee of the Local Government Association, an organisation with an annual budget of £23m. As such, Paul has a particular interest in ensuring that information risk and financial risk are managed with equal rigour.

Jason Fairfax

Director - LCCP-SIRA LCCP-IAA CISM CSSA CPSA CISSP-ISSAP CSSLP CITP MBCS MIET M.inst.ISP

Jason is a Lead CCP Security and Information Risk Advisor (SIRA) and a Lead CCP Information Architect (IAA), a Lead ISO27001 Lead Implementer, a former CREST Registered Specialist (CRT/CCIAS/CCTRA), a Chartered IT Professional (CITP), a Member of the British Computer Society (MBCS) and a Member of the Institution of Engineering and Technology (MIET) and a Full and Founder Member of the Institute of Information Security Professionals (MinstISP).

Jason has extensive experience of business assurance, information risk management, security architecture and technical security assessments. He has extensive working experience within government, defence and industry, including many critical infrastructure sectors for example energy and utilities (UK civil nuclear and power generation and transmission), telecommunications, finance, and emergency and health services.

Jason has previously deployed to UK Government departments and agencies including the UK Ministry of Defence and related organisations, and international organisations including National Grid, EDF and British Energy, the Metropolitan Police Service, Cisco Systems, France Telecom, the BBC and Deutsche Bank.

Jason is a Certified SCADA Security Architect (CSSA) with a working knowledge of IEC61850, IEC62443 and the NERC CIP standards applied in multinational, multi-utility organisations, to prepare and respond to cyber security incidents across UK and North American energy networks; this has included co-ordinating and conducting vulnerability and penetration security assessments against process and industrial control systems(ICS/SCADA), helping each organisation to identify and address security weaknesses.

Peter Grimshaw

Director - BSc (Hons), A.Inst.ISP Lead CCP-SIRA Senior CCP-IA Architect

Peter is a current Lead SIRA and Senior IA Architect CCP and has been appointed as a Head consultant in the new CESG Certified Cyber Security Company (CCSP) scheme.

Peter has previously worked with the Intellectual Property Office as their Security Architect where he defined their cyber security policy and how they defined their threat and risk assessment methodology. He has also provided advice and guidance on the security architecture and how they adopt and move services to cloud based suppliers.

He has just recently completed an assignment for the Department for Education where he was the lead assurance consultant defining the approach to threat and risk assessment and advised on the architectural approach by defining the contextual architecture for the solution of moving their services to the cloud, he also advised on their federated access solution which was a key component of using O365 and Microsoft Azure.

Peter is currently working at the Ministry of Justice (MOJ) working on their approach to Information Assurance.

Previous projects involved him working with RPA on the replacement Common Agricultural Policy (CAP) system, one of the Cabinet Office exemplar projects, where he provided input for the security architecture pattern and accreditation documentation, development was based on Agile methodology so a flexible approach was required in adapting to the Agile method. The implementation of CAP was based on a cloud solution which presented a quick and easy route for the client but not without any security challenges related to outsourcing operations.

He also worked with a PSNSP Cloud supplier FCO Services to achieve accreditation of their HMG service offerings.

He has also provided advice on many other projects such as risk assessment and security architecture advice to the National archives, Roke Manner Research on mobile device security, Anglian Water on their distributed telemetry network for collecting information from remote monitors stations, and DWP on their Universal Credits system to name but a few.

He has over twenty-five years’ experience providing architecture and information assurance advice and has also worked within the intelligence agency community.