About Our Expertise

A Black and white portrait of a man in formal attire, wearing a suit and tie, smiling with a white background. A professional profile.

Mark Farrugia Sant'Angelo is an experienced and certified Information Technology and Cybersecurity specialist with two decades of proven expertise in safeguarding and optimising digital business environments. Over a 20-year career, Mark has developed a comprehensive professional background spanning IT operations, enterprise systems management, technical consultancy, IT audits, and Information Security Governance, Risk, and Compliance (GRC).

Throughout his career, Mark has served as a trusted advisor and technical leader across a diverse range of heavily regulated business sectors and has consistently designed and executed strategies that align complex technological needs with overarching business objectives.

Driven by a genuine passion for cyber security and the continuous acquisition of knowledge, Mark is recognised for his adaptive learning skills. He blends deep technical precision with clear executive communication, helping businesses secure their infrastructure, achieve regulatory compliance, and build lasting operational resilience.

  • Mark’s hands-on technical capabilities cover the complete spectrum of modern IT infrastructure. As an infrastructure architect, he specialises in:

    • Cloud Infrastructure & Orchestration: Engineering high-availability, multi-tier Cloud IaaS layouts utilising platforms such as Amazon Web Services (AWS) and DigitalOcean

    • Automation & DevOps: Streamlining server provisioning and routine administration workflows through Infrastructure as Code (IaC) and advanced scripting.

    • Data Integrity & Continuity: Designing proactive performance monitoring, automated off-site and immutable backup routines, data governance protocols, and robust Identity & Access Management (IAM) systems.

    • Edge & Tier-3 Support: Deploying and fine-tuning Web Application Firewalls (WAF) alongside resolving complex database optimisations and network connectivity issues.

  • Complementing his technical infrastructure roots, Mark possesses extensive leadership experience in enterprise cybersecurity and regulatory landscapes. Having previously led GRC functions for global organisations, he provides strategic advisory services that translate abstract cyber threats into actionable compliance roadmaps. His core competencies include:

    • Framework Implementation: Full lifecycle management of Information Security Management Systems (ISMS) tailored to reputable industry standards, including ISO/IEC 27001, NIST CSF, and COBIT.

    • Regulatory Readiness & Audits: Conducting comprehensive gap analyses, IT General Control (ITGC) assessments, and readiness reviews for evolving compliance requirements.

    • Risk & Supply Chain Governance: Designing enterprise risk assessment methodologies and orchestrating comprehensive Third-Party Risk Management (TPRM) programs to vet high-risk vendors.

    • Resilience Planning: Authoring high-level security policies, Incident Response plans, Business Continuity Plans (BCP), and Disaster Recovery (DR) strategies.

    • Human Risk Management: Developing and delivering bespoke Security Awareness Training sessions to foster a resilient corporate security culture.

  • Mark backs his practical experience with a rigorous academic foundation and elite industry certifications:

    • MSc (Hons) in Network Security & Penetration Testing – Middlesex University

    • BSc (Hons) in Information Technology & Networking – Middlesex University

    • CISSP (Certified Information Systems Security Professional) – ISC2

    • ISO/IEC 27001 Lead Implementer – PECB

    • Active Professional Memberships: ISC² and PECB

    • Legacy Technical Certifications: MCSA (Windows Server 2003/2008/2012), CCNA (Cisco), ITIL v3 Foundation, and Citrix Certified Associate