Home Services Self-Assessment About Book a call
About

Advice from the inside track

Get us Secure is built and run by Colin Walsh — an active Chief Information Security Officer with current regulatory exposure across the EU. Not a training company, not a law firm, not a consultancy that has packaged a single regulation.

Founder
Colin Walsh
Chief Information Security Officer · Major European E-commerce Company
Dublin, Ireland
Background: Big Four advisory · financial services · automotive · ecommerce
Advises boards and leadership teams on what EU cybersecurity law requires — and what happens if they don't act
Advisory coverage: Ireland · UK · Germany · Belgium · Netherlands · +6 more

Why this matters

Most NIS2 advisory is delivered by people who have read the directive carefully. Get Us Secure is delivered by Colin Walsh — someone who manages real NIS2 obligations every day, navigating live incidents, active regulatory environments, and board conversations at a large European enterprise under the same legislation your organisation is now subject to.

That means the readiness assessment identifies gaps a checklist tool won't find. The board training handles questions a trainer can't answer. The governance programme reflects how regulators actually think — not how the directive reads on paper. And the fractional CISO retainer is supported by someone who is doing this job at scale, in real time. The same depth applies across GDPR, EU AI Act, CRA, and DORA — current live experience, not research.

On AI and advisory work

AI compresses delivery timelines and improves output quality across every engagement. Get Us Secure uses Claude and automation to analyse, structure, and deliver faster than traditional consultancies — without replacing the regulatory judgement, board-level credibility, and ongoing accountability that define the work.

Career background

EMEA CISO — Major European E-commerce Group
Security strategy, NIS2 and GDPR compliance, EU AI Act governance, GRC programme design, board reporting across EMEA
Current role · Dublin
GRC Leader — Global Automotive Technology Company
Built GRC function from zero. Security governance, OT/IT security, regulatory compliance across EU jurisdictions
Prior role · EU-wide
Big Four Advisory — Cybersecurity Practice
Security governance and regulatory compliance advisory for major financial institutions and public sector bodies
6 years · Dublin
CISSPCertified Information Systems Security Professional
CCSPCertified Cloud Security Professional
ISO 27001Lead Implementer
NIS2EU regulatory specialist
Regulatory coverage
The full EU regulatory stack, in one practice
NIS2

The EU law that holds board members personally responsible for cybersecurity failures. Covers board governance, security measures, incident reporting, and regulatory registration. Primary focus across all 11 markets.

ISO 27001

The international standard for information security management. Increasingly required by enterprise customers and insurers. Achieving ISO 27001 also satisfies the core NIS2 security programme requirements.

GDPR & ePrivacy

Data protection and privacy obligations for all EU personal data. Runs concurrently with NIS2 in most incidents — the 72-hour breach notification under GDPR Art. 33 and NIS2 Art. 23 must be coordinated. DPC liaison and GDPR programme design included in all compliance engagements.

Cyber Resilience Act (CRA)

Mandatory cybersecurity requirements for manufacturers and distributors of products with digital components. Vulnerability reporting obligations from September 2026. Full compliance required from December 2027. Significant overlap with NIS2 supply chain security requirements under Art. 21(2)(d).

EU AI Act

Governance framework for organisations deploying AI in critical operations. High-risk AI failures can constitute NIS2 significant incidents.

DORA

Digital Operational Resilience Act — applicable to financial entities (banks, insurers, investment firms, payment institutions) and their ICT service providers. Fully in force since January 2025. ICT risk management, incident reporting, and third-party provider oversight. Central Bank of Ireland is the primary enforcement authority in Ireland.

Not sure whether this affects your business? The discovery call is 30 minutes and costs nothing.

Book a discovery call →