Skip to content
Antan · Antonio SperaAuckland, NZISO/IEC 27001 LI

Set strategy in the boardroom. Still write the code.

Twenty-five years of security leadership for boards, governments, and critical infrastructure, as an engineer and architect across quantitative risk, secure AI, and SOC engineering. Antan IRM, the risk platform I built and use with clients, is one of the tools. Still close to the keyboard.

Discuss an engagementExplore Antan IRM
Risk snapshot // FAIRillustrative

Annualised loss exposure

  • P10$1.2M
  • P50$4.8M
  • P90$11.6M
Control uplift−38% expected loss
CredentialsISO/IEC 27001:2022 LIForrester Zero TrustOWASP NZ co-founderISACA member
01Services

Senior advisory and delivery across the security stack

From board-grade risk quantification to the code that runs in your SOC. Engagements scale from a four-week certification sprint to multi-year programme leadership.

01

Security Operations

SOC design, build, and uplift; AI-augmented detection and response; threat intelligence and incident response.

Explore
02

Governance, Risk & Compliance

ISO/IEC 27001:2022, SOC 2 Type 2, PCI-DSS, NZISM/PSR, HISO, NIST CSF, covering policy, audit, and certification readiness.

Explore
03

Secure AI

AI governance and assurance, spanning ISO/IEC 42001, NIST AI RMF, and OWASP LLM Top 10; threat modelling for LLM and agentic systems.

Explore
04

Applied AI for Cyber

ML and agentic systems for detection, triage, and SOC automation; bespoke classifiers and LLM-assisted analyst workflows.

Explore
05

Risk Management & Quantitative Risk Analysis

FAIR-based loss quantification, scenario modelling, Monte Carlo, and executive-grade risk-to-investment translation.

Explore
06

Secure Architecture & Zero Trust

Enterprise and cloud security architecture (Azure, GCP, AWS); Forrester Zero Trust design; DevSecOps; OT and critical infrastructure.

Explore
07

Secure Web Applications for SMEs

End-to-end design and build of secure web applications meeting OWASP, privacy, and sector regulatory requirements.

Explore
08

Virtual CISO & Security Leadership

Fractional, executive-level security leadership for organisations not ready for a full-time CISO: strategy, governance, and board reporting.

Explore
09

Incident Response & Readiness

Preparation that holds up under pressure: response plans, tabletop exercises, and a calm, experienced hand when something does go wrong.

Explore
02Track record

Some of the work

A sample of anchor achievements across regulated, public-sector, and critical-infrastructure environments.

01Security functionTechnology

Designed and led the security function end to end across SecOps, security architecture, GRC, and awareness and training, at one of New Zealand's largest technology organisations, with ISO/IEC 27001:2022 and SOC 2 Type 2 as the outcome.

02SOC + PCI-DSSGovernment

Designed and built a government agency's Security Operations Centre end to end across people, process, and technology, and drove a long-stalled PCI-DSS programme through to compliance.

03ArchitectureCritical infrastructure

Collaborated on the security architecture for one of New Zealand's most significant infrastructure projects.

04Co-founderOWASP NZ

Co-founded the OWASP New Zealand chapter and continues to contribute to the security community.

03Built in-house

Antan IRM - risk that has left the spreadsheet

An AI-powered cyber risk platform I built and use for quantitative risk and decision analysis. It began as a replacement for the risk register in a spreadsheet and grew, function by function, into a tool that turns scattered security data into quantified, board-ready decisions, with a deterministic guardrail that keeps its own AI agents in check.

It is still a work in progress, and improving steadily. Try the demo, and if you would like to know more, get in touch. Feedback is welcome, and who knows, it may go public one day.

Explore Antan IRM
Loss distribution // Monte Carlo10k runs
$0expected loss$20M+
Get in touch

Let's talk about your security programme

Considering a vCISO, a security strategy and architecture, a SOC uplift, an AI assurance review, or a secure web build? Get in touch. The first conversation is on the house.

Discuss an engagementaspera@antan.co.nzLinkedIn