Jon Pertwee

Consultant · Author · Researcher

Switzerland-based · Working internationally

Certified Information Systems Security Professional

Certified in Risk and Information Systems Control

Project Management Professional

Certified Information Privacy Practitioner -Europe

CompTIA
Advanced Security Practitioner

ITIL Foundation Certificate

 About Me

Most disaster recovery consultants work from established frameworks and accepted best practice. My work starts somewhere different: with the question of whether those frameworks are actually adequate to the systems they are meant to protect.

Twenty years of consulting across public, private, and international sectors; including assignments with UN agencies and major NGOs, have produced a consistent observation: organisations with documented DR plans still fail to recover effectively, and the failure is rarely a matter of effort or resources. It is more often a matter of analytical inadequacy. The frameworks used to design DR strategies do not account for the true complexity of modern IT infrastructure.

That observation became the foundation of the layered dependency mapping methodology I have developed, formalised in peer-reviewed research and in practice across more than thirty real-world DR implementations. It is also the starting point for doctoral research I am planning to pursue, investigating whether complexity theory provides the theoretical basis that disaster recovery planning has, until now, largely lacked.  

 What I Do

My consulting practice covers four interconnected areas. Each is grounded in the same underlying principle: that the gap between policy and outcome in information security and resilience is almost always a structural problem, not a technical one.

Disaster Recovery & Business Continuity

I design and implement DR and BC programmes that reflect how organisations actually function: their real infrastructure, genuine dependencies, and actual risk appetite, rather than how a generic framework assumes they do. The layered dependency mapping methodology I have developed identifies failure pathways and recovery sequencing that traditional approaches consistently miss. My work in this area ranges from initial BIA and dependency mapping through to full DR plan development, run-book creation, testing, and ISO 22301 compliance support.

Information Security Management

I help organisations build information security programmes that are coherent, maintainable, and aligned with business objectives. This includes ISO 27001 implementation and certification support, security governance design, policy frameworks, and the development of security cultures that outlast any single project or compliance cycle.

IT Risk Management

Risk management done well is an analytical discipline, not a documentation exercise. I work with organisations to identify, assess, and treat IT risk in a structured, evidence-based way, developing risk frameworks that integrate with governance structures and provide decision-makers with genuinely useful information rather than compliance artefacts.

Swiss Privacy Law (FADP) & GDPR

I provide advisory services on data protection compliance for organisations operating under Swiss law, the GDPR, or both. This includes gap assessments, privacy programme development, data mapping, and the practical implementation of privacy by design principles.

 

Research

My research investigates the application of complexity theory to disaster recovery planning — specifically, whether frameworks from complexity science provide the theoretical foundation that DR methodology currently lacks. This work emerges directly from consulting practice: the layered dependency mapping framework I developed in the field independently converged on complexity theory concepts, raising the question of whether those concepts can be systematically applied to improve how DR strategies are designed.

I am a co-author of A Layered Framework for System Dependency Mapping in Disaster Recovery and Business Continuity (with Dr T. Lu), currently under peer review, which formalises the dependency mapping methodology in academic terms. I am planning doctoral research to investigate the broader research question systematically.

 

For full details of my research direction, publications, and doctoral research plans, see the Research page.

Publications

An IT Manager’s Guide to Disaster Recovery – A Layered Approach (2025)

The first full articulation of the layered dependency framework, written for IT managers and security professionals.  Available on Amazon

Securing the Cyber Realm – A Comprehensive Guide to Cybersecurity Strategies and Practices (2023)

A practitioner’s guide to organisational cyber security, risk management, and system resilience. A revised edition is in preparation. Available on Amazon

Credentials & Certifications

Academic

  • MSc Information Technology Security Management, Arden University (Distinction · Postgraduate Highest Achiever Award 2024)

 

Professional Certifications

  • CISSP – Certified Information Systems Security Professional
  • CRISC – Certified in Risk and Information Systems Control
  • CASP+ – CompTIA Advanced Security Practitioner
  • CIPP/E – Certified Information Privacy Professional – Europe
  • PMP – Project Management Professional
  • ITIL Foundation Certificate