Cyber GRC
Governance frameworks, risk management programmes, ISO 27001, NIST, and regulatory compliance. Pragmatic controls that match the business.
Strontian Ltd was founded by Lee Johnson, a CISSP accredited cybersecurity practitioner with deep hands-on experience across governance, risk, compliance, IAM architecture, and programme remediation.

About Lee Johnson
Lee has led security programmes inside regulated organisations — environments where audit findings, regulatory requirements, and board expectations do not wait.
He knows what good looks like, what is reasonable to ask of a business, and what is a genuine risk versus noise.
Governance frameworks, risk management programmes, ISO 27001, NIST, and regulatory compliance. Pragmatic controls that match the business.
Audit findings, incident follow-up, board-directed security uplift, stakeholder management, delivery discipline, and evidence.
Identity and access management, zero-trust strategy, PAM, access governance, and target-state architecture.
Why Strontian Ltd
Strontian Ltd is not a generalist consultancy. It is a focused practice built on the belief that most SMEs are underserved by the cybersecurity industry — the advice is often too technical, too expensive, or too vague.
Start with a short enquiry. No pitch, no pressure.