Team Profiles
Greg Scott
Founder and Managing Partner
Greg Scott brings over 28 years of deep technical expertise in information assurance, cyber security, and operational resilience to ESA as Managing Partner. His career spans critical roles within the Ministry of Defence and as founder of Castle Resilience Ltd, where he has consistently delivered practical security solutions across government, healthcare, and commercial sectors. His extensive experience includes supporting organisations through complex regulatory frameworks, particularly in financial services where he has helped clients navigate FCA and PRA requirements whilst building robust operational resilience capabilities.
His military and government service established a foundation in systematic risk assessment and vulnerability identification that has proven invaluable across both public and private sectors. This expertise evolved through leading over 150 security and risk assignments, developing his exceptional ability to identify vulnerabilities that others miss and translate complex technical risks into actionable business decisions.
His consultancy work focuses on conducting deep-dive resilience assessments, implementing robust Three Lines of Defence frameworks, and developing bespoke risk management plans that align with organisational objectives, whilst ensuring compliance with frameworks including ISO 27001 and supporting clients through detailed operational security surveys and remediation planning.
What sets Greg apart is his blend of rigorous technical depth and strategic thinking, enhanced by his international perspective gained as lead UK representative at NATO Intelligence Systems working groups. His systematic approach to resilience assessment has proven invaluable during major disruption events, enabling clients to maintain operational continuity when others faltered. Working across multiple sectors and geographies, Greg specialises in creating proactive security cultures through implementing robust procedures and controls that address both current threats and emerging risks.
His comprehensive approach has delivered measurable results for clients facing complex security challenges — from influencing strategic security investment decisions through accurate risk assessment to providing Crown-level oversight during critical infrastructure projects. As a recognised expert, Greg was honoured in the Queen’s Birthday Honours List 2012 for identifying and resolving critical vulnerabilities that had previously gone unnoticed, demonstrating his commitment to excellence in protecting organisational assets and maintaining operational resilience under pressure.
Matt Moon
Founder and Managing Partner
Matt brings over 27 years of operational security and resilience experience to ESA as Managing Partner, combining frontline expertise from the Royal Air Force Police with strategic consultancy across diverse sectors. As founder and owner of Checkpoint Resilience Limited, he has recent experience working with global insurance companies on crisis management, business continuity, and operational resilience programmes.
His military service encompassed roles from tactical front line operations, where he was embedded with infantry battle groups providing expertise to commanders, through to strategic leadership as the focal point for all security risk management and resilience advice to senior risk owners and managers across complex, multi-site operations.
This foundation prepared him for delivering high-quality risk management and business continuity consultancy in hands-on client-facing roles, designing and implementing Business Continuity Management Systems and Information Security Management Systems in accordance with ISO 22301 and ISO 27001, whilst leading comprehensive resilience projects that include audits, site surveys, business impact analysis, and crisis simulation exercises.
What makes Matt’s consultancy distinctive is his ability to translate complex security and resilience concepts into actionable strategies that work for real organisations. His extensive real-world experience in delivering across operational, tactical, and strategic levels provides unparalleled credibility when training leaders and teams in high-pressure decision-making and crisis response. Working with a multinational client portfolio, his experience spans critical infrastructure protection, crisis management, and business continuity across sectors including finance, manufacturing, construction, higher education, government, local government, and the nuclear sector.
His hands-on approach has delivered tangible results internationally across EMEA, APAC, LATAM, and North America — from designing cyber resilience projects for government authorities to delivering crisis management training and simulation exercises across diverse sectors. As a qualified Disaster Recovery Institute (DRI) International instructor and Professional Assessment Board Member for the International Security Management Institute, he combines deep technical expertise with exceptional C-Suite training delivery skills, focussing on critical risk events including cyber security, supply chain interruption, and natural disasters.