The UK’s construction and engineering sector builds the physical infrastructure the country depends on, and increasingly that work runs on digital systems just as critical as the physical ones. Building materials manufacturing, international construction, infrastructure engineering, equipment rental, and modular building all carry security demands shaped by industrial control systems, multi-country operations, and the sheer scale of assets and personnel involved. The leaders in this feature are protecting organisations at the heart of the UK’s built environment, and their programmes reflect the discipline required to secure industries where physical and digital risk are inseparable.
Ian Buffey – CISO, AtkinsRéalis
Ian Buffey has served as CISO at AtkinsRéalis for nearly thirteen years, a tenure that spans the company’s operation as Atkins, its period under SNC-Lavalin, and its current identity as AtkinsRéalis. He has spent more than thirty years in the industrial control systems space, working with SCADA and DCS systems that are vital to the continued operation of critical national infrastructure across power generation, transmission and distribution, oil and gas, water, and transport. Since 2004, his focus has centred specifically on securing these systems from growing cyber threats, a discipline that has since become recognised as a major concern for both public and private bodies worldwide.
Before his CISO role, he spent more than eight years as technical director for industrial control system cyber security at Atkins, and more than nine years as director of international services at Industrial Defender. His deep specialisation in ICS security, built over three decades and applied globally across multiple critical infrastructure verticals, makes him one of the most distinctly technical CISOs in this feature, operating at the intersection of engineering consultancy and the operational technology that underpins national infrastructure.
Andrew Falkingbridge – CISO, Portakabin
Andrew Falkingbridge has served as CISO at Portakabin since October 2021, accountable for the overall direction of cyber security and ensuring the modular building company’s information security risks are managed as it pursues growth targets across the UK and Europe. Before Portakabin, he spent eleven months as director at KTON Consulting, providing cyber risk assessments and strategy advisory services, and more than five years as group CISO at International Personal Finance, where he transformed information security and business resilience capability across twelve countries spanning Mexico, Europe, and Australia.
Earlier in his career, he spent more than ten years at BT Global Services in a series of security architecture and business development roles, including chief information security architect on a multi-billion pound NHS IT transformation programme, and programme director for a secure collaboration platform used by more than 60,000 staff, originally built to support BT’s role in the London 2012 Olympics. He also established BT’s first Global Security Academy. His earlier career includes security architecture roles at Accenture and Unisys, and he holds a CISM certification. That combination of national infrastructure security work, multinational transformation leadership, and deep security architecture grounding gives him a broad foundation now applied to a modular construction business scaling across Europe.
Dan Sutcliffe – CISO, Sunbelt Rentals UK
Dan Sutcliffe has served as CISO at Sunbelt Rentals UK since September 2020, building and running the enterprise information security function from the ground up for a leading equipment rental business operating across the UK. He designed an ISO 27001 and NIST CSF-aligned ISMS, cut incident response times by 95 percent through 24/7 SOC and SIEM oversight, and reduced high-risk exposure by 75 percent, all while maintaining continuous compliance across ISO 27001, NIST CSF, PCI DSS, GDPR, DORA, and Cyber Essentials Plus. He has also supported M&A due diligence and post-merger integration on transactions valued between £20 million and £100 million, and contributes to the company’s Enterprise AI Taskforce, aligning AI adoption with ISO/IEC 42001 and EU AI Act requirements.
Before Sunbelt Rentals, he spent more than six years at DXC Technology as European security programme director, leading enterprise security programmes across UK government bodies including the Ministry of Defence, Ministry of Justice, and NHS, managing a portfolio of more than 20 concurrent projects and a team of more than 90 security professionals with an $18 million annual budget. Before DXC, he spent more than four years at Hewlett Packard Enterprise across security operations and integration management roles following HP and EDS’s acquisition of Vistorm. He began his career serving in the British Army’s Coldstream Guards, and he now chairs the Sunbelt Rentals UK Veterans Committee, supporting more than 200 veterans across the business.
Julien Remond – CISO, Bouygues Construction
Julien Remond has served as CISO at Bouygues Construction since January 2024, integrating information security principles within digital ecosystems across the company’s international activities. Before stepping into that role, he spent more than three and a half years as head of information security at Bouygues UK, expanding information security best practices from Bouygues Energies and Services UK across the rest of the group’s UK subsidiaries, and more than three years as head of information security at Bouygues Energies and Services UK itself, where he brought the organisation’s information security risks under explicit management control and achieved ISO 27001 and Cyber Essentials Plus certification.
His path into security followed fifteen years in IT services delivery, including senior IT manager roles at Structis UK managing teams of up to 29 people across 200 sites in the UK and Canada, and IT manager roles at Ecovert FM. He began his career within the Bouygues UK group itself as an IT assistant and IT officer, progressing steadily through IT support and management roles before making what he describes as a sideways move from IT delivery into information security. That progression, built entirely within one corporate family across nearly two decades, gives him institutional knowledge of Bouygues’ operations that directly informs his approach to securing the group’s international construction activities.
Julian Pereira – CISO, Saint-Gobain UK & Ireland
Julian Pereira has served as CISO at Saint-Gobain UK and Ireland since September 2023, leading information security for the UK and Ireland operations of the global building materials manufacturer. Before Saint-Gobain, he spent six months as interim head of information security at Kingsley Napley, an independent law firm, and briefly served as group manager of information security at First Quantum Minerals.
His most substantial tenure prior to that was nearly five years at Bupa, where he served as deputy CISO and head of information security risk and engagement, and before that head of IT security and director of information security and IT governance at Bupa UK. Earlier in his career, he spent more than three years as IT security and operations manager at Telegraph Media Group, and before that more than fifteen years in various information security roles at Bupa dating back to 1998. That long foundational tenure at one of the UK’s largest healthcare and insurance groups, followed by shorter stints across media, mining, and legal services, gives him a breadth of regulatory and sector experience now applied to a global building materials manufacturer operating across two markets.
Security Built on Physical Foundations
The organisations in this feature manufacture building materials, construct infrastructure across continents, engineer the systems that keep critical national infrastructure running, rent the equipment that powers job sites, and build the modular structures used across the UK and Europe. Their security leaders are protecting environments where operational technology, industrial control systems, and traditional IT increasingly converge, and where the scale of physical assets and international operations demands a security discipline as robust as the structures these companies build.
Discover more CISOs protecting the construction industry:
- Heavy Industry, Serious Security: CISOs to Watch in Construction and Engineering
- Cybersecurity Leaders to Watch in Florida’s Construction Industry
- CISOs to Watch in Austria’s Construction Industry
- CISOs to Watch in Spain’s Construction Industry
- CISOs to Watch in France’s Construction Industry
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

