What I Do

Get to Know Me

I work as an independent outsourced ICT function for organisations with regulatory exposure, supporting them on ICT governance, operational resilience, and DORA readiness.

My background is strongly technical. I’ve spent many years designing, running, and securing real production environments, and I’ve also been on the receiving end of audits and regulatory reviews myself. That experience shapes how I approach ICT governance in practice.

What I do is bridge the gap between what is being asked from a regulatory or compliance perspective and what is actually in place technically. Very often the documentation looks fine, but the underlying ICT reality tells a different story.

I work closely with management teams, boards, and advisory firms to translate technical ICT risk into business and regulatory impact, helping organisations understand what really matters, where they are exposed, and how to address risks without over-engineering or unnecessary spend.

I don’t sell tools or technology. My focus is on clarity, accountability, and ensuring that ICT risk is understood, owned, and defensible under supervisory scrutiny.

Why choose me?

Why organisations, advisors, and boards involve me on ICT governance and DORA-related matters:

  • 1. Extensive Experience

    My experience is built on hands-on work in real production environments, including regulated and high-availability contexts. I’ve also been directly involved in audits and regulatory reviews, which shapes how I approach ICT governance and DORA in practice.

  • I focus on security from a resilience and accountability perspective; how incidents are handled, how escalation works, and whether responsibilities are clear when things go wrong.

  • I work closely with management and boards, translating technical ICT risk into business and regulatory impact, and helping decision-makers focus on what truly matters without unnecessary technical detail.

  • My background across infrastructure, security, and cloud environments underpins my governance and DORA-related work. It allows me to assess ICT environments realistically, challenge assumptions where needed, and avoid over-engineering or unnecessary spend.

Services

ICT Governance & DORA

DORA & ICT Governance

ICT-focused DORA readiness and governance support, ensuring regulatory expectations align with how ICT environments actually operate. Focused on accountability, operational resilience, and supervisory defensibility.

ICT Function & Risk Ownership

Acting as an independent outsourced ICT function for organisations with regulatory exposure, helping define ownership, decision-making, and escalation across ICT operations.

Ongoing ICT Oversight

Independent oversight of ICT governance and resilience after licensing or compliance activities are completed, ensuring continued alignment as systems, vendors, and processes change.

Operational Resilience & ICT Continuity

Review and alignment of ICT continuity, incident handling, and resilience practices to ensure organisations can respond effectively to disruption and meet regulatory expectations in practice.

My governance and DORA-related work is grounded in hands-on experience across real ICT environments.

Network & Infrastructure Advisory

Design and review of secure, resilient infrastructure environments, informed by operational and regulatory considerations rather than generic best practices.

Cybersecurity Foundations

Advisory support on cybersecurity risk exposure, focused on resilience, accountability, and regulatory relevance rather than individual tools or products.

Cloud & Hybrid Environments

Support for cloud and hybrid platforms, ensuring governance, resilience, and ICT risk ownership remain clear as environments evolve.

ICT Procurement Advisory

Independent technical input on ICT procurement decisions, helping organisations avoid unnecessary spend and align solutions with actual risk and regulatory needs.

DORA & ICT Governance

DORA readiness

ICT Governance & Resilience

DORA is not just about documentation or compliance checklists. It requires organisations to demonstrate that ICT risk is understood, owned, managed in practice, and that operational resilience holds up when tested.

My focus is on the ICT side of DORA: bridging the gap between what is documented from a regulatory perspective and how ICT systems actually operate day to day. This is often where the real exposure sits, even when policies appear complete.

What I Focus On
  • Assessing whether documented controls reflect real ICT operations
  • Clarifying ICT risk ownership, decision-making, and escalation paths
  • Reviewing incident handling and resilience from an operational perspective
  • Identifying material ICT risks that may not be visible from documentation alone
How I Typically Work

I usually work alongside legal, compliance, and advisory teams. They lead on regulatory interpretation, frameworks, and policy work. I focus on the underlying ICT reality; governance, resilience, and accountability, and whether it would stand up to supervisory questioning.

Supporting Management & Boards

I also support management teams and boards by translating technical ICT risk into business and regulatory impact. The aim is not technical training but clarity, helping decision-makers understand what really matters, what questions they should be asking, and where blind spots often exist.

Engagement Approach
  1. Initial Discussion: Understanding the organisation, its ICT environment, and regulatory context
  2. Focused ICT Review: Assessing governance, resilience, and risk ownership in practice
  3. Findings & Direction: Clear observations, priorities, and practical next steps

In many cases, the real value comes after the initial review providing ongoing ICT oversight from a regulated perspective as systems, vendors, and processes continue to evolve.

Discuss DORA & ICT Readiness
FAQ

Is this a compliance audit?
No. This is an ICT-focused review designed to assess operational reality, clarify accountability, and identify where regulatory exposure may exist.

Do we need everything in place immediately?
No. The focus is on material risks and practical priorities, not over-engineering or unnecessary complexity.

Technical Background

Hands-on ICT Experience

My work on ICT governance and DORA is grounded in hands-on experience across real production environments. This technical background helps me assess ICT risk, resilience, and operational claims realistically — not just against documentation.

  • Network & infrastructure environments
  • Security foundations & access control
  • Cloud and hybrid platforms
  • Monitoring, logging & operational visibility
  • Third-party and vendor-integrated environments
  • Hardening, change control & operational discipline

I keep this section intentionally high-level as my goal is to show grounding and credibility.

Testimonials

Some of my clients

Franco Borg – EPG Financials – Head of Risk

“Steven provided valuable support in reviewing our DORA implementation and related ICT governance framework. His feedback was clear, practical, and aligned with our business needs. We appreciated his professional approach and timely delivery, which added real value to our ongoing compliance efforts.”

Chris Briffa – Founder – CBA Architects

“Working with Steven has been a true pleasure, while at the same time an ongoing lesson on how to improve our IT systems and data management. All this is topped by an increased sense of security and protection which helps us focus more on our creative work!”

Jonathan Shaw – CEO – Retail Marketing Ltd

“Last year we contracted Steve to support our IT managers and team. His hands-on approach and technical experience has been an asset to the company with the added benefit of having an external yet dedicated person to address critical deliverables on time and with peace of mind.”

Jonathan Micallef – Payhound – Information Security Office

“Steven helped us move our IT equipment and reconfigure our LAN from scratch. He was super helpful, always ready to respond to our texts efficiently and in a professional way, and went out of his way to help with an ongoing Ubiquiti issue. We recognize his good work and would gladly recommend his services to anyone”

Darren Zarb – Founder – DaCoby Chauffeurs

“Working with Steven has been outstanding. He optimized our MS365 systems, streamlining our daily operations. His expertise has also enhanced our security, allowing us to focus more on our core work!”

Need clarity on ICT risk or DORA readiness?

If you’re preparing for regulatory engagement, need independent ICT oversight, or want to ensure your ICT governance and operational resilience stand up in practice, let’s talk!

Contact

Get in touch

Address

Regus, Junction Business Centre, Sqaq Lourdes,
St Julian’s, Malta SWQ 3334

Email

contact@itconsult.mt

Call Me

+356 99313621

LinkedIn

https://www.linkedin.com/in/
steven-bugeja-itconsult/
Loading
Your message has been sent. Thank you!