Paolo Tonetti

Director (Governance, Risk & Compliance)
Paolo has a wealth of knowledge and experience after many years working in information security and technology, both here and abroad.
Talk to an expert
Highlights

Career highlights

Throughout Paolo’s career, he has worked in a broad range of industries and with all levels of the business, resulting in his tailored and engaging communication / consulting style.

The key roles he held prior to joining were:

- Information Security Officer of a FinTech in London

- Information Security Manager of a UK wide Healthcare Group

He has a wealth of knowledge and experience after many years working in information security and technology, both here and abroad. Throughout Paolo’s career, he has worked in a broad range of industries and with all levels of the business, resulting in his tailored and engaging communication / consulting style.

Paolo’s extensive skill set and drive to continue learning are invaluable assets to Bastion. His excellent people skills along with his firm belief in working collaboratively make him a valued member of the team.

Cyber security news

Latest advisories

Stay ahead of emerging threats with our expert blog posts, research, and industry updates.
Silverstripe - Cross-Site Scripting (XSS) Vulnerability
A Cross-Site Scripting (XSS) vulnerability has been identified in the administrator panel of Silverstripe CMS, specifically in the handling of the user input within the form messages module.
Silverstripe - Host Header Injection
A Host header injection vulnerability in Silverstripe has been identified that allows an attacker to poison the password rese
Statamic CMS
Sam Schroder found a local file inclusion (write only) vulnerability inside of the upload functionality of Statamic CMS. This affects front end components like forms with `assets` fields.
Discover our services

We have the tools to pinpoint risks

Whether it’s hidden vulnerabilities or patterns you might miss, we help you stay one step ahead and make confident, informed decisions. Understand how our services can help your business uncover critical risks

Talk to an expert
Employee Cyber Training & Awareness
Your people are your first line of defence. Our cyber training builds awareness and sharpens their instincts.
Advisory
When clarity is critical and stakes are high, our advisory services deliver strategic, executive-level security expertise that empowers decision-making.