Johann Pretorius

I am Johann Pretorius, an Information Security leader with 19 years in IT and over seven years dedicated to building, leading, and maturing cybersecurity programmes. My speciality is taking an information security function from a blank page to certified compliance — and then proving those controls actually hold up through hands-on offensive testing.

I currently serve as Head of Compliance and Information Security Officer at Vertice Software Solutions, where I built the entire Information Security Management System from scratch. I designed the risk framework, wrote the policies, selected the controls, trained the staff, prepared for audit, achieved ISO 27001 certification, and then maintained 100% regulatory compliance for three consecutive years. I did not inherit a programme — I created one.

What sets me apart is that I operate on both sides of the security equation. On the governance side, I chair the ISMS Steering Committee, present enterprise risk metrics to senior leadership, and manage compliance across ISO 27001 and Microsoft standards. On the technical side, I conduct both automated and manual penetration testing, manage cloud security across Azure and hybrid environments, integrate security automation into CI/CD pipelines, and lead incident response investigations. I hold CPENT, ECSA, and CEH certifications — these are not decorative. I use them regularly against live environments.

Before moving into security leadership, I spent over a decade progressing through infrastructure engineering, network architecture, and team management roles across organisations including BCX, TSSMS, EOH, NetsurIT, and Neo Africa. I have led teams of up to 22 people, managed SLAs across multiple client sites, and delivered projects on time and within budget. That hands-on foundation means I understand the systems I protect at a practical level — something many security leaders lose as they move up.

I am currently completing my CISSP to formalise what I have been practising for years. I hold 12 industry certifications spanning offensive security, cloud architecture, networking, IT service management, and risk assessment.

I am based in Pretoria, South Africa, and I am looking for my next challenge — ideally in a role where I can apply my combined governance and technical expertise across a broader scope, whether that is as a CISO, a GRC leader, a security consultant, or a vCISO serving multiple clients. I am at my best when I am building something, solving complex problems, and making security work as a business enabler rather than a blocker.

I bring the rare ability to present risk to a boardroom and then go harden the environment that same afternoon. That is what I do, and I do it well.