Independent technology & cybersecurity leadership
Senior technology leadership, without the full-time overhead.
Most established organisations have capable IT and a competent MSP. What they lack is someone senior owning the strategy, the cyber risk and the decisions that reach the board — from someone who has actually built and secured these systems, not just advised on them.
Board-level
strategy, risk & reporting
Fractional
days a month, not a salary
Vendor-independent
no products, no commission
Operator-grade
built it before advising on it
The gap
The gap you didn’t know you had.
Your MSP keeps the lights on. Your team keeps things moving. But strategy, governance and accountability rarely belong to anyone — until a board paper, an audit or an incident makes the absence impossible to ignore.
No one owns the strategy
Technology decisions stay reactive. Spend drifts, suppliers go unchallenged, and IT is treated as a cost to contain rather than a lever to use.
No one owns the risk
Cyber and compliance need a senior owner who can translate exposure into business language and make defensible decisions the board can stand behind.
NorthCTO is the layer above delivery — owning direction, governance and risk, so the decisions that shape your business are made deliberately, not by default.
Why NorthCTO
Strategy from someone who’s run the engine room.
Most CTO-level advisers offer either boardroom experience or technical depth — rarely both, and rarely with years of actually running an IT department. NorthCTO is led by James Calderwood, who has spent 25+ years on both sides of the desk: a hands-on engineer, an IT Manager owning strategy and budgets, and the senior consultant demanding clients escalate to.
That operator’s judgement is what you get at your board table — advice that survives contact with reality, because the person setting the strategy has actually delivered it.
Meet the principalJames Calderwood
Principal — Technology & Cybersecurity Leadership
25+ years
hands-on across IT, security and cloud
Engineer to leader
built it, ran the IT department, now advises
Incident-tested
led real ransomware response
Microsoft-certified
security, identity and Azure
What we do
Three ways we lead.
Delivered independently or together, and scaled to what your organisation actually needs.
Technology Leadership
Board-level ownership of technology strategy, investment and direction — the senior layer your existing teams and suppliers can execute against.
Learn moreCybersecurity Leadership
CISO-level ownership of cyber risk, governance and compliance — translated into proportionate decisions the board can actually act on.
Learn moreIncident Readiness
Preparedness before an incident, and calm, coordinated leadership during one — protecting operations, finances and reputation when it counts.
Learn moreHow we fit
North|MSP delivers.
North|CTO directs.
NorthCTO and NorthMSP are both part of North Technology Group. NorthMSP runs technology day to day; NorthCTO sits above it, owning strategy, governance and risk. You don’t have to be a NorthMSP client, though — we work wherever the strategic layer is missing, alongside your internal team or any existing MSP.
We own
- Technology strategy and direction
- Cyber risk, governance and compliance
- Board-level reporting and assurance
- Oversight of MSPs, suppliers and internal teams
We don’t
- Helpdesk and day-to-day support
- Running or replacing your MSP
- Commodity infrastructure and licences
- Selling you products or competing with your team
Insights
Plain-spoken thinking.
Notes on technology leadership, cyber risk and governance — written for the people who make the decisions.
Your MSP and your team aren't rivals — and where a CTO fits
The idea that managed providers and internal IT are competitors is one of the most expensive myths in technology. The best setups have both — plus someone making sure they pull in the same direction.
ReadAI accelerates expertise. It doesn't replace it.
A gardener with a new mitre saw isn't a joiner. The real risk of AI in technology isn't that it replaces experts — it's non-experts confidently shipping polished output they can't validate or defend.
ReadWho really owns your IT — you, or your MSP?
Outsourcing your IT support is not the same as outsourcing ownership. Too many organisations have quietly handed over the keys to their own infrastructure — and only find out when the relationship sours.
ReadStart the conversation
Ready to close the gap?
Book a straightforward conversation, or take the free Technology Leadership Review — a senior read on where you stand, with written findings.