About

Operator-grade technology leadership.

Most strategy advice comes from people who've never carried the pager. NorthCTO is different: board-level leadership from someone who has spent 25+ years building, securing and rescuing the systems most consultants only ever talk about.

Why we exist

We saw the gap from both sides.

Established organisations with 20–500 users usually have operational IT sorted — an MSP, perhaps some internal staff — but no one owning the strategy, reporting to the board, or making sure cyber risk is genuinely managed.

And much of the "strategy" on offer comes from advisers who've never actually run the environments they pronounce on. NorthCTO closes both gaps: senior, independent leadership from someone who has done the work — part of North Technology Group, alongside our sister managed-IT brand, NorthMSP.

“NorthMSP keeps technology running. NorthCTO makes sure it's running in the right direction — and that someone senior owns the risk.”

Two brands, one group

Who you work with

Meet the principal.

JC

James Calderwood

Principal — Technology & Cybersecurity Leadership

25+ years

hands-on across IT, security and cloud

Engineer to board

built it before advising on it

Live incident-tested

led real ransomware response

Microsoft-certified

security, identity and Azure

“I've spent my career in the engine room — running the migrations, owning the risk, leading the response when something breaks. NorthCTO brings that to your board table.”

James Calderwood has spent more than 25 years in technology — from a hands-on systems engineer to senior technical leadership inside managed service providers, owning the problems no one else wanted: final-line escalation, security, compliance, and the projects that couldn't fail.

That has meant end-to-end ownership of cybersecurity and governance, Microsoft 365 and Azure, and on-premises and hybrid infrastructure — architecting migrations and running them through to completion, and leading live ransomware incident response when an organisation's worst day arrived. The work is Microsoft-certified across security, identity, security operations and Azure.

It's an unusual background for a CTO-level adviser: most have either the boardroom polish or the technical depth, rarely both. That combination is the whole point of NorthCTO — strategy you can trust because the person setting it has actually delivered it.

  1. 01 Started hands-on — a systems engineer building, migrating and supporting real infrastructure.
  2. 02 Grew into senior technical leadership inside managed service providers, owning the hardest problems.
  3. 03 Took end-to-end ownership of cybersecurity, compliance, Microsoft 365, Azure and hybrid infrastructure.
  4. 04 Now brings that operator's judgement to the board table, through NorthCTO.

How I work

Four things you can hold me to.

Grounded in delivery

Advice that survives contact with reality — because I've implemented it, not just recommended it from a slide.

Accountable, not advisory-only

I own the decision and the outcome, not just the recommendation. Responsibility you can point the board to.

Plain-spoken

Technology and risk translated into language your board can actually act on. No jargon, no mystique.

Genuinely independent

No products, no licences, no commission. The only thing I'm selling is judgement.

Standards & capabilities

Grounded in real-world delivery, not theory.

We work to recognised professional standards and stay hands-on across the technologies UK organisations actually use.

Governance, risk & compliance

Frameworks used as practical tools to manage risk and decision-making — not box-ticking exercises.

  • ISO 27001 information security management
  • UK GDPR and data protection
  • Cyber Essentials and Cyber Essentials Plus
  • NIS and sector-specific regulation
  • PCI DSS for payment environments

Technology platforms & environments

Senior oversight across modern IT environments — owning direction and standards, not day-to-day administration.

  • Microsoft 365, Entra ID, Intune, Defender and Azure
  • On-premises and hybrid infrastructure
  • Cloud platforms and end-to-end migrations
  • Cybersecurity tooling, controls and operating models
  • MSP-delivered environments and third-party suppliers

No obligation

Start with a conversation, or a review.

Book an introductory call, or take the free Technology Leadership Review — a senior look at where you stand, with written findings.

Book a conversation The free review