Our Story

The Story of Burning Tree

Burning Tree’s story begins in South Africa in 2003, at a time when cybersecurity — and particularly Identity & Access Management (IAM) — was emerging as a critical business capability.

Following the successful delivery of one of South Africa’s earliest enterprise IAM implementations at Absa Bank, David Lello founded Global Security Solutions (Pty) Ltd (GSS) to address the growing demand for identity-centric security expertise. From the outset, GSS was built on deep technical knowledge, practical delivery experience, and a belief that security should enable — not hinder — business.

In 2004, Danny Ilich joined the board, and the business entered a period of rapid growth. GSS quickly became a trusted partner to all the major banks, as well as insurance companies, telecommunications providers, mining organisations, and other large enterprises. As awareness of cyber risk increased, so did demand for GSS’s specialist expertise. The company grew quickly, establishing itself as a market leader in IAM and security consulting.

As the business matured, two strategic priorities emerged:

  1. Expansion into the public sector, and
  2. Growth into new geographic markets.

To support international expansion, Global Security Solutions Limited was established in the UK in 2006, founded by David Lello and Richard Menear. The UK entity was created to serve European clients and build a presence in a more mature and highly regulated cybersecurity market.

In 2008, the South African business sold a majority stake to Cornerstone, a black-owned systems integrator. The newly structured company was designed to accelerate growth in the public sector and expand across Africa and the Middle East. At this point, David stepped down from his role as Managing Director and became Chairman, while Danny exited the business.

Later that year, David relocated to the UK with his family, following the successful acquisition of three new UK client contracts, to lead GSS UK as CEO. However, the timing could not have been more challenging — the global financial crisis was unfolding, and market conditions changed dramatically.

Faced with a new reality, David adapted. In 2009, he began subcontracting with Gartner, supporting the build-out of a new security consulting practice across the UK and Europe. This period sharpened his strategic advisory skills and deepened his exposure to board-level cybersecurity challenges across multiple industries.

That same year, GSS South Africa closed its doors, marking the end of an important chapter — but not the end of the journey.

The Birth of Burning Tree

By 2010, it was clear that a new strategy — and a new identity — was needed.

As a Christian business leader and a passionate cybersecurity practitioner, David wanted to build something that reflected not only technical excellence, but also faith, integrity, stewardship, and purpose. From this vision came a new name:

The name brought together faith, decision-making, and security — faith, decision trees, and firewalls — in a way that felt authentic, distinctive, and meaningful. Burning Tree was proudly claimed as a consultancy that would do things differently: values-led, people-first, and grounded in trust.

Later in 2010, Richard Menear joined the business full-time as part of renewed growth plans. Burning Tree continued to build its reputation as a trusted advisory partner, supporting organisations through complex security, identity, and transformation challenges.

In 2014, Des Powley joined the firm, contributing to its continued growth before leaving in 2017.

In 2016, Peter Boyle joined Burning Tree, becoming a long-standing and highly valued member of the team. Peter remained with the business for nine years, retiring in 2025 after making a lasting contribution.

In 2025, both Peter Boyle and Richard Menear stepped away from the business, marking another natural transition point in Burning Tree’s evolution.

A New Chapter

Today, David Lello is once again firmly in the driving seat, ably supported by Sarah and a growing network of trusted associates. With renewed focus and an enhanced strategy, Burning Tree is entering an exciting new phase.

Still a company defined by exceptional people, Burning Tree continues to operate at the leading edge of cybersecurity — from Identity & Access Management and cyber maturity to post-quantum readiness and emerging technology risk. The firm works with some of the most important organisations of our time, helping them navigate complexity, manage risk, and build secure, resilient futures.

Burning Tree remains true to its founding principles:

  • to serve with integrity,
  • to put people before transactions,
  • to innovate with purpose,
  • and to use success not only to grow a business, but to create lasting impact beyond it.

Our Customers

Over the years, Burning Tree’s people have supported a wide range of organisations — from some of the largest and most complex enterprises in the world to smaller, fast-moving organisations operating at the cutting edge of their industries.

What unites them is the critical importance of trust, resilience, and security to their success.

Global Financial Institutions

We have worked with large, multinational financial services organisations operating across multiple continents, serving millions of customers and managing vast, highly regulated technology environments. These organisations face intense regulatory scrutiny, complex identity ecosystems, and constant pressure to balance security, availability, and customer experience at scale.

Our work in this sector has focused on identity and access management, cyber maturity, governance, resilience, and board-level risk decision-making.

Insurance, Pensions & Asset Management

Our experience includes major insurers, pension providers, and asset managers responsible for safeguarding long-term financial assets and sensitive personal data. These organisations typically operate legacy platforms alongside modern digital services, requiring careful transformation that enhances security without disrupting critical operations.

Energy, Utilities & Natural Resources

We have supported major energy producers, utilities, and resource organisations operating critical national and international infrastructure. These environments require high levels of operational resilience, robust identity controls, and security architectures that can withstand disruption while supporting complex supply chains and industrial systems.

Technology, Telecommunications & Digital Platforms

Burning Tree has worked with global technology providers, telecommunications companies, and digital service platforms operating at scale. These organisations often manage vast user populations, complex identity ecosystems, and highly distributed infrastructure — where identity, access control, and resilience are foundational to service delivery.

Manufacturing & Industrial Enterprises

Our experience spans large industrial and manufacturing organisations with global operations, complex engineering environments, and increasingly connected systems. Security in these contexts requires careful integration of IT, OT, identity, and governance to support safety, reliability, and transformation.

Healthcare & Life Sciences

We have worked with healthcare and life sciences organisations responsible for protecting highly sensitive data while enabling innovation, research, and patient care. These environments combine strong regulatory requirements with the need for secure collaboration across partners, clinicians, and researchers.

Retail & Consumer Businesses

Our work includes large retail and consumer-facing organisations operating at high transaction volumes, with complex supply chains and significant customer identity challenges. Security here must protect data and revenue while supporting seamless customer experiences and rapid change.

Public Sector & Government

We have supported government departments, regulators, public sector bodies and even whole governments, operating in high-trust environments where security, accountability, and resilience are essential. These organisations often face unique challenges around governance, legacy systems, and national-level risk.

Education & Research Institutions

Our experience also includes universities and research organisations that balance openness and collaboration with the need to protect intellectual property, personal data, and critical systems.

Smaller, High-Growth & Highly Dynamic Organisations

Alongside large enterprises, we work with smaller, fast-growing organisations that may not yet have mature security functions but face significant risk due to rapid change, digital ambition, or regulatory pressure. For these organisations, our role is often to provide clarity, structure, and senior guidance without unnecessary complexity.

Breadth, Depth, and Perspective: Because our people have worked across such a broad range of industries and organisational scales, we bring a deeply informed perspective to every engagement.

We understand what “good” looks like in complex global environments — and how to adapt those lessons pragmatically for organisations at different stages of maturity.

This breadth of experience is one of Burning Tree’s greatest strengths.

Our Values

The principles that guide how we think, lead, and serve

At Burning Tree, our values are not statements on a wall — they are the foundation of how we work, how we lead, and how we build trust. In a field where confidence, integrity, and judgement matter deeply, our values shape every decision we make and every relationship we form.

We believe that effective cybersecurity is as much about people, trust, and purpose as it is about technology.

Integrity

We lead with honesty, independence, and responsibility.

Integrity sits at the heart of Burning Tree. We provide clear, objective advice — even when it is difficult, uncomfortable, or commercially inconvenient. Our guidance is independent of vendors, driven by evidence, and grounded in what is right for our clients.

As trusted advisors, we take our responsibility seriously. We are careful stewards of information, relationships, and influence, and we hold ourselves to the highest ethical standards in everything we do.

People First

We value people over transactions and relationships over short-term gain.

Burning Tree is built around people — our clients, our associates, and our partners. We believe strong cybersecurity outcomes are created through trust, collaboration, and respect.

Our associates are experienced practitioners who have led security in complex environments. We invest in relationships, work alongside our clients as partners, and aim to leave organisations stronger and more confident than when we arrived.

Excellence

We bring deep expertise and a commitment to quality in every engagement.

We are proud of the depth and breadth of experience within Burning Tree. Our work is shaped by decades of hands-on leadership across global enterprises, regulated industries, and high-trust environments.

Excellence for us means being prepared, thoughtful, and rigorous — delivering work that stands up to scrutiny at board, regulatory, and operational levels. We do not over-engineer solutions, and we do not settle for superficial answers.

Innovation with Purpose

We innovate to solve real problems, not to chase trends.

Cybersecurity is constantly evolving. Burning Tree embraces innovation — from identity-first security to post-quantum readiness and emerging technology risk — but always with purpose.

We challenge conventional approaches when they no longer serve organisations well, and we develop new ways of thinking that are practical, proportionate, and grounded in real-world needs. Innovation at Burning Tree is about anticipating what’s next, while remaining anchored in today’s realities.

Stewardship & Social Impact

We believe success should create wider benefit.

Burning Tree was founded with a strong sense of stewardship — the belief that leadership, capability, and success come with responsibility. We seek to use our skills, resources, and influence to give back, support communities, and contribute positively beyond our commercial work.

This includes mentoring, pro bono support where appropriate, and sharing insight openly to raise the collective capability of the cybersecurity community.

Faith, Respect, and Inclusion

Our values are faith-rooted, but our work is inclusive.

Burning Tree’s leadership is shaped by Christian values of integrity, service, humility, and generosity. These values inform how we lead and how we treat others, but they are never imposed.

We work with organisations, partners, and individuals from all backgrounds and beliefs, creating an environment built on mutual respect, openness, and shared purpose.

Living Our Values

Our values guide:

  • how we advise boards and executives
  • how we treat confidential information
  • how we work with partners and associates
  • how we approach growth and innovation
  • how we measure success

In a world of increasing digital risk and complexity, we believe values-led leadership is not a constraint — it is a strength.

Burning Tree – Cybersecurity built on integrity, people, and purpose.

Our People

Exceptional people. Trusted relationships. Proven experience.

At Burning Tree, our strength is our people. We are not a traditional consultancy built on large delivery teams or junior staffing models. Instead, we bring together experienced leaders, trusted advisors, and proven practitioners — people who have been there, done it, and understand what it truly takes to deliver cybersecurity in complex, high-stakes environments.

Our Board & Leadership

David Lello — Founder, CEO & Cyber Executive

Burning Tree was founded by David Lello, a cybersecurity leader with more than 30 years of international experience across financial services, government, energy, technology, and other highly regulated sectors.

David has led some of the earliest and most complex Identity & Access Management, cyber risk, and security transformation programmes, and has advised boards and executives across Europe, Africa, and beyond. His leadership combines deep technical understanding with strategic insight, clear communication, and a strong commitment to integrity and stewardship.

Sarah Lello — Chief Financial Officer

Sarah Lello serves as Burning Tree’s Chief Financial Officer, providing financial leadership, governance, and operational oversight to support the firm’s sustainable growth.

Sarah brings a strong focus on financial discipline, transparency, and stewardship, ensuring that Burning Tree operates responsibly, invests wisely, and remains aligned with its values-led mission. Her role is central to maintaining the trust of clients, partners, and associates as the business continues to evolve.

Some of Our Associates

Mark Sones — Associate Director

  • CTO, CISO
  • Cyber Executive
  • Technical Wiz

Maeson Maherry — Associate Director

  • COO
  • Cyber Executive
  • Crypto Genius

Lee Day — Associate Director

  • Cyber Consultant
  • Business Process Security
  • Astro Physicist

Sanjay Charavanapavan — Associate

  • Cyber Executive
  • Consultant
  • Phenomenal Architect

Doug Simmons — Associate

  • Cyber Executive
  • Research
  • Legend

Nigel Edwards — Associate

  • Cyber Executive
  • Communication Security
  • Technical Virtuoso

Our Associate Network

A trusted community of senior leaders and experts

Burning Tree is supported by a carefully selected network of around 40 associates — individuals with whom we have long-standing working relationships built on trust, respect, and shared values.

These are not contractors in name only. They are senior professionals who have held roles such as:

  • Chief Information Security Officer (CISO)
  • Chief Technology Officer (CTO)
  • Chief Information Officer (CIO)
  • Chief Risk Officer (CRO)
  • Cybersecurity Executives and Programme Leaders
  • Senior Security, Identity, and Enterprise Architects

They have led cybersecurity and technology functions inside large global enterprises, regulated organisations, governments, and critical infrastructure environments. They understand accountability, pressure, and the realities of operating at scale.

Why Our Model Works

Our associate-led model allows Burning Tree to bring exactly the right expertise to each engagement — without compromise.

  • Experience first: Clients work with senior practitioners, not learning curves.
  • Trust-based relationships: We work with people we know and trust — many for over a decade.
  • Depth without bureaucracy: We combine the capability of a large consultancy with the agility of a specialist firm.
  • Credibility at every level: From boardrooms to technical teams, our people speak with authority and clarity.

This model ensures that every engagement is led by people who understand both the technical and human realities of cybersecurity.

Shared Values, Shared Standards

What unites our people is not just expertise, but how they work.

Burning Tree associates are chosen not only for their skill, but for their:

  • Integrity and professionalism
  • Ability to communicate clearly with senior leaders
  • Commitment to quality and excellence
  • Respect for confidentiality and trust
  • Willingness to mentor, collaborate, and give back

Our values shape who we work with and how we work together.

A Team Built for Today — and Tomorrow

Cybersecurity challenges are evolving rapidly — from identity and cloud complexity to AI, post-quantum risk, and operational resilience. Burning Tree’s people bring the perspective of experience and the curiosity to keep learning, ensuring we remain relevant, credible, and effective.

Whether advising a board, stabilising a security function, or guiding transformation, our people bring calm leadership, sound judgement, and practical insight.

Burning Tree

Led by experience. Powered by people. Trusted by leaders.