Our Story

The Story of Burning Tree

Burning Tree was founded from a belief that cybersecurity should be practical, trusted, and people-focused.

Originally established in South Africa in the early 2000s, the business quickly built a reputation for specialist expertise in Identity & Access Management and enterprise security, supporting major organisations across banking, telecommunications, mining, and government.

Following expansion into the UK, Burning Tree evolved into a boutique cybersecurity advisory firm focused on helping organisations navigate complex security, identity, resilience, and transformation challenges.

Today, Burning Tree combines deep technical expertise with strategic advisory experience, supporting organisations across areas including:

  • Identity & Access Management
  • Cybersecurity Strategy & Transformation
  • Security Architecture & Engineering
  • Cyber Maturity & Benchmarking
  • Post-Quantum Readiness
  • Operational Resilience & Assurance

Burning Tree remains intentionally different — a trusted, values-led consultancy built on long-term relationships, practical delivery, and honest advice.

Led by founder David Lello and supported by a global network of trusted specialists and associates, Burning Tree continues to help organisations build secure, resilient, and future-ready businesses.

Our Customers

Over the years, Burning Tree’s people have supported a wide range of organisations — from some of the largest and most complex enterprises in the world to smaller, fast-moving organisations operating at the cutting edge of their industries.

What unites them is the critical importance of trust, resilience, and security to their success.

Global Financial Institutions

We have worked with large, multinational financial services organisations operating across multiple continents, serving millions of customers and managing vast, highly regulated technology environments. These organisations face intense regulatory scrutiny, complex identity ecosystems, and constant pressure to balance security, availability, and customer experience at scale.

Our work in this sector has focused on identity and access management, cyber maturity, governance, resilience, and board-level risk decision-making.

Insurance, Pensions & Asset Management

Our experience includes major insurers, pension providers, and asset managers responsible for safeguarding long-term financial assets and sensitive personal data. These organisations typically operate legacy platforms alongside modern digital services, requiring careful transformation that enhances security without disrupting critical operations.

Energy, Utilities & Natural Resources

We have supported major energy producers, utilities, and resource organisations operating critical national and international infrastructure. These environments require high levels of operational resilience, robust identity controls, and security architectures that can withstand disruption while supporting complex supply chains and industrial systems.

Technology, Telecommunications & Digital Platforms

Burning Tree has worked with global technology providers, telecommunications companies, and digital service platforms operating at scale. These organisations often manage vast user populations, complex identity ecosystems, and highly distributed infrastructure — where identity, access control, and resilience are foundational to service delivery.

Manufacturing & Industrial Enterprises

Our experience spans large industrial and manufacturing organisations with global operations, complex engineering environments, and increasingly connected systems. Security in these contexts requires careful integration of IT, OT, identity, and governance to support safety, reliability, and transformation.

Healthcare & Life Sciences

We have worked with healthcare and life sciences organisations responsible for protecting highly sensitive data while enabling innovation, research, and patient care. These environments combine strong regulatory requirements with the need for secure collaboration across partners, clinicians, and researchers.

Retail & Consumer Businesses

Our work includes large retail and consumer-facing organisations operating at high transaction volumes, with complex supply chains and significant customer identity challenges. Security here must protect data and revenue while supporting seamless customer experiences and rapid change.

Public Sector & Government

We have supported government departments, regulators, public sector bodies and even whole governments, operating in high-trust environments where security, accountability, and resilience are essential. These organisations often face unique challenges around governance, legacy systems, and national-level risk.

Education & Research Institutions

Our experience also includes universities and research organisations that balance openness and collaboration with the need to protect intellectual property, personal data, and critical systems.

Smaller, High-Growth & Highly Dynamic Organisations

Alongside large enterprises, we work with smaller, fast-growing organisations that may not yet have mature security functions but face significant risk due to rapid change, digital ambition, or regulatory pressure. For these organisations, our role is often to provide clarity, structure, and senior guidance without unnecessary complexity.

Breadth, Depth, and Perspective: Because our people have worked across such a broad range of industries and organisational scales, we bring a deeply informed perspective to every engagement.

We understand what “good” looks like in complex global environments — and how to adapt those lessons pragmatically for organisations at different stages of maturity.

This breadth of experience is one of Burning Tree’s greatest strengths.

Our Values

The principles that guide how we think, lead, and serve

At Burning Tree, our values are not statements on a wall — they are the foundation of how we work, how we lead, and how we build trust. In a field where confidence, integrity, and judgement matter deeply, our values shape every decision we make and every relationship we form.

We believe that effective cybersecurity is as much about people, trust, and purpose as it is about technology.

Integrity

We lead with honesty, independence, and responsibility.

Integrity sits at the heart of Burning Tree. We provide clear, objective advice — even when it is difficult, uncomfortable, or commercially inconvenient. Our guidance is independent of vendors, driven by evidence, and grounded in what is right for our clients.

As trusted advisors, we take our responsibility seriously. We are careful stewards of information, relationships, and influence, and we hold ourselves to the highest ethical standards in everything we do.

People First

We value people over transactions and relationships over short-term gain.

Burning Tree is built around people — our clients, our associates, and our partners. We believe strong cybersecurity outcomes are created through trust, collaboration, and respect.

Our associates are experienced practitioners who have led security in complex environments. We invest in relationships, work alongside our clients as partners, and aim to leave organisations stronger and more confident than when we arrived.

Excellence

We bring deep expertise and a commitment to quality in every engagement.

We are proud of the depth and breadth of experience within Burning Tree. Our work is shaped by decades of hands-on leadership across global enterprises, regulated industries, and high-trust environments.

Excellence for us means being prepared, thoughtful, and rigorous — delivering work that stands up to scrutiny at board, regulatory, and operational levels. We do not over-engineer solutions, and we do not settle for superficial answers.

Innovation with Purpose

We innovate to solve real problems, not to chase trends.

Cybersecurity is constantly evolving. Burning Tree embraces innovation — from identity-first security to post-quantum readiness and emerging technology risk — but always with purpose.

We challenge conventional approaches when they no longer serve organisations well, and we develop new ways of thinking that are practical, proportionate, and grounded in real-world needs. Innovation at Burning Tree is about anticipating what’s next, while remaining anchored in today’s realities.

Stewardship & Social Impact

We believe success should create wider benefit.

Burning Tree was founded with a strong sense of stewardship — the belief that leadership, capability, and success come with responsibility. We seek to use our skills, resources, and influence to give back, support communities, and contribute positively beyond our commercial work.

This includes mentoring, pro bono support where appropriate, and sharing insight openly to raise the collective capability of the cybersecurity community.

Faith, Respect, and Inclusion

Our values are faith-rooted, but our work is inclusive.

Burning Tree’s leadership is shaped by Christian values of integrity, service, humility, and generosity. These values inform how we lead and how we treat others, but they are never imposed.

We work with organisations, partners, and individuals from all backgrounds and beliefs, creating an environment built on mutual respect, openness, and shared purpose.

Living Our Values

Our values guide:

  • how we advise boards and executives
  • how we treat confidential information
  • how we work with partners and associates
  • how we approach growth and innovation
  • how we measure success

In a world of increasing digital risk and complexity, we believe values-led leadership is not a constraint — it is a strength.

Burning Tree – Cybersecurity built on integrity, people, and purpose.

Our People

Exceptional people. Trusted relationships. Proven experience.

At Burning Tree, our strength is our people. We are not a traditional consultancy built on large delivery teams or junior staffing models. Instead, we bring together experienced leaders, trusted advisors, and proven practitioners — people who have been there, done it, and understand what it truly takes to deliver cybersecurity in complex, high-stakes environments.

Our Board & Leadership

David Lello — Founder, CEO & Cyber Executive

Burning Tree was founded by David Lello, a cybersecurity leader with more than 30 years of international experience across financial services, government, energy, technology, and other highly regulated sectors.

David has led some of the earliest and most complex Identity & Access Management, cyber risk, and security transformation programmes, and has advised boards and executives across Europe, Africa, and beyond. His leadership combines deep technical understanding with strategic insight, clear communication, and a strong commitment to integrity and stewardship.

Sarah Lello — Chief Financial Officer

Sarah Lello serves as Burning Tree’s Chief Financial Officer, providing financial leadership, governance, and operational oversight to support the firm’s sustainable growth.

Sarah brings a strong focus on financial discipline, transparency, and stewardship, ensuring that Burning Tree operates responsibly, invests wisely, and remains aligned with its values-led mission. Her role is central to maintaining the trust of clients, partners, and associates as the business continues to evolve.

Some of Our Associates

Mark Sones — Associate Director

  • CTO, CISO
  • Cyber Executive
  • Technical Wiz

Maeson Maherry — Associate Director

  • COO
  • Cyber Executive
  • Crypto Genius

Lee Day — Associate Director

  • Cyber Consultant
  • Business Process Security
  • Astro Physicist

Sanjay Charavanapavan — Associate

  • Cyber Executive
  • Consultant
  • Phenomenal Architect

Doug Simmons — Associate

  • Cyber Executive
  • Research
  • Legend

Nigel Edwards — Associate

  • Cyber Executive
  • Communication Security
  • Technical Virtuoso

Our Associate Network

A trusted community of senior leaders and experts

Burning Tree is supported by a carefully selected network of around 40 associates — individuals with whom we have long-standing working relationships built on trust, respect, and shared values.

These are not contractors in name only. They are senior professionals who have held roles such as:

  • Chief Information Security Officer (CISO)
  • Chief Technology Officer (CTO)
  • Chief Information Officer (CIO)
  • Chief Risk Officer (CRO)
  • Cybersecurity Executives and Programme Leaders
  • Senior Security, Identity, and Enterprise Architects

They have led cybersecurity and technology functions inside large global enterprises, regulated organisations, governments, and critical infrastructure environments. They understand accountability, pressure, and the realities of operating at scale.

Why Our Model Works

Our associate-led model allows Burning Tree to bring exactly the right expertise to each engagement — without compromise.

  • Experience first: Clients work with senior practitioners, not learning curves.
  • Trust-based relationships: We work with people we know and trust — many for over a decade.
  • Depth without bureaucracy: We combine the capability of a large consultancy with the agility of a specialist firm.
  • Credibility at every level: From boardrooms to technical teams, our people speak with authority and clarity.

This model ensures that every engagement is led by people who understand both the technical and human realities of cybersecurity.

Shared Values, Shared Standards

What unites our people is not just expertise, but how they work.

Burning Tree associates are chosen not only for their skill, but for their:

  • Integrity and professionalism
  • Ability to communicate clearly with senior leaders
  • Commitment to quality and excellence
  • Respect for confidentiality and trust
  • Willingness to mentor, collaborate, and give back

Our values shape who we work with and how we work together.

A Team Built for Today — and Tomorrow

Cybersecurity challenges are evolving rapidly — from identity and cloud complexity to AI, post-quantum risk, and operational resilience. Burning Tree’s people bring the perspective of experience and the curiosity to keep learning, ensuring we remain relevant, credible, and effective.

Whether advising a board, stabilising a security function, or guiding transformation, our people bring calm leadership, sound judgement, and practical insight.

Burning Tree

Led by experience. Powered by people. Trusted by leaders.