From Florist to Frameworks: Meet Sarah Etherington, iso360

Introducing Sarah Etherington: Senior Auditor Consultant at iso360

We’re excited to welcome Sarah Etherington to iso360 as our new Senior Auditor Consultant. With over a decade of experience across cybersecurity, ISO standards, and business operations, Sarah brings a unique blend of strategic insight, practical know-how, and people-first thinking to the team.

Here’s a closer look at her story—in her own words.

A Non-Traditional Path into Compliance

I’ve taken a slightly unconventional route into information security and compliance—starting out in digital marketing and strategy following my business degree, before finding my way into the world of ISO standards, cybersecurity, and auditing.

I feel really lucky to have been introduced to cybersecurity in 2013, right at the beginning of its upward trajectory. Since then, I’ve seen the launch of Cyber Essentials, the revision of ISO 27001, and worked as both an auditor and an auditee.

Over the past 10+ years, I’ve worked in both internal and client-facing roles, helped start a cybersecurity business, and worked with organisations across a range of sectors. Running my own consultancy now feels like a natural next step.

Falling Into Compliance—And Loving It

Like many in this field, I ended up in compliance almost by accident. My early career focused on operational and client-facing roles in cybersecurity, but everything changed when I became Information Security Manager at Optima Energy in 2018.

Adopting an ISMS in-house opened my eyes to the structure and clarity that ISO frameworks can bring. I enjoyed shaping the system to fit the organisation, and learned a huge amount in the process.

From there, I expanded into quality, business continuity, and AI management standards. Now, I love helping businesses understand their compliance needs and making it feel manageable and meaningful. No two clients or projects are ever the same—and that’s what keeps it exciting.

Passion Meets Purpose

What really drives me is helping businesses realise that ISO compliance doesn’t need to be daunting or dry. It’s not about ticking boxes—it’s about asking the right questions and making frameworks work for your context.

I’m particularly interested in the intersection of cybersecurity, AI, and ethics, and the role of standards like ISO 42001 in shaping how we use AI responsibly.

More than anything, I’m passionate about making compliance clear, practical, and accessible—especially for organisations that don’t know where to start.

Why iso360?

I was introduced to iso360 through a mutual industry contact—and it just clicked. The team is collaborative, down-to-earth, and genuinely focused on making compliance and auditing helpful, human, and even a little enjoyable.

What really stood out to me were the values: growing organically, looking after each other, and doing great work without ego. We get the job done, we have fun doing it, and I’m really proud to be part of the journey.

Outside the Audit Room…

My main passions are travel, food, and wine. I’ve recently completed my WSET Level 1 & 2 wine qualifications, so outside of work you’ll probably find me planning my next food or wine adventure.

Oh—and I’m also a qualified florist, which is a million miles away from the world of cybersecurity!

Words to Work By

One lesson that’s stuck with me throughout my career is that experience builds resilience.

My career hasn’t followed a straight line—and I’m grateful for that. Every twist, challenge, and curveball has taught me something. The tough moments helped me grow, and the good ones reminded me why I love what I do.

It’s all shaped who I am today—and how I show up as a colleague: with empathy, curiosity, determination, and (hopefully!) a good sense of humour.

Qualifications at a Glance

• Degree: Business

• Professional Qualifications: ISO27001, 22301, 9001, 42001 Lead Implementer/Internal Auditor

Next up: CISM and CISSP are on the radar.