Devizes 6th Form College

University of Brighton

Cyber Security professional

London, England, United Kingdom

Managing cyber security for Open Systems' customers and partners.

Open Systems

Senior Security Operations Centre Engineer

Ofcom

Principal Technology Advisor - Cyber Security Programme

Working to lead and strengthen threat intelligence and security incident response within the Global Security group - covering 34 countries, 41,000 staff and 50.4 million customers.

My role within this organisation is to develop and entrench the processes, procedures and technologies necessary to perform digital forensics, supporting threat & vulnerability management and Global Security Operations.  As a lead responder, I collate knowledge from various business sections to guide technical investigation and appropriate response.  Appropriate responses include immediate clarity of the issue, triage, prompt and regular management reporting.  Advising tactical and strategic improvements to reduce the likelihood and impact of future incidents.  I am an experienced leader often making decisions when all the information in unavailable.  I have exceptional delegation and resource management skills, and take the roles to lead, support or technically manage as is required.  Thinking 'out of the box' for quick wins and key considerations is my strong point.

I've been told by stakeholders that I work best under pressure, but I see such times as a short-lived opportunity to learn how to prevent the problem, or seek to improve the response.

I have a background in law enforcement investigations which has taught me how to operate in sensitive environments, with optimal collaboration and co-ordination  even where disclosure is a significant risk.

Liberty Global

Senior Manager Information Security

Working across multiple teams to provide direction and consultation on threats, risks and their practical mitigation.  Investigating incidents confirmed by first responders to assess full audit trail, impact, recovery and mitigation.

Virgin Media

Principal Security Engineer (Liberty Global Security)

Liberty Global and Virgin Media merged in March 2013.

Principal Security Engineer

As senior member of a small team of security experts, I transitioned operational functions to the Network Operations team, retaining 3rd line escalation.  Levering this broader team to focus on emerging threats, I successfully drove the business case at Board Level for Denial of Service Attack Detection and Protection from concept, through vendor selection, proof of concept, implementation and into an established business facility.  This was at a time where operational savings were paramount and only the most critical CapEx was being approved.   Penetration testing current and new infrastructure, and engineering new solutions compliant to government accreditation standards and legal obligations.

Principal Security Engineer (Engineering & Operations)

Security Consultant (Engineering & Operations)

This is leadership role extended over all the main areas of Information Security.  With a direct responsibility for Operational Security, I performed 2nd/3rd line support and drove continuous improvement to Internet, Data, TV, Voice and Optical networks, together with their associated support & management systems.  Responsibilities evolved over time from Regulatory through to leading security operations, through to writing the company policy set and forming a Security Engineering function.  I established the ISO27001 function within the business (I'm a certified ISO27001 lead auditor) and worked with senior non-security management to review and reduce business risks.   In an engineering role, I ensured that new developments and enhancements did not unnecessarily extend the risk to the business beyond it's appetite.

This role involved the creation and coordination of high-level documentation and business cases with a presentation to various approval groups including Board.  At the other end of the scale, in-depth understanding of technical detail and configuration is essential.

Communication and organisational skills have always been fundamental to my success.

I am one of the longest standing members of the Network Security Information Exchange (NSIE), a closed group of trusted security leaders who work with the government in a non-competitive forum for mutual benefit and customer protection.

I have a detailed understanding of key legislation and compliance frameworks, including DPA, IPA, PACE, PCI/DSS, ISO27001 and CAS(T).   I am currently reading the GDPR and support material.

As senior member of a small team of security experts, I provided operational management, support and engineering.  This included what would now be a very broad set of responsibilities including responding to incidents 24x7, penetration testing current and new infrastructure, and engineering new solutions compliant to government accreditation standards and legal obligations.

Security Consultant  (Security Operations)

Performed Security Management at Accenture's Prestigious London Financial Services Solution Center.  Including review of complex extranet structure and core service delivering network and support services - email, web hosting, web browsing etc.
Provided security consultancy and technical knowledge for customer Internet projects.  Defined and implemented security policy and architecture changes, designed and implemented solutions for global network security connectivity & performed penetration tests as necessary.

Accenture

Security Consultant

Network and system security consultant, responsible for the secure operation of payment systems, internal back office and internet systems (email servers, web access, firewalls).

Providing security consultancy and technical skill for internetworking projects, defining and implementing architecture changes, designing, proving and implementing new/improved solutions for global network security and secure access, Liaising with and advising on Security Policy and implementing improved technology in test and live environments. Planning & performing penetration testing.

Maintaining the network security of all current systems, including live payment/reconciliation systems, 3rd party data feeds, web access, email systems and all networking elements.

Abby National Treasury Services

Responsible for the network and system security of the Barclays bank group systems.  Including internal, extranet and internet firewalls, payment systems, public web servers (including content management) and the worlds third largest internet banking operation.

Providing pre, mid and post-project consultancy with regard to functional design and secure project implementation.  Management of extranet security between financial institutions and suppliers. Maintenance of security for intranet and internet network boundaries. Ensuring that Barclays E-resources infrastructure (including Internet Banking, customer facing web sites, web access, internal and external email), all remain secure and functional.  Planning and performing service upgrades with suitable management reporting.

Barclays Bank Plc

Managing Director of Secure Technologies, a Cyber Security Consultancy.   Provided independent Security Consultancy for a range of clients in the banking and telecommunications sectors.  Skills included Staff Management & training, Client Relationship Management, Revenue Management, Investment Management, Asset Depreciation.   Repeat business through excellent client relationships and successful delivery of client goals.

Secure Technologies Ltd.

Managing Director

Senior member of the support team providing on-site and remote security consultancy direct to customers, including installations, managed services and maintenance.

One of a handful of 3rd line support staff in the UK for Checkpoint products, with direct access to Checkpoint developers to validate features and issues.

3rd  line support for internet connectivity and security products (Firewall-1, Provider-1, SecureID, MailSweeper, WebSweeper etc.) for a large number of corporations, government agencies, and retail ISPs. Provided initial and ongoing design & policy consultancy, installation, configuration and management of various software products and hardware devices. Service provider level fault diagnosis and remedy. E-commerce consultancy, design and implementation of Firewall-1 installations/upgrades.  Security consultancy and Penetration Testing.

Racal Internet Services (now CenturyLink)

Research and Development of emerging technologies for reverse and forward re-engineering of mainframe computer program suites.  Work produced advanced automated Y2K and currency (Euro) translation in multi-million line systems.
Clients included major global financial institutions.

Designed and implemented cross-platform email including client OS upgrades, user tuition and directory services.

Creation of corporate Internet presence, intranet services, and secure internet access.  Setup and maintenance of corporate intranet and secure remote access.

Senior Software Engineer

I am a joint Founder and Moderator of the programming group 'Comp.Lang.C++.Moderated', which I helped create in 1995.  It's purpose is to manage and foster directed discussion of the C++ Programming language.

Comp.Lang.C++.Moderated

Joint Founding Moderator

Software engineering of embedded software and graphical systems, implemented in a variety of software languages.  Local network and Unix systems security expert.  Planned, managed and performed Red Teaming against Global WAN & local LAN systems, advising on vulnerabilities and improvements.  Identified and quantified security risks, detailed suitable mitigation and confirmed risk closure.  Global recognition within organization.

Schlumberger Technologies

Software Engineer

Development and maintenance of in-house distributed source control and software build system. Local network and Unix systems security expert.  Planned, managed and performed Red Teaming against Global WAN & local LAN systems, advising on vulnerabilities and improvements.  Identified and quantified security risks, detailed suitable mitigation and confirmed risk closure.  Global recognition within organization.

Software Engineer Internship

Student System and Network Administrator installing, configuring and managing a new IT center.  Software migration of all educational software, including porting and bug-fixing.

Dom BSc

Dom BSc