I’m a CISSP and CCSP certified Enterprise Security Architect, with expertise in assessing and implementing cyber security solutions to safeguard business critical assets.
My strengths include: leading cyber risk assessments to assist clients to better understand and manage their exposure to cyber threats, enabling more informed business decision making; and architecting robust security solutions, incorporating a defence in depth approach to designing security controls in line with clients’ requirements.
I have a superior knowledge of information protection, securing assets throughout the data lifecycle from creation to destruction and also have extensive experience of delivering security improvement programmes to achieve a step change in organisational cyber security maturity levels, addressing potential security breaches and security audit recommendations.
If you would like to contact me about a potential role then either please message me on LinkedIn.
- Security Architecture
- Security Risk Assessment
- Security Assurance
- Governance, Risk & Compliance
- Data Loss Prevention
- Data Classification
- Security Transformation
- Cloud Security (Azure, AWS)
- Team Leadership
- Stakeholder Management
- Information Protection
- Project Management
- Phishing / Social Engineering
Global Security Architect - Costa Coffee
Jan 2020 - Present
Accountable for the development of information security architecture across the entire Costa Group.
Director - Cyber Threat Consulting
Oct 2014 - Jan 2020 (5yrs 4 mos)
Operated as an independent contractor, delivering cyber security consultancy services to organisations such as Whitbread, NFU Mutual, The London Metal Exchange and the Department for Education. See details of contracts that I have delivered for clients below (and my permanent career prior to that).
Senior Information Security Consultant / Architect - Whitbread (Contract)
Jan 2019 - Dec 2019 (12 mos)
Engaged to provide assurance and a conceptual design for security services to ensure secure separation of systems and data from the Whitbread IT estate as part of Coca-Cola’s acquisition of the Costa brand. Lead the production of a conceptual design for security services to ensure secure an equivalent level of protection for Costa data and applications pre and post migration. Reviewed solution designs proposed by the client’s outsourced IT provider to identify potential gaps in capability and implementation of security standards (ISO 27001, CIS & Microsoft Security Baseline). Completed risk assessment of compliance gaps, providing pragmatic options for remediation.
Cyber Risk Management Consultant - NFU Mutual (Contract)
Jun 2016 - Dec 2018 (2yrs 7 mos)
Engaged to implement a new cyber risk assessment methodology to assist with the quantification of exposure to cyber security risks. Provided subject matter expertise for information security, advising business users on security best practices and provided second-line assurance of security controls implemented by strategic projects. Also provided GDPR and data protection compliance guidance to strategic business projects.
- Performed enterprise-wide risk assessment using IRAM2 methodology.
- Procured and implemented a Governance, Risk & Compliance tool (Nasdaq BWise) introducing enhanced rigor for risk assessment processes and reporting to senior management.
- Developed risk reporting dashboards to display high and low-level views of security risks.
- Succeeded in delivering a cyber risk assessment methodology enabling NFUM to quantify its exposure to existing and emerging risks, the output was used to determine the priorities and scope of a £3m security improvement programme.
Cyber Security / Information Security Manager - Department for Education (Contract)
Apr 2016 - Jun 2016 (3 mos)
Engaged on short term contract to leverage my expertise of Government information assurance and security requirements for public sector organisations.
- Led production of a detailed risk assessment and risk treatment plan in support of the Department’s migration of all key line-of-business applications to a cloud hosting environment.
- Produced a Privacy Impact Assessment for six new cyber security capabilities to be implemented by the Department to protect business critical systems and data hosted in a cloud computing environment.
Information Security Consultant - London Metal Exchange (Contract)
Feb 2014 - Apr 2016 (2yrs 3 mos)
Engaged as Information Security Consultant to significantly improve the cyber security maturity of the organisation following identified security shortfalls in an external audit by KPMG.
- Designed and delivered a comprehensive cyber security awareness campaign across the business. This included coordinating regular phishing awareness tests using Cofense PhishMe to quantify the risk of the business being compromised by a successful spear phishing attack.
- Project managed the delivery of a new company-wide web filtering solution to reduce the risk of phishing and drive-by download attacks. This solution replaced three separate legacy filtering technologies, significantly simplifying the management of filtering policies across the estate.
- Led the delivery of a new secure email solution to automatically encrypt outbound email based on the sensitivity classification of the email, or other policy criteria defined by business users.
- Implemented a new data governance system to scan unstructured data stores in order to identify sensitive files and configure appropriate access permissions based on each user’s department and role.
- Implemented data leakage prevention controls for corporate email and web traffic. These policy-based controls utilised a combination of keyword matching and data classification metadata to identify sensitive files and prevent them from being sent outside the corporate network.
- Successfully improved security maturity level, meeting all national critical infrastructure requirements and addressing KPMG audit concerns. Introduction of improved security capabilities underpinned successful completion of CBEST testing.
Earlier Career - Deloitte
2006 - 2014 (8yrs)
Various positions within the Technology, Assurance & Advisory and Security & Resilience teams, graduating from Consultant to Senior Manager positions.
- Responsible for leading Deloitte’s Information Protection services in the UK, including the development and implementation of data loss prevention, mobile device management and data classification technology solutions for leading organisations.
- Completed a 6-month secondment at Ingeus, a global provider of employability services. Worked closely with the business’s CIO to develop and embed a refreshed set of information security policies and procedures aligned to ISO 27001, ensuring compliance with UK Government security requirements.
- Key contributor to the development of a target operating model for AXA, a multinational insurance company. The deliverables included a refreshed organisation design, governance model and security activity catalogue, all of which were aligned to the business’s goals for the new security organisation.
- Managed Deloitte’s involvement in a multidisciplinary team of information security specialists tasked by the CIO of AXA to identify and remediate significant security weaknesses in business-critical applications and network infrastructure.