I’m a CISSP and CCSP certified Enterprise Security Architect, expert in designing, assessing and implementing cyber security solutions to safeguard business critical assets. My key strengths include: architecting robust security solutions, incorporating a defence in depth approach to designing security controls in line with clients’ requirements; ability to think strategically and obtain buy-in from senior stakeholders; and extensive experience of defining and delivering security improvement programmes to achieve a step change in organisational cyber security maturity levels.

I have a genuine passion for cyber security, technology and innovation. Outside of work I run a hybrid-cloud home lab environment, which I use for testing and deepening my understanding of containerisation, DevSecOps tooling, IoT projects and other things that spark my interest. I’m also an active participant in a number of bug bounty and vulnerability disclosure programmes.

If you would like to contact me about a potential role then please message me on LinkedIn.



My Expertise

  • Security Architecture
  • Security Risk Assessment
  • Security Assurance
  • Containerisation & Kubernetes
  • Data Loss Prevention
  • Security Transformation
  • Cloud Security (Azure, AWS)
  • Team Leadership
  • Stakeholder Management
  • Security Strategy
  • Information Protection
  • Project Management
  • Phishing / Social Engineering



Career Highlights

  • Costa Coffee had no formal Security Architecture & Engineering capability and needed to deliver a significant uplift in cyber security maturity. Employed as the Global Security Architect for the group to establish a Security Architecture & Engineering team. Defined the target operating model for the team; recruited required resources across multiple countries; produced enterprise security strategy and roadmap to deliver a target maturity state; led a multi-year transformation programme to implement new security tools and processes; defined zero-trust strategy for network segmentation . Succeeded in creating an effective and well-regarded team and leading the delivery of the transformation programme to achieve the required cyber security maturity.

  • LME were required to improve their cyber security posture to meet national critical infrastructure requirements. Engaged as Information Security Consultant to improve security maturity level. Reviewed KPMG audit recommendations; designed security improvement programme; produced 24-month roadmap; led security awareness campaign; delivered new web filtering system; implemented encrypted email capability; implemented data leakage protection controls; and data governance tooling. Succeeded in improving security maturity level, addressing audit requirements and passing CBEST testing.

  • Whitbread required secure separation of Costa’s systems and data as part of migrating them to Microsoft Azure. Engaged as Senior Security Consultant & Architect to produce a conceptual design for security services and assure Azure build. Assessed proposed designs for compliance against standards (ISO 27001, CIS & Microsoft Security Baseline); risk assessed compliance gaps, providing options for remediation; produced fit-for purpose design; and scoped/coordinated penetration testing by 3rd party. Succeeded in producing a design and providing assurance during the transition to a cloud hosted environment.

Experience

Security Architect - Santander UK

Apr 2022 - Present

  • Reporting to the Head of Cyber Security Architecture UK, acting as a key liaison and authoritative source of subject matter expertise for internal and external stakeholders in the context of enterprise security architecture.

Key Projects & Achievements

  • Providing architectural assurance on the design and implementation of Santander’s ‘landing zone’ environment within AWS, and the security of containerised workloads that are being migrated from on-premise OpenShift clusters to AWS EKS (Elastic Kubernetes Service).

  • Producing security architecture patterns for key enterprise security technologies being deployed on EKS, including API gateways (Kong Gateway) and identity federation services (PingFederate). Each pattern incorporated detailed threat modelling and identification of recommended controls to address the identified threats.

  • Delivery of multiple security focussed ‘service wraps’ for AWS native cloud services so that they can be utilised by solution architects and development teams in a consistent manner and in-keeping with Santander’s policy requirements.

Global Security Architect - Costa Coffee

Jan 2020 - Apr 2022

  • Employed to lead Costa’s Security Architecture & Engineering team with responsibility for defining the global information security strategy and related technology roadmap.

  • Reporting to the Global Director of Information Security & Data Privacy, leading a team of security architects and engineers across Costa’s major global markets (UK, Poland, China).

Key Projects & Achievements

  • Developed a 3-year security programme roadmap to transform Costa’s security maturity from ‘Basic’ to ‘Managed’; enabling the business to grow rapidly while protecting key systems and data from an evolving threat landscape.

  • Defined a global ‘playbook’ and accompanying reference architectures to guide new market entries and clarify responsibilities for implementing and operating security controls across each of Costa’s strategic propositions.

  • Led the design of a new enterprise-wide SIEM solution to ingest and process security event logs from across Costa’s hybrid multi-cloud environment (on-prem, Azure and AWS).

  • Security subject matter expert for business-critical programmes, including network transformation for UK stores and support centre locations, and development of a new technology blueprint for global franchise growth.


Senior Information Security Consultant / Architect - Whitbread (Contract)

Jan 2019 - Dec 2019

  • Engaged to provide assurance and a conceptual design for security services to ensure secure separation of systems and data from the Whitbread IT estate as part of Coca-Cola’s acquisition of the Costa brand.

  • Reported to the Programme Manager, leading a team of three Security Assurance Consultants.

  • Led the production of a conceptual design for security services to ensure an equivalent level of protection for Costa data and applications pre and post migration.

  • Coordinated technical security tests (including penetration testing), acting as a key point of contact between 3rd party security testing specialists and programme work streams.

  • Created test scopes, ensuring testing pre-requisites are met and reviewing test output to assess and report security risks.

Key Projects & Achievements

  • Successfully provided assurance to both parties of secure separation of data and applications as part of Coca-Cola’s acquisition of the Costa brand from Whitbread. Supported migration from on-premise data centre to Microsoft Azure cloud hosted environment.

  • Developed a conceptual security architecture including firewalls, privileged access management, web filtering, vulnerability management and email security.


Cyber Risk Management Consultant - NFU Mutual (Contract)

Jun 2016 - Dec 2018

  • Engaged to implement a new cyber risk assessment methodology to assist with the quantification of exposure to cyber security risks, reporting to NFUM’s CISO.

  • Provided subject matter expertise for information security, advising business users on security best practices and provided second-line assurance of security controls implemented by strategic projects.

Key Projects & Achievements

  • Performed enterprise-wide risk assessment using IRAM2 methodology.

  • Led procurement and implementation of a Nasdaq BWise Governance, Risk & Compliance tool introducing enhanced rigor for risk assessment processes and reporting to senior management.

  • Developed risk reporting dashboards to display high and low-level views of security risks.

  • Developed process to manage policy exceptions and reporting to senior management.

  • Succeeded in delivering a cyber risk assessment methodology enabling NFUM to quantify its exposure to existing and emerging risks, the output was used to determine the priorities and scope of a £3m security improvement programme.


Cyber Security / Information Security Manager - Department for Education (Contract)

Apr 2016 - Jun 2016

  • Engaged on short term contract to leverage my expertise of Government information assurance and security requirements for public sector organisations, reporting to Head of Information Security.

Key Projects & Achievements

  • Led production of a detailed risk assessment and risk treatment plan in support of the Department’s migration of all key line-of-business applications to a cloud hosting environment.

  • Produced a Privacy Impact Assessment for six new cyber security capabilities to be implemented by the Department to protect business critical systems and data hosted in a cloud computing environment.


Information Security Consultant - London Metal Exchange (Contract)

Feb 2014 - Apr 2016

  • Engaged as Information Security Consultant to significantly improve the cyber security maturity of the organisation following identified security shortfalls in an external audit by KPMG.

  • Led several security initiatives to improve the security maturity level to meet national security requirements and to prepare the organisation for CBEST assessment testing.

  • Reviewed KPMG audit recommendations and identified as-is and to-be requirements, creating a 24-month security improvement programme.

Key Projects & Achievements

  • Designed and delivered a comprehensive cyber security awareness campaign across the business.

  • Project managed the delivery of a new company-wide web filtering solution to reduce the risk of phishing and drive-by download attacks. This solution replaced three separate legacy filtering technologies, significantly simplifying the management of filtering policies across the estate.

  • Led the delivery of a new secure email solution to automatically encrypt outbound email based on the sensitivity classification of the email, or other policy criteria defined by business users.

  • Implemented data leakage prevention controls for corporate email and web traffic. These policy-based controls utilised a combination of keyword matching and data classification metadata to identify sensitive files and prevent them from being sent outside the corporate network.

  • Successfully improved security maturity level, meeting all national critical infrastructure requirements and addressing KPMG audit concerns.

  • Introduction of improved security capabilities underpinned successful completion of CBEST testing.


Earlier Career - Deloitte

2006 - 2014

Various positions within the Technology, Assurance & Advisory and Security & Resilience teams, graduating from Consultant to Senior Manager positions.

Key Projects & Achievements

  • Responsible for leading Deloitte’s Information Protection services in the UK, including the development and implementation of data loss prevention, mobile device management and data classification technology solutions for leading organisations.

  • Completed a 6-month secondment at Ingeus, a global provider of employability services. Worked closely with the business’s CIO to develop and embed a refreshed set of information security policies and procedures aligned to ISO 27001, ensuring compliance with UK Government security requirements.

  • Key contributor to the development of a target operating model for AXA, a multinational insurance company. The deliverables included a refreshed organisation design, governance model and security activity catalogue, all of which were aligned to the business’s goals for the new security organisation.

  • Managed Deloitte’s involvement in a multidisciplinary team of information security specialists tasked by the CIO of AXA to identify and remediate significant security weaknesses in business-critical applications and network infrastructure.