CV / Résumé





Key Work Experience



Guardian Logo

Guardian News & Media

Dec 2019 – Mar 2020

Security Specialist

London, UK

Reporting directly to the Head of Information Security, I was responsible for the protection of IT infrastructure, co-ordinating security operations (SOC), and acting within the digital environment to manage the security, safety, and operational effectiveness of journalists and their sources.

Responsibilities included:

  • Investigating and responding to network/host intrusion detection alerts.
  • Responding/investigating IT security incidents or breaches and coordinating post-incident review.
  • Monitoring the external landscape for emerging threats and advising on threat intelligence risk.
  • Reviewing current corporate policies and helping to refine procedures for better security.
  • Forensically analysing suspect malware via sandbox environments.
  • Reviewing and approving firewall changes.
  • Maintaining security monitoring platforms and logic.
  • Designing server builds, standards, and security baselines to protect systems, services, and data.
  • Finding vulnerabilities in company deployed web applications and software.


Feb 2019 – Dec 2019

Penetration Tester

London, UK

  • Analysis of vulnerabilities in the infrastructure (software, hardware, networks).
  • Creating new tests to identify vulnerabilities across several systems.
  • Assessing the threat model to pinpoint and map likely entry points for hackers.
  • Maintaining awareness of the latest security threats and malware.
  • Hardening enterprise infrastructure with implementations of better security standards.


Nov 2017 – Feb 2019

Information Security Analyst

London, UK

  • Engaging with stakeholders to map infrastructure estate to improve visibility of attack surface.
  • Implementing enterprise level IDS/IPS systems and managing their dynamic rule sets.
  • Responding to DLP alerts and educating our user populace on data protection.
  • Enterprise PGP key management (generation, issuing, publishing, revocation).
  • Managing enterprise AV suites to protect servers, clients, comms, and collaboration platforms.
  • Continuously reviewing web gateway reputation requests for whitelisting.
  • Liaising with 3rd party pen testers, updating controls, and remediating where necessary.
  • Supporting with alignment of the wider business strategy advising via the ISWG panel.
  • Providing user admin and training for our whistle-blowing platform (SecureDrop).
  • Member of the ITIL Change Advisory Board.


Charityshare Logo

Charityshare

Sep 2017 – Nov 2017

Cyber Security Analyst

London, UK

Worked closely with the ISO, Operations, Architecture and Engineering teams to ensure that computer systems and facilities remained secure and that IT security was effectively managed.

Responsibilities included:

  • Recommending solutions and best practices for cyber security improvement.
  • Assisting in the creation, implementation, and management of security solutions.
  • Assisting in the management of the Service Continuity Plan.
  • Analysis of vulnerabilities in Design Briefs for security related projects.


John Lewis Logo

John Lewis & Partners

Sep 2013 – Aug 2016

Information Security Analyst

London, UK

Responsible for working as part of the GRC function to support DLP and information assurance. Took ownership of driving security initiatives, auditing of operational processes, and supporting a culture of continuous improvement.

Responsibilities included:

  • Design audits of systems and processes to ensure compliance with operational standards.
  • Assisting with automation (eg patching levels, email security, encryption, backups).
  • Managing third party assurance activities of suppliers and contractors.
  • Supporting the DP team, managing technical controls, and mapping DP risks.
  • Assisting in the design of security controls and providing input to new projects.
  • Developing data controls, linking risks, defining metrics and capturing measurements.


Mar 2013 – Sep 2013

Junior Security Analyst

London, UK

  • Shadowed the internal SOC and DP teams and helped improve operational processes.
  • Assisted with the creation of incident reports as part of the internal IR process.
  • Helped co-ordinate user awareness training exercises for new employees.





Personal Projects



Deadswitch Logo

Deadswitch

Feb 2017 – Present

CEO / Founder

Deadswitch is a zero-knowledge mechanism, designed to protect journalists and whistle-blowers by enabling the targeted exposure of public interest material. As founder and director I am responsible for oversight of the project design, operations, and security controls.

Responsibilities include:

  • Writing well designed, testable, efficient code by using best software development practices.
  • Creating website layout/user interface and functions using HTML/CSS, PHP, JavaScript and jQuery.
  • Defining the project scope, design, deployment, testing, and implementation of features.
  • Managing all PHP backend server-side security controls (WAF).
  • Ensuring technical protections satisfy privacy standards and remain in compliance with law.
  • Creating and managing a Bug Bounty Program centered on the service.
  • Implementation of OpenPGP.js libraries for client-side encryption.


Subject Access Logo

Subject Access

Apr 2019 – Present

CEO / Founder

Subject Access is a web-based platform centred on GDPR law to assist UK/EU citizens with exercising their right of access (Data Subject Access Requests) through the use of interactive and user-friendly web forms.

Responsibilities include:

  • Building a custom mail delivery system which hooks to user submissions.
  • Server management (hosting) and optimisation of security controls.
  • Ensuring data processing operations are compliant with GDPR and DPA law.
  • Creating and maintaining workflow documentation.
  • Integrating data from various backend services and databases.


CryptKey Logo

CryptKey

Aug 2016 – Jun 2017

CEO / Founder

CryptKey was an early-development mobile application that leveraged existing wireless NFC features on modern smartphones to securely query implantable RFID tags for authentication.

Responsibilities included:

  • Maintaining privacy-centric objectives throughout the application development life cycle.
  • Implementation of open-source cryptographic libraries (AES, RSA, ECDH, PBKDF2, etc).
  • Work on bug fixing and improving application performance.
  • Working with outside data sources and APIs (remote data such as REST and JSON).
  • Unit-test code for robustness, including edge cases, usability, and general reliability.
  • A hands-on approach towards project management and the driving of public engagement.




Technical Skills




Security Operations

  • IDS/IPS
  • Firewalls
  • Mobile Security
  • Threat Intel
  • Forensics
  • Malware Analysis
  • AV Management
  • IR Procedures


Penetration Testing

  • Vuln Scanning
  • Attack Execution
  • Metasploit
  • Reporting
  • Bug Bounties
  • OSINT
  • Cracking


Data Privacy

  • DLP
  • GRC Policies
  • GDPR
  • Data Protection
  • DSARs
  • Risk Assessments
  • Risk Management


Cryptography

  • Symmetric
  • Public-key
  • Signatures
  • Hashing
  • PGP
  • Blockchain
  • Steganography




Programming Languages

  • Perl
  • Java
  • Python
  • JavaScript
  • JSON
  • XML
  • SQL


Web Development

  • (X)HTML
  • CSS
  • JavaScript
  • jQuery
  • PHP
  • Hosting
  • User Experience
  • Design


Database Management

  • MySQL
  • MongoDB
  • SQLite
  • Oracle
  • AWS (RDS)
  • PostgreSQL
  • phpMyAdmin


Operating Systems

  • Windows
  • Kali Linux
  • Parrot OS
  • Ubuntu
  • Android
  • VMware
  • VirtualBox


Certifications