CV / Résumé

Key Work Experience

Confidential Employer

 Confidential Employer

Feb 2024 – Present

Cyber Security Leader (Global)

UK Flag Icon UK
IE Flag Icon Ireland
CA Flag Icon Canada
AU Flag Icon Australia
ZA Flag Icon South Africa

Leading a team of skilled cyber security engineers and analysts spanning 5 countries across 4 continents at  Confidential Employer  which are responsible for safeguarding the digital infrastructure across global markets.

Responsibilities include:

  • Heading global security operations, incident response, penetration testing, and vulnerability management.
  • Directing team management, mentorship, and the cultivation of a collaborative, innovative security culture.
  • Proactively adapting the organisation to emerging cyber threats and vulnerabilities to enhance maturity.
  • Leading the refinement and execution of IR strategies, including policy updates and tabletop exercises.
  • Enforcing policy compliance, ensuring alignment with regulatory frameworks, defining mature processes.
  • Implementing an ISMS strategy roadmap and integrating security practices into business and IT projects.
  • Serving as a pivotal member of the change approval board to ensure change processes limit business risk.

Peabody Trust

Peabody Trust

Oct 2022 – Feb 2024

Security Lead

UK Flag Icon London, UK

Responsible for supporting the organisation as a technical lead and cyber security SME in identifying and preventing harm to Peabody Trust systems and information assets.

Responsibilities include:

  • Leading on the review of existing and proposed security related systems and providers.
  • Leading on the delivery of a secure and operationally resilient in-house SOC function.
  • Leading on penetration testing, vulnerability management, and offensive security engineering.
  • Leading on day-to-day monitoring and administration of the organisation cyber security controls.
  • Leading on the creation and review of security policies, procedures, standards, and playbooks.
  • Acting as an SME providing risk-based consultancy on security controls and operations.
  • Driving the development and implementation of the ISMS and wider organisation security strategy.

Jan 2021 – Oct 2022

Security Specialist

UK Flag Icon London, UK


Guardian Logo

Guardian News & Media

Dec 2019 – Mar 2020

Security Specialist

UK Flag Icon London, UK

Reporting directly to the Head of Information Security, I was responsible for the protection of IT infrastructure, co-ordinating security operations (SOC), and acting within the digital environment to manage the security, safety, and operational effectiveness of journalists and their sources.

Responsibilities included:

  • Investigating and responding to network/host intrusion detection alerts.
  • Responding/investigating IT security incidents or breaches and coordinating post-incident review.
  • Monitoring the external landscape for emerging threats and advising on threat intelligence risk.
  • Reviewing current corporate policies and helping to refine procedures for better security.
  • Forensically analysing suspect malware via sandbox environments.
  • Reviewing and approving firewall changes.
  • Maintaining security monitoring platforms and logic.
  • Designing server builds, standards, and security baselines to protect systems, services, and data.
  • Finding vulnerabilities in company deployed web applications and software.

Feb 2019 – Dec 2019

Penetration Tester

UK Flag Icon London, UK

  • Analysis of vulnerabilities in the infrastructure (software, hardware, networks).
  • Creating new tests to identify vulnerabilities across several systems.
  • Assessing the threat model to pinpoint and map likely entry points for hackers.
  • Maintaining awareness of the latest security threats and malware.
  • Hardening enterprise infrastructure with implementations of better security standards.

Nov 2017 – Feb 2019

Information Security Analyst

UK Flag Icon London, UK

  • Engaging with stakeholders to map infrastructure estate to improve visibility of attack surface.
  • Implementing enterprise level IDS/IPS systems and managing their dynamic rule sets.
  • Responding to DLP alerts and educating our user populace on data protection.
  • Enterprise PGP key management (generation, issuing, publishing, revocation).
  • Managing enterprise AV suites to protect servers, clients, comms, and collaboration platforms.
  • Continuously reviewing web gateway reputation requests for whitelisting.
  • Liaising with 3rd party pen testers, updating controls, and remediating where necessary.
  • Supporting with alignment of the wider business strategy advising via the ISWG panel.
  • Providing user admin and training for our whistle-blowing platform (SecureDrop).
  • Member of the ITIL Change Advisory Board.

Charityshare Logo


Sep 2017 – Nov 2017

Cyber Security Analyst

UK Flag Icon London, UK

Worked closely with the ISO, Operations, Architecture and Engineering teams to ensure that computer systems and facilities remained secure and that IT security was effectively managed.

Responsibilities included:

  • Recommending solutions and best practices for cyber security improvement.
  • Assisting in the creation, implementation, and management of security solutions.
  • Assisting in the management of the Service Continuity Plan.
  • Analysis of vulnerabilities in Design Briefs for security related projects.

John Lewis Logo

John Lewis & Partners

Sep 2013 – Aug 2016

Information Security Analyst

UK Flag Icon London, UK

Responsible for working as part of the GRC function to support DLP and information assurance. Took ownership of driving security initiatives, auditing of operational processes, and supporting a culture of continuous improvement.

Responsibilities included:

  • Design audits of systems and processes to ensure compliance with operational standards.
  • Assisting with automation (eg patching levels, email security, encryption, backups).
  • Managing third party assurance activities of suppliers and contractors.
  • Supporting the DP team, managing technical controls, and mapping DP risks.
  • Assisting in the design of security controls and providing input to new projects.
  • Developing data controls, linking risks, defining metrics and capturing measurements.

Mar 2013 – Sep 2013

Junior Security Analyst

UK Flag Icon London, UK

  • Shadowed the internal SOC and DP teams and helped improve operational processes.
  • Assisted with the creation of incident reports as part of the internal IR process.
  • Helped co-ordinate user awareness training exercises for new employees.

Freelance Work

Synack Logo

Synack SRT

Mar 2023 – Present

Security Researcher

Comprised of some of the most sought after security researchers in the world, the Synack Red Team (SRT) is a private freelance security research team that spans 6 continents and over 80 countries to help protect the best brands in the world.

Research activities include:

  • Collaborating with a supportive community of the top cybersecurity researchers in the world.
  • Carrying out penetration tests on computer systems, networks and applications.
  • Providing high-quality vulnerability reports in accordance with Synack's quality rule and policies.
  • Writing complex code to help find vulnerabilities beyond the capability of automated scanners.

Personal Projects

Subsquat Logo


May 2021 – Present


An alert subscription service offering companies and individuals web based tooling to automate the continuous discovery of public-facing subdomains within their DNS zone estate, and alert on any which may be identified as vulnerable to malicious takeover.

Responsibilities include:

  • General administration of REST API and associated functionality.

Fobber Logo


Nov 2020 – Present


Fobber is an online platform that provides fast and affordable key fob cloning services across the UK.

Responsibilities include:

  • General business administration of company and all ecommerce activities.
  • Utilising a number of pen testing techniques to facilitate the widest key cloning options possible.
  • Creating and maintaining workflow documentation to provide a uniform customer experience.

Subject Access Logo

Subject Access

Apr 2019 – Present


Subject Access is a web-based platform centred on GDPR law to assist UK/EU citizens with exercising their right of access (Data Subject Access Requests) through the use of interactive and user-friendly web forms.

Responsibilities include:

  • Building a custom mail delivery system which hooks to user submissions.
  • Server management (hosting) and optimisation of security controls.
  • Ensuring data processing operations are compliant with GDPR and DPA law.
  • Creating and maintaining workflow documentation.
  • Integrating data from various backend services and databases.

Deadswitch Logo


Feb 2017 – Present


Deadswitch is a zero-knowledge mechanism, designed to protect journalists and whistle-blowers by enabling the targeted exposure of public interest material. As founder and director I am responsible for oversight of the project design, operations, and security controls.

Responsibilities include:

  • Writing well designed, testable, efficient code by using best software development practices.
  • Creating website layout/user interface and functions using HTML/CSS, PHP, JavaScript and jQuery.
  • Defining the project scope, design, deployment, testing, and implementation of features.
  • Managing all PHP backend server-side security controls (WAF).
  • Ensuring technical protections satisfy privacy standards and remain in compliance with law.
  • Creating and managing a Bug Bounty Program centered on the service.
  • Implementation of OpenPGP.js libraries for client-side encryption.

CryptKey Logo


Aug 2016 – Jun 2017


CryptKey was an early-development mobile application that leveraged existing wireless NFC features on modern smartphones to securely query implantable RFID tags for authentication.

Responsibilities included:

  • Maintaining privacy-centric objectives throughout the application development life cycle.
  • Implementation of open-source cryptographic libraries (AES, RSA, ECDH, PBKDF2, etc).
  • Work on bug fixing and improving application performance.
  • Working with outside data sources and APIs (remote data such as REST and JSON).
  • Unit-test code for robustness, including edge cases, usability, and general reliability.
  • A hands-on approach towards project management and the driving of public engagement.

Technical Skills

Security Operations

  • Firewalls
  • Mobile Security
  • Threat Intel
  • Forensics
  • Malware Analysis
  • AV Management
  • IR Procedures

Penetration Testing

  • Vuln Scanning
  • Attack Execution
  • Metasploit
  • Reporting
  • Bug Bounties
  • Cracking
  • Scoping

Data Privacy

  • DLP
  • Data Protection
  • GDPR
  • Data Breaches
  • DSARs
  • Laws/Practices
  • Threats/Risks
  • Compliance


  • PKI
  • Public-key
  • Signatures
  • Hashing
  • PGP
  • Blockchain
  • Steganography

Programming Languages

  • Perl
  • Java
  • Python
  • JavaScript
  • JSON
  • XML
  • SQL


  • Risk Management
  • Policy Creation
  • Internal Audits
  • Regulations
  • Risk Assessments
  • Due Diligence
  • Assurance
  • ISO Standards

Database Management

  • MySQL
  • MongoDB
  • SQLite
  • Oracle
  • AWS (RDS)
  • PostgreSQL
  • phpMyAdmin

Operating Systems

  • Windows
  • Kali Linux
  • Parrot OS
  • Ubuntu
  • Android
  • VMware
  • VirtualBox

Web Development

  • (X)HTML
  • CSS
  • JavaScript
  • jQuery
  • PHP
  • Hosting
  • User Experience
  • Design