CV / Résumé








Key Work Experience



Confidential Employer

 Confidential Employer

Aug 2024 – Present

Director, Information Security (Global)

UK Flag Icon UK   IE Flag Icon IE   CA Flag Icon CA  
AU Flag Icon AU   ZA Flag Icon SA  

Leading a team of skilled cyber security engineers and analysts spanning 5 countries across 4 continents at  Confidential Employer  which are responsible for safeguarding the digital infrastructure across global markets.

Responsibilities include:

  • Heading global security operations, incident response, penetration testing, and vulnerability management.
  • Advising the executive leadership on the integration of security into strategic and operational processes.
  • Proactively adapting the organisation to emerging cyber threats and vulnerabilities to enhance maturity.
  • Leading the refinement and execution of IR strategies, including policy updates and tabletop exercises.
  • Enforcing policy compliance, ensuring alignment with regulatory frameworks, defining mature processes.
  • Implementing an ISMS strategy roadmap and integrating security practices into global IT projects.
  • Serving as a pivotal member of the change approval board to ensure change processes limit business risk.


Feb 2024 – Aug 2024

Security Lead (Global)

UK Flag Icon UK   IE Flag Icon IE   CA Flag Icon CA  
AU Flag Icon AU   ZA Flag Icon SA  

 
 



Peabody Trust

Peabody Trust

Oct 2022 – Feb 2024

Security Lead

UK Flag Icon London, UK

Responsible for supporting the organisation as a technical lead and cyber security SME in identifying and preventing harm to Peabody Trust systems and information assets.

Responsibilities included:

  • Leading on the review of existing and proposed security related systems and providers.
  • Leading on the delivery of a secure and operationally resilient in-house SOC function.
  • Leading on penetration testing, vulnerability management, and offensive security engineering.
  • Leading on day-to-day monitoring and administration of the organisation cyber security controls.
  • Leading on the creation and review of security policies, procedures, standards, and playbooks.
  • Acting as an SME providing risk-based consultancy on security controls and operations.
  • Driving the development and implementation of the ISMS and wider organisation security strategy.


Jan 2021 – Oct 2022

Security Specialist

UK Flag Icon London, UK

 
 



Guardian Logo

Guardian News & Media

Dec 2019 – Mar 2020

Security Specialist

UK Flag Icon London, UK

Reporting directly to the Head of Information Security, I was responsible for the protection of IT infrastructure, co-ordinating security operations (SOC), and acting within the digital environment to manage the security, safety, and operational effectiveness of journalists and their sources.

Responsibilities included:

  • Investigating and responding to network/host intrusion detection alerts.
  • Responding/investigating IT security incidents or breaches and coordinating post-incident review.
  • Monitoring the external landscape for emerging threats and advising on threat intelligence risk.
  • Reviewing current corporate policies and helping to refine procedures for better security.
  • Forensically analysing suspect malware via sandbox environments.
  • Reviewing and approving firewall changes.
  • Maintaining security monitoring platforms and logic.
  • Designing server builds, standards, and security baselines to protect systems, services, and data.
  • Finding vulnerabilities in company deployed web applications and software.


Feb 2019 – Dec 2019

Penetration Tester

UK Flag Icon London, UK

  • Analysis of vulnerabilities in the infrastructure (software, hardware, networks).
  • Creating new tests to identify vulnerabilities across several systems.
  • Assessing the threat model to pinpoint and map likely entry points for hackers.
  • Maintaining awareness of the latest security threats and malware.
  • Hardening enterprise infrastructure with implementations of better security standards.


Nov 2017 – Feb 2019

Information Security Analyst

UK Flag Icon London, UK

  • Engaging with stakeholders to map infrastructure estate to improve visibility of attack surface.
  • Implementing enterprise level IDS/IPS systems and managing their dynamic rule sets.
  • Responding to DLP alerts and educating our user populace on data protection.
  • Enterprise PGP key management (generation, issuing, publishing, revocation).
  • Managing enterprise AV suites to protect servers, clients, comms, and collaboration platforms.
  • Continuously reviewing web gateway reputation requests for whitelisting.
  • Liaising with 3rd party pen testers, updating controls, and remediating where necessary.
  • Supporting with alignment of the wider business strategy advising via the ISWG panel.
  • Providing user admin and training for our whistle-blowing platform (SecureDrop).
  • Member of the ITIL Change Advisory Board.


Charityshare Logo

Charityshare

Sep 2017 – Nov 2017

Cyber Security Analyst

UK Flag Icon London, UK

Worked closely with the ISO, Operations, Architecture and Engineering teams to ensure that computer systems and facilities remained secure and that IT security was effectively managed.

Responsibilities included:

  • Recommending solutions and best practices for cyber security improvement.
  • Assisting in the creation, implementation, and management of security solutions.
  • Assisting in the management of the Service Continuity Plan.
  • Analysis of vulnerabilities in Design Briefs for security related projects.


John Lewis Logo

John Lewis & Partners

Sep 2013 – Aug 2016

Information Security Analyst

UK Flag Icon London, UK

Responsible for working as part of the GRC function to support DLP and information assurance. Took ownership of driving security initiatives, auditing of operational processes, and supporting a culture of continuous improvement.

Responsibilities included:

  • Design audits of systems and processes to ensure compliance with operational standards.
  • Assisting with automation (eg patching levels, email security, encryption, backups).
  • Managing third party assurance activities of suppliers and contractors.
  • Supporting the DP team, managing technical controls, and mapping DP risks.
  • Assisting in the design of security controls and providing input to new projects.
  • Developing data controls, linking risks, defining metrics and capturing measurements.


Mar 2013 – Sep 2013

Junior Security Analyst

UK Flag Icon London, UK

  • Shadowed the internal SOC and DP teams and helped improve operational processes.
  • Assisted with the creation of incident reports as part of the internal IR process.
  • Helped co-ordinate user awareness training exercises for new employees.





Freelance Work



Synack Logo

Synack Red Team

Mar 2023 – Aug 2024

Security Researcher

Comprised of some of the most sought after security researchers in the world, the Synack Red Team (SRT) is a private freelance security research team that spans 6 continents and over 80 countries to help protect the best brands in the world.

Research activities included:

  • Collaborating with a supportive community of the top cybersecurity researchers in the world.
  • Carrying out penetration tests on computer systems, networks and applications.
  • Providing high-quality vulnerability reports in accordance with Synack's quality rule and policies.
  • Writing complex code to help find vulnerabilities beyond the capability of automated scanners.







Technical Skills




Security Operations

  • IDS/IPS
  • Firewalls
  • Mobile Security
  • Threat Intel
  • Forensics
  • Malware Analysis
  • AV Management
  • IR Procedures


Penetration Testing

  • Vuln Scanning
  • Attack Execution
  • Metasploit
  • Reporting
  • Bug Bounties
  • OSINT
  • Cracking
  • Scoping


Data Privacy

  • DLP
  • Data Protection
  • GDPR
  • Data Breaches
  • DSARs
  • Laws/Practices
  • Threats/Risks
  • Compliance


Cryptography

  • PKI
  • Public-key
  • Signatures
  • Hashing
  • PGP
  • Blockchain
  • Steganography



Programming Languages

  • Perl
  • Java
  • Python
  • JavaScript
  • JSON
  • XML
  • SQL


GRC

  • Risk Management
  • Policy Creation
  • Internal Audits
  • Regulations
  • Risk Assessments
  • Due Diligence
  • Assurance
  • ISO Standards


Database Management

  • MySQL
  • MongoDB
  • SQLite
  • Oracle
  • AWS (RDS)
  • PostgreSQL
  • phpMyAdmin


Operating Systems

  • Windows
  • Kali Linux
  • Parrot OS
  • Ubuntu
  • Android
  • VMware
  • VirtualBox



Web Development

  • (X)HTML
  • CSS
  • JavaScript
  • jQuery
  • PHP
  • Hosting
  • User Experience
  • Design


HackTheBox



TryHackMe



HackTheBox



TryHackMe





Certifications