My CV

I have been in the Information Security world since 1999 and in IT in general since 1996. My work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. I have held positions that have provided me with a unique understanding of how businesses and IT align effectively with large organizations.

My background includes a substantial history of first-hand responsibilities for information systems operations, network engineering, and information security management. During my career, I have achieved numerous technical and engineering qualifications and certifications, including Certified Information Systems Security Professional (CISSP). I was a community leader in Payment Card Industries Data Security Standards and in 2009 was voted runner-up in the SC Magazine’s Information Security Person of the Year.

Education & Qualifications

  • 2015 – Offensive Security Certified Professional (OS-6893)
  • 2015 – CREST Registered Tester
  • 2014 – MSc Cyber Security
  • 2011 – Chartered IT Professional
  • 2011 – Fellow of the British Computer Society
  • 2008 – LLM in Information and Data Protection Law
  • 2007 – ISC2 Certified Information Systems Security Professional (106014)
  • 2007 – ISACA Certified Information Systems Auditor
  • 2005 – 7Safe Ethical Hacking Course
  • 2005 – SANS GIAC Certified Forensic Analyst
  • 1998 – CompTIA Security+
  • 1997 – CISCO CCNA
  • 1996 – CompTIA A+
  • 1994 – A-Level Business Studies, A-Level Finance Studies
  • 1992 – GCSE A in Physics, Biology, Chemistry (A). GCSE B in Maths, Business Studies, Engineering. GCSE C in English, Humanities

Publications

  • What Every CEO Needs to Know about Cyber Security, 2016.
  • Penetration Testing with Metasploit Pro – an internal Rapid7 training course, 2011
  • Penetration Testing with Metasploit Pro – an internal Rapid7 manual to support the training course, 2011
  • Cyber Security in the Real World – Infosec Europe, 2010
  • Information Security for the SME – Infosec Europe, 2010
  • Managing Cyber Security in a Dashboard, Splunk Congress, 2010
  • Cyber Security Defence in Practise, What the Big 4 got wrong – Congress, 2009
  • Whitepaper on Defending Web Applications through OWASP, 2007
  • Whitepaper on the Management of DDoS Attacks, 2006
  • NeXpose Masterclass – an internal Rapid7 manual and training course

Charity & Volunteer Work

The Dove Service

Date: December 2015 to December 2018
Position: Trustee – Data Protection and Cyber Security
Industry: Bereavement Counselling.

Bringing all my skills from the corporate world to The Dove Service to act as a trustee with a unique insight into Data Protection and Cyber Security. The Dove Service is a bereavement counseling charity based in Stoke on Trent in the Midlands of the UK.

Key Roles, Responsibilities & Contributions

  • Trustee Board level responsibility for all aspects of the business, including:
    • oversight responsibility for financial health and management of the business;
    • oversight management of a 17 employees and contractors;
    • working with the CEO to determine strategic objectives and policies;
    • monitoring progress towards achieving the objectives and policies;
    • working with the CEO to appoint senior management; and
    • accounting for the company’s activities to relevant parties, e.g. government bodies.
  • Responsibility as the responsible trustee board member for security:
    • to act within powers in accordance with the company’s constitution and to use those powers only for the purposes for which they were conferred;
    • to promote the success of the company for the benefit of its members;
    • to exercise independent judgement;
    • to exercise reasonable care, skill and diligence;
    • to avoid conflicts of interest;
    • not to accept benefits from third parties; and
    • to declare an interest in a proposed transaction or arrangement.
    • development and execution against a roadmap of compliance to ensure:
      • ISO27001:2013 compliance
      • ISO9001 compliance;
      • Cyber Essentials compliance; and
      • PCI-DSS compliance.
    • monitoring of suppliers and contractors to ensure security to maintained of patient records; and
    • development of internal staff, developing areas of keen interest and supporting academic programs of development within information security.

The Scouts Association

Date: March 2015 to December 2019
Position: Scout Leader
Industry: Education and Life Skills.

Bring all my skills from the outdoor world to help young people develop to their fullest potential. As a Scout Leader I am responsible for up to 30 young people and six adults on a weekly basis.

Key Roles, Responsibilities & Contributions

  • Management of six adults across three sections with up to 30 young people per section;
  • Delivering a Balanced Programme for the Scout Section considering needs interests and abilities of the Scouts within their Troop;
  • Agree responsibilities with Assistant Scout Leaders, considering when appropriate, the development of the individual’s leadership potential;
  • The appointment of Troop Assistants with the approval of the Group Scout Leader;
  • Agree responsibilities with Troop Assistants, considering when appropriate, the development of the individual’s leadership potential;
  • Ensure the safe delivery of the programme in accordance with the requirements of the appropriate rules in Policy, Organisation and Rules (POR) that govern meetings, events, and other adventurous activities and the Young People First initiative;
  • Ensure that every member of the Troop can attend at least one Patrol or Troop residential experience each year;
  • Actively co-operate with the District Explorer Scout Commissioner and Administrator to promote the Moving On award;
  • Be responsible for the provision of the Moving On Award for Cub Scouts working closely with the Cub Scout Leader(s);
  • Actively support and promote with other Leaders of the Group the achievement of the Group Awards;
  • Follow the Groups financial procedures which must be in accordance with POR;
  • Ensure accurate records are kept of the Scouts in the Troop, including home contact and medical details as well as the residential experiences and activities they attend and the awards and badges that they earn. All this must be done in accordance with the Data Protection Act 1998. These records must be passed on to the DESA when the Scout reaches the age of 13 or prior to moving onto Explorer Scouts;
  • Attend meeting of the Group Council, and the Group Executive Committee as well as meetings of leaders at Group and District level;
  • To carry out self-review;
  • Ensure regular opportunities are provided for Troop Forums in order to ensure that the Scouts’ views and opinions can be considered;
  • Work with Training Adviser to complete Adult Training; and
  • Make and retain relationships with parents / carers of the Scouts.

Royal National Lifeboat Institution

Date: May 2002 to October 2006
Position: Lifeboat Crewman
Industry: Search and Rescue

As a volunteer lifeboat man I would respond to all shouts to come to the aid of sea farers in distress or difficulty without hesitation. During this time, I was based from Mersea Island and served aboard the Atlantic 21 “Himley Hall” and then the Atlantic 27 “Dignity” boats.

Key Roles, Responsibilities & Contributions

  • To respond to “May Day” calls along our watch area 24 hours a day, 7 days a week regardless of weather, sea state or personal circumstance;
  • On deployments, my primary responsibility was for launch and recovery, communications and medical cover;
  • Primarily responsible for maintenance support for the radios, pagers and other communications kit;
  • Secondary responsibility for maintenance support for the boat and the station; and
  • Assistance with fundraising for the station

Recreation

  • GT Racing Driver – British GT Cup, Ginetta GT4 Supercup and Britcar Endurance series
  • Historic Formula 3 Racing
  • Group Scout Leader for 2nd Cheadle. Managing 12 adults with over 70 young people
  • Offshore Sailing