Current Role: Principal Security Consultant
I have ten years of experience within Information Security, with a Master of Science (Distinction) in Information Security with Privacy. I am interested in leadership positions. I currently manage a team of approximately ten penetration testers. This role includes strategic planning for the service and day-to-day management of the team.
For the last six years I have been working in a management role within a penetration testing team. I am a CREST Certified Penetration tester (CCT-App). My current position does require me to be actively involved in the delivery of the penetration testing service, effectively using my experience in penetration testing to address complex issues beyond the capabilities of more junior consultants.
I speak regularly at seminars, conferences, and expos. These talks are on a range of topics such as driving security improvements through testing, and anti-malware evasion.
A part of my role involves developing junior team members technically, to assist with this, I created GracefulSecurity.com
CREST Certified Tester – CCT-APP, 2015 – Present
CREST Registered Tester – CRT, 2014 – Present
CompTIA PenTest+, 2018 – Present
CompTIA Security+, 2018 – Present
PCI ASV Certified, 2018 – Present
MSc Information Security and Privacy (Distinction), Cardiff University
92% – Security Techniques
84% – Information and Network Security
76% – Distributed and Cloud Computing
76% – Business and IT Management
75% – E-Commerce and Innovation
74% – Forensics, Trust and Identity
72% – Dissertation
I completed my MSc at Cardiff University between September 2012 and September 2013 and scored a Distinction in every single module of the programme.
Feb 2019 – Current – Principal Security Consultant
As a Principal Security Consultant I have three main responsibilities – management, service development, service delivery.
I manage a team of approximately ten security consultants of varying experience from junior to senior. The main requirement here is mentoring of junior consultants to enable them to develop their own capability and day-to-day management tasks for the wider team.
Service development involves expanding the list of core competencies offered by the organisation. This can be improvements to current services offered or entirely new service lines (including methodologies, descriptions, and delivery). For example, I’m currently working on expanding a hardware hacking capability and developing a cyber strategy capability (Virtual-CISO and Security Advisory services).
For service delivery, I do still get involved in Penetration Testing (from internal infrastructure assessments, to web applications, to hardware device assessments) and to enable this I retain the CREST Certified (CCT-App) certification.
Sept 2013 to Feb 2019 – Continuous Security and Penetration Testing, Team Leader
- Management of two separate technical teams – one of the established penetration testing teams, whilst developing a new Continuous Security Testing team within the Managed Services Practise.
- Working with clients to deliver complex services around security assessment and continuous security testing services. Beginning at initial requirements meetings, developing an offering to address those requirements, and delivering the service, often whilst dealing with multiple client stakeholders.
- Ensuring that issues, both managerial and technical, across both teams are identified quickly and resolved with minimal disruption.
- Having a technical understanding of services to ensure effective delivery of the current service but also to identify potential cross-sales opportunities.
- Technical planning and report writing, both for the development of the new Continuous Security Testing Service but also as part of the Penetration Testing team role.
- Mentoring of junior members of staff to ensure that they can be brought in as an effective team member as quickly as possible.
Sept 2012 to Sept 2013 – Cardiff University, MSc in Information Security and Privacy
Jul 2012 to Sept 2012 – Network Engineer (Contract)
- Working closely with members of multiple departments within a large business, to ensure that new systems being developed are inline with the requirements of the business.
- Working with network infrastructure and security devices such as Cisco ASA and Juniper ISG Firewalls. Whilst this was a Network Engineering role, due to the requirements of the client it was heavily security focused and required strong understanding of Firewall technologies.
- Management and maintenance of the existing network devices and infrastructure; interconnecting approximately 1500 end user devices.
- A great deal of effort was put into improving the physical infrastructure, logical layout and security stance of the network whilst causing a minimal amount of downtime.
Feb 2007 to Jul 2012 – Site Security Officer / Site System Manager
- I worked as part of a team to develop changes and additions to large scale networks, including being involved in peer-review of design and implementation documents.
- Strong knowledge of network security, access control lists, firewalls, potential computer-based attacks, security policy and relevant laws and legislation.
- Operating, maintenance and improvements of network infrastructure and associated systems.
If you would like to contact me about a professional engagement or opportunity, check the contact me page.