I have ten years of experience within Information Security, a Master’s degree and I am CREST CCT-App certified. I currently manage a team of penetration testers and have a strong involvement in improving the capability of the technical team, through creating and developing service lines.
I engage in public speaking regularly on a range of topics such as driving security improvements through testing. A part of my role involves developing junior team members, I created GracefulSecurity.com.
With my interests shifting more and more towards the business side of my position, I've taken the leap to begin working on an MBA, a Masters in Business Administration, to sit alongside my Master of Science in Information Security. We all need a hobby, right?
CREST Certified Tester – CCT-APP, 2015 – Present
CREST Registered Tester – CRT, 2014 – Present
CompTIA PenTest+, 2018 – Present
CompTIA Security+, 2018 – Present
PCI ASV Certified, 2018 – Present
Feb 2019 – Current
My current role involves management of a team of penetration testers which varies in experience from junior to senior and includes those working from the office and remotely. The main requirement here is mentoring of junior consultants to enable them to develop their own capability and day-to-day management of the wider team.
Service development involves expanding the list of core competencies offered by the organisation. This can be improvements to current services offered or entirely new service lines (including methodologies, descriptions, and delivery). For example, expanding on the hardware hacking capability and developing a cyber strategy capability (vCISO and Security Advisory services).
I’m experienced in a range of penetration testing, from internal infrastructure assessments, to web applications, and hardware device assessments; to enable this I retain the CREST CCT-App certification, which I have held since 2015.
MSc Information Security and Privacy (Distinction), Cardiff University
92% – Security Techniques
84% – Information and Network Security
76% – Distributed and Cloud Computing
76% – Business and IT Management
75% – E-Commerce and Innovation
74% – Forensics, Trust and Identity
72% – Dissertation
I completed my MSc at Cardiff University between September 2012 and September 2013 and scored a Distinction in every single module of the programme.
Penetration Testing, Team Lead
Sept 2013 to Feb 2019, 5 years 6 months
- Management of two separate technical teams – one of the established penetration testing teams, and a developing “Continuous Security Testing” team.
- Working with clients to deliver complex security assessments and continuous security testing services. Beginning at initial requirements meetings, developing an offering to address those requirements, and delivering the service.
- Ensuring that issues, both managerial and technical, across both teams are identified quickly and resolved with minimal disruption.
- Mentoring of junior members of staff to ensure that they can be brought in as an effective team member as quickly as possible.
Sept 2012 to Sept 2013 – Cardiff University, MSc in Information Security and Privacy
Penetration Testing, Team Lead
Jul 2012 to Sept 2013, 3 months contract
- Project management across multiple departments within a large business, to ensure that new systems being developed are in-line with the requirements of the business.
- Working with network infrastructure and security devices such as Cisco ASA and Juniper ISG Firewalls. Whilst this was a Network Engineering role, due to the requirements of the client it was heavily security focused.
- Management and maintenance of the existing network devices and infrastructure; interconnecting approximately 1500 end user devices. Whilst investing effort in improving the physical infrastructure, logical layout and security stance of the network whilst causing a minimal amount of downtime.
Site Security Officer
Feb 2007 to Jul 2012, 5 years 6 months
- Developing changes and additions to large scale networks, including being involved in peer-review of designs and implementation. This required a strong knowledge of network security, access control lists, firewalls, potential computer-based attacks, security policy and relevant laws and legislation.
- Operating, maintenance and improvements of network infrastructure and associated systems.
If you would like to contact me about a professional engagement or opportunity, check the contact me page.