Professional Experience

A profile picture showing Holly in business formal, carrying books.

I have twelve years of experience within Information Security, a Master’s degree and I am CREST CCT-App certified. I currently manage a team of penetration testers and have a strong involvement in improving the capability of the technical team, through creating and developing service lines.

I engage in public speaking regularly on a range of topics such as driving security improvements through testing. A part of my role involves developing junior team members, I created GracefulSecurity.com.

With my interests shifting more and more towards the business side of my position, I've taken the leap to begin working on an MBA, a Masters in Business Administration, to sit alongside my Master of Science in Information Security. We all need a hobby, right?

Professional Certifications

CREST Certified Tester – CCT-APP, 2015 – Present
CREST Registered Tester – CRT, 2014 – Present
CompTIA PenTest+, 2018 – Present
CompTIA Security+, 2018 – Present
PCI ASV Certified, 2018 – Present

Current Position

Technical Director
Feb 2019 – Current

My current role involves management of a team of penetration testers which varies in experience from junior to senior and includes those working from the office and remotely. The main requirement here is mentoring of junior consultants to enable them to develop their own capability and day-to-day management of the wider team.

Service development involves expanding the list of core competencies offered by the organisation. This can be improvements to current services offered or entirely new service lines (including methodologies, descriptions, and delivery). For example, expanding on the hardware hacking capability and developing a cyber strategy capability (vCISO and Security Advisory services).

I’m experienced in a range of penetration testing, from internal infrastructure assessments, to web applications, and hardware device assessments; to enable this I retain the CREST CCT-App certification, which I have held since 2015.

Academic Experience

MSc Information Security and Privacy (Distinction), Cardiff University

92% – Security Techniques
84% – Information and Network Security
76% – Distributed and Cloud Computing
76% – Business and IT Management
75% – E-Commerce and Innovation
74% – Forensics, Trust and Identity
72% – Dissertation

I completed my MSc at Cardiff University between September 2012 and September 2013 and scored a Distinction in every single module of the programme.

MBA Business Administration, The Open University

In July 2019 I was accepted to study an MBA with the Open University, this will run from November 2019 to November 2021.

Previous Positions

Penetration Testing, Team Lead
Sept 2013 to Feb 2019, 5 years 6 months

Sept 2012 to Sept 2013 – Cardiff University, MSc in Information Security and Privacy

Penetration Testing, Team Lead
Jul 2012 to Sept 2013, 3 months contract

Site Security Officer
Feb 2007 to Jul 2012, 5 years 6 months



If you would like to contact me about a professional engagement or opportunity, check the contact me page.