This is a cut down copy of my CV – for a full copy, please send me an e-mail.
Experienced SC cleared systems and network security specialist with over 10 years working with Microsoft, UNIX and networking products. Extensive experience of Risk Management and Accreditation Document Sets (RMADS) and presenting to accreditors and business owners. Board level consultancy, presentation of bids and business cases. Development of internal and external services and products. Managerial skill running technical teams to accomplish both project based and BAU work. Published technical author in the Security and Microsoft knowledge space. Strong presentation and interpersonal skills. Experience of Financial & Banking, Commercial, Charity and Public Sectors. Experience of software, hardware and documentation testing. In depth knowledge of numerous Information Security Standards and Best Practice Guides including – HMG IS Standards, PCI/DSS, ISF, ISO 27001 & Sarbanes-Oxley. Extensive technical skills across a wide variety of technologies including Cloud (IaaS, PaaS, SaaS), Virtualisation, E-commerce and Social Media . Experience of working globally and the issues present in doing so.
- CLAS Consultant
- HMG Information Security Standards & Documentation (IAS1, IS2, JSP440, NHS, CESG Memos, RMADS etc.)
- Payment Card Industry (PCI) Data Security Standard (DSS) – audit and compliance
- ISO 27001, ISO/BS 17799, COBIT, Sarbanes-Oxley Standards
- Risk, Vulnerability and Threat Assessment (CRAMM)
- Current SC clearance
- CISSP Certified (since 2004)
- Experienced across multiple Operating Systems ( Linux, UNIX (most!), Windows & MacOS )
- Single Sign-On (Kerberos & Shibboleth)
- Digital Forensics, Incident Response & Investigation
- Encryption – public key, certificates & secret/shared key, Full Disk Encryption
- Penetration Testing and Vulnerability Detection (OSSTMM Certified)
- Intrusion Detection and Prevention (Snort)
- E-mail and Mobile Communications (Blackberry, SmartPhones)
- Excellent written (published author) and verbal (public speaker) communication skills
- PRINCE2 Project Management Experience
- Business alignment, budgeting, bid-preparation
Building Security and Directory Solutions for UNIX Using the Windows Server 2003 Active Directory Kerberos and LDAP Services, Microsoft, January 2004.
UNIX and Microsoft Single Sign-on, SysAdmin Magazine, September 2004
Migrating UNIX Daemons to .Net Services using Visual C++, Microsoft, March 2004
Several Lessons in the “Hacker High School” Series from ISECOM (http://www.isecom.org).
Snort Cookbook, O’Reilly UK, 2005. ISBN: 0596007914
Hacking Exposed Linux 3rd Edition, Osborne/McGraw-Hill,U.S., ISBN: 0072262575
Technical Reviewer on :
Computer Security Basics 2nd Edition, O’Reilly,
Internet Forensics, Robert Jones, O’Reilly
Regular columnist on Information Security on Forensic Focus (http://www.forensicfocus.com)
Incident Response – Lecture to Defence Engineering and Science Group course at RCMS Shrivenham as part of a Postgraduate level course.
SPADE – Statistical Packet Anomaly Detection Engine – UK UNIX Users Group Winter Conference, Birmingham, 2005
Digital Forensics in Large Scale Environments – UK UNIX Users Group, Leeds, 2011
Intrusion Detection Using Snort – Swedish Linux Conference, Stockholm, 2005
Intrusion Detection and Prevention – BT Group Plc., Ipswich, 2005
Chartered IT Professional, Member of the British Computing Society
F3 – First Forensic Forum