Cyber Risk and Technical Security Specialist
A knowledgeable all-rounder practical technologist and security and privacy specialist, with a breadth of experience working hands-on and in management across multiple platforms in diverse businesses.
I began my career working in IT support teams, performing technical roles which included security assessment and remediation, event alerting and response, network analysis and forensics, and email and messaging security, across a range of infrastructure and network platforms.
I moved into a number of security and risk management roles, using and aligning with a broad range of frameworks, including the ISO27000 series, NIST CSF, and the ISF Standard, in global banking and insurance, and professional services, often dealing directly with regulators with senior leaders.
I am easily able to adapt my existing technical expertise to be able to understand and manage with unfamiliar security technologies. I’ve worked with a large range of security risk frameworks, tools, technologies and solutions, and I’m comfortable dealing with complex technical details as well as building and leading high-performing teams.
My personal enthusiasm and passion for technology continues – most recently self-funding projects including building a fibre network at our family home, a private UK-USA VPN, and Nvidia-based multi-GPU locally-run LLM / AI systems to evaluate and analyse recent progress in tools and models.
I also self-funded attending Henley Business School’s Executive Coaching workshops, to broaden and improve my team-working, communications, and mentoring skills.
I chose to take sabbatical breaks from full-time work to look after my two sons as their main stay-home parent, before they started secondary school. I also spent more than 2 years supporting their primary school’s charity while undergoing successful treatment for cancer from 2022 to 2024.
TECHNICAL FOCUS AREAS
| Vulnerability assessment and management | Email & SMTP, messaging security architecture |
| Security monitoring, tuning, and alerting | Hardware, network, platform hardening |
| EDR / XDR / system security management | Incident response, forensics, and management |
SECURITY SKILL AREAS
| Security strategy and planning | Management and KRI reporting |
| Tech compliance and regulatory liaison | Social engineering and phishing testing |
| Policy and standards management | Incident response, forensics, and management |
| Scenario and table top exercising | Cyber awareness, communications, and culture |
CAREER EXPERIENCE
Head of Cyber Security and Infrastructure
Holman Fenwick Willan (2024 – 2025)
Member of the firm’s IT Leadership team, deputy for the Head of IT, and managing the Infrastructure and Cyber Security teams in a global law firm.
- Revised and improved the firm’s cyber security plan, and developed an updated operating model for critical functions and capabilities on high priority systems
- Ownership of relationships and performance of Infrastructure, SIEM, and XDR MSPs
- Oversight and delivery of major investment programmes, including a global infrastructure refresh and security monitoring service
- Re-certification of ISO27001 and Cyber Essentials Plus
- Hands-on leadership of data breach response and recovery
Volunteer IT Lead & Fundraising Events Planner
Friends of Tolworth School (2022 – 2024)
Voluntary support to the fundraising charity arm of a large London primary school federation.
- Providing tech support to fundraisers and committees, identifying requirements, finding and deploying the best low-cost solutions possible.
- Charity event planning and delivery, including ticketing, marketing, event set up and pack down, and ensuring the maximum profit is returned to the charity.
Cyber Strategy Senior Manager
Deloitte UK (2020 – 2022)
Providing consulting services to clients, specialising in strategy and risk management.
- Closing four workstreams of a multi-year regulatory audit, assessing the cybersecurity investment strategy, portfolio governance, and operating model of a global financial services institution.
- Leadership, content and delivery of the firm’s CISO leaders’ development programme, raising Deloitte’s industry leadership and profile, and growing relationships with highest value clients.
Interim Divisional CISO
QBE Insurance (2018 – 2019)
The most senior cybersecurity leader within the European division of an Australian insurance group, and member of the Global Cybersecurity and European IT Leadership teams.
- Stabilised and grew the regional teams, aligning a new operating model to global capabilities, ensuring work in progress remained on plan, and closure of historic audit issues.
- Drove the development and delivery of the regional services into the global portfolio.
- Led the redefinition the regional services, improving supplier and third-party security assessment, incident response and escalation, and technical security assessment.
Global Information Security Manager
Clyde & Co (2017 – 2018)
Responsible for all cyber risk and information security at a global law firm – reporting to the Global CIO, member of the IT Management team; and managing the Security team. Working with senior stakeholders to initiate and deliver the firm’s new strategic cybersecurity objectives.
- Developed and implemented a new security and business risk management strategy, providing the board and management teams with improved oversight of security risks.
- Provided leadership for major security and privacy programmes, implementing the GDPR and improved data protection frameworks, new technical controls and processes, and estate-wide security monitoring.
- Stabilising and growing the security team, realigning roles to the firm’s strategic plans.
- Led the firm through multiple cyber major incidents, providing clear communications to top management.
Managing Director & Risk Manager
Bank of New York Mellon (2012 – 2016)
Primary member of the regional Information Risk Management (IRM) team, providing information security risk management and assurance to technology suppliers and internal owners of applications, infrastructure, and third parties for a global investment services institution.
- Driving the growth of the regional team through new roles and also re-organisation, providing country-level cyber risk leadership in key locations.
- Design and delivery of the regional operating model for the technology risk and compliance function, providing strong visible cyber risk leadership to all internal and external stakeholders.
- Coordination and delivery of internal and external communications and events, raising the profile and reputation of the bank to clients and regulators.
- Devising and deploying regional awareness and management briefings, across all key European locations, maintaining business focus on cyber risks and impacts
Information Security Officer
Aspen Re (2010 – 2012)
The first Information Security Officer for a multinational insurer, leading the development and integration of security capabilities into the IT teams and the wider organisation, delivering new monitoring, vulnerability management, and risk management services and processes.
Information Security Officer
Herbert Smith (2005 – 2010)
The first Information Security Officer for a top 10 City law firm, delivering the security strategy and transformation within the IT function and across the business, providing new security services including, monitoring, incident response and resolution, vulnerability management, platform infrastructure and end-user clients.
Security Operations Lead
Sky TV (2003 – 2005)
I was a founding member of the new Security Operations team, developing the group’s profile, processes, and remit, and recruiting and onboarding of new members, and delivering security architecture, assessment, and remediation of critical infrastructure.
QUALIFICATIONS & EDUCATION
- BSc Information Systems Design
- ISACA Certified Information Security Management / CISM
- ISC2 Certified Information Systems Security Professional / CISSP
–
A short explainer about my LinkedIn profile can be found here.