2. Values / Soft Skills
(NB: in no particular order)
1
LEADERSHIP
- Risk Management
- Business Acumen
- Project Management
- Servant Leadership
3
EMPATHY
- Active Listening
- Emotional Intelligence
- Cultural Sensitivity
- Customer/Stakeholder Focus
2
TEAMWORK
- Collaboration
- Communication
- Adaptability
- Conflict Resolution
- Supportiveness
4
RELIABILITY
- Accountability
- Dependability
- Attention to Detail
- Time Management
- Professionalism
3. CareerGoals
- Help organisations establish a strong security posture, manage risks effectively, and maintain compliance with regulatory
requirements.
- Governance: Assist organisations in developing and implementing information security policies, procedures, and standards that align with
industry best practices and regulatory requirements. This involves establishing governance structures, defining roles and responsibilities,
and ensuring that security controls are in place to support the organisation's objectives.
- Risk Management: Help organisations identify, assess, and mitigate information security risks. This includes conducting risk assessments,
developing risk management strategies, and implementing risk mitigation measures, working closely with stakeholders to understand
business objectives, evaluate risk tolerance, and develop risk treatment plans.
- Compliance: Ensure that organisations comply with relevant laws, regulations, and industry standards pertaining to information security.
This involves conducting compliance assessments, developing compliance programs, and providing guidance on adherence to frameworks
such as GDPR, PCI DSS, ISO 27001, NIST, and others. This will help organisations understand their compliance obligations, implement
necessary controls, and prepare for audits and certifications.
- Contribute to the development and enhancement of GRC frameworks within organisations. This includes designing and implementing
processes and tools for effective governance, risk assessment, risk tracking, compliance monitoring, and reporting. Collaborate with
stakeholders to establish metrics, key performance indicators (KPIs), and reporting mechanisms to measure and communicate the
organisation's GRC posture.
High-Level:
Help organisations establish and maintain effective governance,
risk management, and compliance frameworks.
3
5. 5
“Yes We Can”
Information Security is not “easy”, but it is doable – a
positive mindset is paramount. (and worthy of its own slide)
6. Objectives / End-Goal Focused
I possess an objective and end-goal
focused personality.
With a clear perspective and
unwavering commitment, I make
decisions based on facts and rational
analysis, free from personal biases.
My strong sense of purpose keeps me
focused on the bigger picture and
determined to achieve desired
outcomes.
My ability to prioritize effectively and
strategically plan steps sets me apart.
Colleagues appreciate my unbiased
perspectives and dedication to
achieving results, while creating a
productive work environment. 6
7. Milestones / Accomplishments
(also known as “I’m very proud of...”)
- Established the Infosec function at Depop from scratch – including processes, controls, recruitment (up to a team of 6), and led
the successful Etsy Security Audit that allowed for the acquisition of the organisation.
- Strengthened security infrastructure and technologies at Depop - oversaw the evaluation, selection, and implementation of
security technologies, such as firewalls, intrusion detection/prevention systems, data loss prevention solutions, and security
information and event management (SIEM) tools, enhancing the organisation's overall security posture.
- Implemented robust Security Awareness Programs at Depop, TotallyMoney and Dnata Travel, part of the Emirates Group -
designed and executed comprehensive security awareness and training initiatives to educate employees and stakeholders about
information security risks, best practices, and their roles in safeguarding sensitive data.
- Successfully implemented OS (RHEL) hardening at giffgaff and achieved PCI compliance using Ansible, resulting in a 40%
increase in compliance with CIS benchmarks.
- Established OpenBet’s “Tiger Team” of Security champions, while implementing Software Security Checklist in JIRA workflows for
OWASP compliance.
- Established and enhanced Incident Response capabilities at World of Books - built and led an effective incident response team,
developing incident response plans, conducting regular drills, and coordinating responses to security incidents, minimizing the
impact of breaches and ensuring timely resolution.
- Proactively identified and mitigated emerging threats (continuous) - stayed abreast of the evolving cybersecurity landscape,
proactively identifying emerging threats and vulnerabilities, and implementing appropriate controls and countermeasures to
safeguard the organisation's assets.
7
10. Skills
INFOSEC
COMPLIANCE
STRATEGY
RISK
GOVERNANCE
PROCESSES
/CONTROLS
RISK
My expertise lies in risk management, where I
have the ability to identify, assess, and
prioritise information security risks. Through
comprehensive risk assessments and analysis, I
develop and implement risk mitigation
strategies that protect the organisation's assets
and minimise potential threats.
GOVERNANCE
I excel at establishing and implementing
effective information security policies,
procedures, and standards that align with
industry best practices and regulatory
requirements. By ensuring proper governance,
I provide a framework that guides decision-
making, risk management, and accountability
throughout the organisation.
COMPLIANCE
I have a strong focus on compliance, ensuring
adherence to relevant laws, regulations, and
industry standards. With in-depth knowledge
of frameworks such as GDPR, NIST, ISO 27001,
I ensure that the organisation meets and
exceeds compliance requirements, mitigating
legal and regulatory risks.
PROCESSES/CONTROLS
I possess skills in designing and implementing
robust processes and controls. By establishing
efficient and effective security frameworks, I
ensure the confidentiality, integrity, and
availability of critical assets. Through the
implementation of appropriate controls and
continuous monitoring, I mitigate risks and
enhance the overall security posture of the
organisation.
STRATEGY (Direction)
In the realm of strategy, I have a proven track
record of developing and executing
comprehensive information security strategies.
By aligning security initiatives with business
objectives, I create roadmaps that drive
continuous improvement, enhance security
posture, and support the organisation's overall
strategic goals.
These skills collectively enable me to contribute to the organisation's
information security objectives, ensuring the establishment of effective
governance, managing risks, maintaining compliance, driving strategic
initiatives, and implementing robust processes and controls.
Diverse skillset in the following high-level topics:
11. Infosec Experience Across Multiple Industries
Consulting
Contino (2021-2022)
NTT Data (2015-2016)
Oil & Gas
Norwegian Petroleum Academy (2005-2013)
Aviation
Dnata Travel (Emirates Group) (2018-2019)
Insurance
CompareTheMarket (2017-2018)
Retail
World of Books (2022-2023)
Depop (2020-2021)
Telecoms
Giffgaff (2015-2016)
Sky (2016-2017)
Financial Services
JPMorgan Chase (2023)
TotallyMoney (2019-2020)
Gaming
OpenBet (2013-2014)
11
12. A map, of course
12
There’s been a lot of recent talk (maybe, just maybe, too muck hypothetic talk) about generative AI and ML models.
How will the technology integrate and evolve with our current tools, frameworks and methods, and more importantly, will it be OSS?
(MLOSS)
13. Publications
The process to create
a paperback book
was completely alien
to me – that didn’t
deter me.
Good reviews - some
readers asked for a
follow-up book.
14. Personal (1/2)
Since 2009
2023
Allaboutdragons.com - Wiki and gallery about dragons, with all the information I could gather over the years. From 10k to 30k unique visitors a month.
A site with statistics and graphs dedicated
to the new Bluesky social media.
(backend: Python and PostgreSQL)
15. Personal (2/2)
- Active in the Infosec industry and community (LinkedIn, public forums, private forums)
- Member of ClubCISO, CISO Club (not the same thing), member of ISACA London Chapter (attending all webinars
and in-person events when I can)
- Attending Infosec Europe since 2014
- Actively participate in relevant conferences and events as a panelist, sharing my expertise and insights
- Audiophile
- Considering CISA or CGEIT as the next certification (when time permits)