Photo

Tim Mulcahy

  • London, UK
  • Joined Jun 2022

Bio

I am an Information Security professional with many years of good experience in Web2. Looking to move into the Web3 space. I can apply myself to most things and enjoy a challenge but love trying to keep things safe within a common sense and practical framework.

Languages

French - conversational

About Contributor

TIM MULCAHY

tel: 07976430463

email: tim.mulcahy@talk21.com

Twitter: @timothymulcahy

LinkedIn: www.linkedin.com/in/tim-mulcahy-cissp-cisa-pcip-a2b5ba14/

Telegram: tdogdaddy

Discord: tdogdaddy#4614

Profile

More than 25 years as an Information Technology professional with strong expertise in IT security management. Demonstrated expertise in implementing information security programs including  PCI-DSS platforms, ISO27001:2013 solutions, and compliance/transformation of legacy in-house platforms. Recently my focus has been on Blockchain and Web3 researching areas for potential new business. I have collaboratively designed a web based security portal and have led compliance of BT’s internal security estate. Have evaluated security platforms and led successful audits and assessments. Dedicated and enthusiastic team player with excellent communication and leadership skills.

I have also written ‘The Study Guide to passing the PCIP’

Qualification/Skills

Certified Information Systems Security Professional (CISSP)
ISO27001 – Lead Auditor
Certified Information Systems Auditor (CISA)
Risk Management and Compliance
Payment Card Industry Professional (PCIP)
Blockchain/Web3
Project management
Certified Blockchain Security Professional (CBSP)

 

BT Blockchain and Web3 research

Nov 2021 – present

Currently working on a project to explore new areas of opportunity for BT Security in Web3 and the Blockchain. This is an area of personal interest for me and my interest in it has led to me me becoming something of an advocate within our business.

BT has a large number of blockchain patents and I am working with our Applied Research team to see where they can be applied. These include; forensic investigation, smart contract compliance and security, decentralised data exchange platforms.

As the exponential move towards Web3 increases there is increasingly a need for security professionals in the areas of blockchain networks, transactions, smart contracts, mining and consensus and digital wallets.

 

BT Internal Security Estate Risk Management and Compliance Lead

Feb 2019 – present

Overseeing the management, improvement and compliance of BT’s internal security estate. Including inventory, AV, vulnerability management, patch management, SW and HW EOL analysis. Taken a risk based approach to review and analyse BT’s estate to see where systems could be either removed or upgraded.

Currently working on the feasibility of implementing an ISO27001 certification across the estate.

 

 

 

CISO Customer Security Hub development project

June 2018 – Jan 2021

Led the development and build of a web based CISO level security portal. Essentially a single pane of glass view for BT’s global MSSP customers.

I worked with design agency, technical and development teams to build an API driven CISO level security estate overview. Included lifecycle forecast, Threat intelligence feeds, DDOS alerting, SIEM view, Vulnerability Management and IPS. This tool has become a key differentiator in BT’s security bidding sales approach.

Initial development budget £1 million

 

BT Management Platform PCI-DSS

April 2016 – Present

Lead consultant on a major PCI-DSS transformation project for BT’s main customer firewall management platform.
Led GAP analysis on the legacy platform to find and repair areas of non-compliance.
Worked with BT teams, PCI assessors and project managers to ensure the path to assessment was successful.
Formed support teams across a number of onshore and offshore sites. (India, Hungary and UK)
Educated support teams in PCI-DSS, ensuring PCI is lived as BAU.
Currently have an oversight role for the platform.
Budget approx £900k

PCI platform transformation

May 2018 – October 2018

Lead role in the upgrade of a major client PCI-DSS management platform which had failed a previous assessment. Led the project to replace and upgrade AV, break glass, Citrix access systems and FIM systems. Also reviewed and improved all processes and ensured staff were prepared for the new assessment which had to be completed first time or BT would have lost a major contract worth approx £11 million. After successfully achieving compliance I managed the platform through to the next assessment to ensure PCI was ‘lived’ by all staff as BAU.

Budget approx £300k

BT Information Security – ISO27001:2013 implementation

January 2013 – June 2016

Worked on the BT ISO27001project team for a major financial customer migrating from the 2005 standard to the 2013 standard. Work across sites in NY and London included;
Scope definition,
Production of the asset register.
Application and adaptation of BT’s Risk Methodology.
Production of the Statement of Applicability.
Production of the Risk Treatment Plan.
Ensuring measurement and implementation of controls and procedures.
Ongoing measurement of the ISMS.
Working with the auditors on the Stage 1 and Stage 2 audit to successful conclusion.

 

BT Cardway PCI-DSS

June 2015 – October 2018

Key part of the implementation team for PCI-DSS across the platform, collaborating with the Chief Security Architect, technical and management staff.
Collaborative work included designing the service model, implementation of a change management solution and implementing physical solutions.
Consultative work included PCI-DSS training and education, and creation of all process standards across the platform.
Directed the PCI assessment and the Attestation of Compliance was achieved first time with minimum remediation.
Led compliance to ensure PCI-DSS became BAU across the platform and involved with the migration of customers from the legacy environment to the new platform.
BT Information Security – PCI-DSS

October 2012 – June 2015

Day to day running of the BT Cardway IP Services PCI-DSS environment.
Soon promoted to managing the environment, supervising technical staff, pen testers, working with compliance teams within BT, managing vendors and external auditors.
Successfully led the migration to the new PCI DSS standard v3.
 

 

 

 

BT Network Implementation and Support London 2012 Olympics

May 2012 – October 2012

Managed a team for the telecoms requirements for the London 2012 Olympics and  Paralympics on what was in effect a construction site at Eton Dorney and Royal Holloway.
Installation   and maintenance of the Cisco switched networks, site fibre and comms framework, and general infrastructure plans,
Worked closely with LOCOG, ATOS, and several third party companies.
Supported and maintained the site after go live, working particularly closely with the international media village under huge pressure and dealing with many obstacles as they arose.
BT Radianz – Migration and Closure of RXN Financial Extranet

December 2011 May 2012

Managed and migrated RXN legacy financial network onto BT’s MPLS network, working closely with project managers, technical managers and internal groups.
Directly dealt with migrating high profile financial clients, resolving issues and ensure the client was able to start trading again on the new MPLS platform.
As sites migrated I managed closing of the RXN global POPs. Resulting in a massive cost saving to BT Group.
Radianz – IP Network Support – 2005-2011

Second line support in a NOC.  Part of a 3rd level 24 x 7 global shift team responsible for managing all core devices in the Thomson Reuters legacy networks and the BT Radianz RXN network of over 10,000 financial connections.
Layer 2 support on Hughes frame relay, Nortel Passport Frame and ATM networks and the extensive x25 PAD network and ensuring proper global change management.
Strict SLAs and customer communications and escalation were a central part of the role.
Reuters/Radianz IP Network Support 1998-2005

Reuters Real Time Network Controller 1992-1998

Reuters Paris Real Time Network Controller 1992

UBS,Phillips and Drew – 1991

Reuters Computer Operator 1987-1990

Imperial Trident Assurance Company 1984 – 1987

 

Education

Guildford Technical College – 1983 – 1984

Godalming 6th Form College – 1982 – 1983

Woolmer Hill Secondary School – 1977 – 1981

Interests

A keen sports fan following rugby, cricket and football.

Follow the cultural landscape with a broad interest in art, sport and literature and I  read voraciously.

I am physically fit and active, enjoying running and stand up paddle-boarding.

References :

Contact details available on request.