- London, UK
- Joined Jun 2022
LanguagesFrench - conversational
More than 25 years as an Information Technology professional with strong expertise in IT security management. Demonstrated expertise in implementing information security programs including PCI-DSS platforms, ISO27001:2013 solutions, and compliance/transformation of legacy in-house platforms. Recently my focus has been on Blockchain and Web3 researching areas for potential new business. I have collaboratively designed a web based security portal and have led compliance of BT’s internal security estate. Have evaluated security platforms and led successful audits and assessments. Dedicated and enthusiastic team player with excellent communication and leadership skills.
I have also written ‘The Study Guide to passing the PCIP’
Certified Information Systems Security Professional (CISSP)
ISO27001 – Lead Auditor
Certified Information Systems Auditor (CISA)
Risk Management and Compliance
Payment Card Industry Professional (PCIP)
Certified Blockchain Security Professional (CBSP)
BT Blockchain and Web3 research
Nov 2021 – present
Currently working on a project to explore new areas of opportunity for BT Security in Web3 and the Blockchain. This is an area of personal interest for me and my interest in it has led to me me becoming something of an advocate within our business.
BT has a large number of blockchain patents and I am working with our Applied Research team to see where they can be applied. These include; forensic investigation, smart contract compliance and security, decentralised data exchange platforms.
As the exponential move towards Web3 increases there is increasingly a need for security professionals in the areas of blockchain networks, transactions, smart contracts, mining and consensus and digital wallets.
BT Internal Security Estate Risk Management and Compliance Lead
Feb 2019 – present
Overseeing the management, improvement and compliance of BT’s internal security estate. Including inventory, AV, vulnerability management, patch management, SW and HW EOL analysis. Taken a risk based approach to review and analyse BT’s estate to see where systems could be either removed or upgraded.
Currently working on the feasibility of implementing an ISO27001 certification across the estate.
CISO Customer Security Hub development project
June 2018 – Jan 2021
Led the development and build of a web based CISO level security portal. Essentially a single pane of glass view for BT’s global MSSP customers.
I worked with design agency, technical and development teams to build an API driven CISO level security estate overview. Included lifecycle forecast, Threat intelligence feeds, DDOS alerting, SIEM view, Vulnerability Management and IPS. This tool has become a key differentiator in BT’s security bidding sales approach.
Initial development budget £1 million
BT Management Platform PCI-DSS
April 2016 – Present
Lead consultant on a major PCI-DSS transformation project for BT’s main customer firewall management platform.
Led GAP analysis on the legacy platform to find and repair areas of non-compliance.
Worked with BT teams, PCI assessors and project managers to ensure the path to assessment was successful.
Formed support teams across a number of onshore and offshore sites. (India, Hungary and UK)
Educated support teams in PCI-DSS, ensuring PCI is lived as BAU.
Currently have an oversight role for the platform.
Budget approx £900k
PCI platform transformation
May 2018 – October 2018
Lead role in the upgrade of a major client PCI-DSS management platform which had failed a previous assessment. Led the project to replace and upgrade AV, break glass, Citrix access systems and FIM systems. Also reviewed and improved all processes and ensured staff were prepared for the new assessment which had to be completed first time or BT would have lost a major contract worth approx £11 million. After successfully achieving compliance I managed the platform through to the next assessment to ensure PCI was ‘lived’ by all staff as BAU.
Budget approx £300k
BT Information Security – ISO27001:2013 implementation
January 2013 – June 2016
Worked on the BT ISO27001project team for a major financial customer migrating from the 2005 standard to the 2013 standard. Work across sites in NY and London included;
Production of the asset register.
Application and adaptation of BT’s Risk Methodology.
Production of the Statement of Applicability.
Production of the Risk Treatment Plan.
Ensuring measurement and implementation of controls and procedures.
Ongoing measurement of the ISMS.
Working with the auditors on the Stage 1 and Stage 2 audit to successful conclusion.
BT Cardway PCI-DSS
June 2015 – October 2018
Key part of the implementation team for PCI-DSS across the platform, collaborating with the Chief Security Architect, technical and management staff.
Collaborative work included designing the service model, implementation of a change management solution and implementing physical solutions.
Consultative work included PCI-DSS training and education, and creation of all process standards across the platform.
Directed the PCI assessment and the Attestation of Compliance was achieved first time with minimum remediation.
Led compliance to ensure PCI-DSS became BAU across the platform and involved with the migration of customers from the legacy environment to the new platform.
BT Information Security – PCI-DSS
October 2012 – June 2015
Day to day running of the BT Cardway IP Services PCI-DSS environment.
Soon promoted to managing the environment, supervising technical staff, pen testers, working with compliance teams within BT, managing vendors and external auditors.
Successfully led the migration to the new PCI DSS standard v3.
BT Network Implementation and Support London 2012 Olympics
May 2012 – October 2012
Managed a team for the telecoms requirements for the London 2012 Olympics and Paralympics on what was in effect a construction site at Eton Dorney and Royal Holloway.
Installation and maintenance of the Cisco switched networks, site fibre and comms framework, and general infrastructure plans,
Worked closely with LOCOG, ATOS, and several third party companies.
Supported and maintained the site after go live, working particularly closely with the international media village under huge pressure and dealing with many obstacles as they arose.
BT Radianz – Migration and Closure of RXN Financial Extranet
December 2011 May 2012
Managed and migrated RXN legacy financial network onto BT’s MPLS network, working closely with project managers, technical managers and internal groups.
Directly dealt with migrating high profile financial clients, resolving issues and ensure the client was able to start trading again on the new MPLS platform.
As sites migrated I managed closing of the RXN global POPs. Resulting in a massive cost saving to BT Group.
Radianz – IP Network Support – 2005-2011
Second line support in a NOC. Part of a 3rd level 24 x 7 global shift team responsible for managing all core devices in the Thomson Reuters legacy networks and the BT Radianz RXN network of over 10,000 financial connections.
Layer 2 support on Hughes frame relay, Nortel Passport Frame and ATM networks and the extensive x25 PAD network and ensuring proper global change management.
Strict SLAs and customer communications and escalation were a central part of the role.
Reuters/Radianz IP Network Support 1998-2005
Reuters Real Time Network Controller 1992-1998
Reuters Paris Real Time Network Controller 1992
UBS,Phillips and Drew – 1991
Reuters Computer Operator 1987-1990
Imperial Trident Assurance Company 1984 – 1987
Guildford Technical College – 1983 – 1984
Godalming 6th Form College – 1982 – 1983
Woolmer Hill Secondary School – 1977 – 1981
A keen sports fan following rugby, cricket and football.
Follow the cultural landscape with a broad interest in art, sport and literature and I read voraciously.
I am physically fit and active, enjoying running and stand up paddle-boarding.
Contact details available on request.