Since leaving university in 1993, I have excelled in a mix of technical and managerial roles, initially spanning IT, but more recently, specifically in InfoSec, with a specialisation in Attack Surface Reduction (Vulnerability Management, Application Security, Pentesting, Bug Bounty Management etc). My successes in this field have led to numerous public and private speaking engagements, industry award nominations and public recognition from industry leaders.
As well as having very strong technical and problem solving skills along with an ability to pick up new skills very quickly, I also have a proven track record managing both teams and projects successfully.
- Expert knowledge of designing, implementing and delivering successful Enterprise Scale Vulnerability Management (Scanning, Prioritisation and Remediation), Application Security (SAST, DAST, IAST), Pentesting & Pentest Scoping, Risk Assessment, Bug Bounty Management and Asset Management (CMDB).
- Designed and implemented a greenfield SOC for an MSSP and later provided support to Incident Response Teams as an SME and Threat Intel specialist.
- In-depth knowledge of wider InfoSec areas including Incident Management, Red & Blue teaming, Threat Modelling and Risk Evaluation, Management & Remediation Procedures, as well as logging, monitoring and alerting at scale.
- Very good understanding of Enterprise Grade infrastructure.
- OSCP Qualified Pentester and successful CTF Platform & Challenge Builder.
- Responsibility for understanding, meeting and evidencing compliance and regulatory standards (PCI, ISO27001, SOC 2, SOX, ITIL v3 etc) in a large organisation
- Competent at multiple development languages (including Python & Powershell).
- Organiser of DC151 InfoSec Community, BlueTeamHackers blog founder & contributor, regular InfoSec conference speaker. NCSC Industry Group Member.
Finalist in SecuritySerious Unsung Hero awards, Ethical Hacker / Pentester category.
- 2 Years Managing a Vulnerability Management, App Sec team, Pen Test and Bug Bounty team and acting as part of the InfoSec Leadership Team.
- 12 years managing an IT department, a customer & internal support team and an online presence team.
- 3 years as team lead for a team of in-house Cyber Security Specialists
- Full responsibility for IT decision making including IT procurement, vendor negotiation, IT staff recruitment and training as well as setting up the technical teams of offices in Australia, France and USA.
- Speaker at numerous private and public functions on topics such as Vulnerability Management, AppSec, Shift Left, Bug Bounty Program Management, WordPress Security, 1990s UK Hacking Culture, and Asset Management. Including at events for organisations such as Qualys and HackerOne and as a guest lecturer at Universities.
- Delivered large scale successful Vulnerability, AppSec and Asset Management projects through a people first approach, embedding security team members with devs, testers and Ops Managers to drive real value to end users, rather than simply imposing security.
- Conducted over 150 on-site training sessions on both software usage and ITAM / SAM best practice, with groups ranging from 1 to 50 people. More recently conducted numerous types of staff development programs from classroom training, to mentoring, on both technical and non-technical topics, including defensive coding, offensive security, customer support and training the trainer.
- Filled numerous roles in SDLCs under both Agile and Waterfall (Prince2) frameworks, including dev, tester, customer stakeholder, project manager and release manager
- Adept at developing procedures, processes, policies and standards to ensure efficiency, and consistency across a wide range of technical and non-technical disciplines.
- School Governor specialising in Finance and Resourcing.
2019 – 2022 Security Vulnerability Manager & InfoSec Leadership Team – SkyBet / Flutter UK&I
Initially reporting directly to the CISO and later the Head of Cyber Security as part of the newly formed InfoSec Leadership Team, I managed a team responsible for Vulnerability Management, Application Security, Penetration Testing and general Attack Surface Reduction as well as running the Bug Bounty program.
Our work designing and implementing a new approach to “shift-left” in AppSec was heralded as genuinely groundbreaking, our exceptional success with the Vulnerability Management program saw me invited to speak at Qualys’ flagship QSC conference and our public Bug Bounty program attracted some of the best security researchers in the world and was publicly highlighted by one his Top 10 Bug Bounty Programs list.
On top of delivering numerous VM & AppSec projects, I was also part of an initially small cross-department team that designed and implemented a jira-based CMDB from the ground up, getting it successfully populated and maintained as well as integrated into numerous existing processes and procedures. My team then went on to build an entire Vulnerability Management platform on top of it, combining numerous data sources of discovered and tracked and prioritised vulnerabilities based on environmentally specific risk factors.
2017 – 2019 (Senior) Technical Vulnerability Analyst / Senior CYBER SECURITY SPECIALIST – SkyBet
Initially being hired as the teams first Vulnerability Analyst, responsible for Vulnerability tracking, every success and process optimisation saw my responsibilities widen to the point where I was team lead of our Cyber Security Specialist (now BISO) team, whilst also taking on responsibility for every part of the Vulnerability Management and Bug Bounty processes.
On top the the Vulnerability Management part of my role which saw an unprecedented organisation-wide drop in unremediated vulnerabilities, the CSS side of my role saw me taking responsibility for Pentest Management (assessing the need for them, scoping them and analysing & processing findings), Risk Assessment, Secure Coding Training, Firewall Rule Change Review and acting as a general security SME within other parts of the company.
2017 – SENIOR SOC ANALYST – Maintel Communications
I was hired by a telecoms provider as the sole Security Specialist in a small team tasked with creating a greenfield MSSP using a commercial SIEM, FortiManager / FortiAnalyszer and basic NetFlow and Cisco IOS logs, as well as preparing a team of SOC Analysts for incident management and investigation duties using the platform we created
2016 – 2017 – InfoSec Manager – Crisp Thinking
I became the company’s first dedicated InfoSec employee, as such I devised and implemented numerous new procedures and policies as well as building an in-house SIEM. I developed the company’s InfoSec Risk Register, performed InfoSec audits, security risk assessment and perimeter pentests. I also developed Management and Reporting Procedures for both Risk and Incident Response, as well as conducting user awareness exercises.
2011 – 2016 – Technical Project Manager – Crisp Thinking
Project Managing the onboarding integration of customer’s chat and social media platforms into Crisp’s AI UGC platform, I worked closely with both managerial and technical teams from dozens of leading brands from every sector.
2011 – Director– Coding Futures
Coding Futures was a small software development startup, specialising in payment gateway integration. I was responsible for numerous different areas and projects, often performing customer liaison and project management work, rather than technical tasks.
2009 – 2011- Consultant / Project Manager – Pegden.Com IT Management
Self-employed IT Consultant/Project Manager. This saw me deliver a wide range of projects, often building teams of freelancers to meet project requirements.
1996 – 2009 – Multiple Positions – Visionsoft Limited
My role and responsibilities changed as the company grew. I started as the sole Technical Support technician, I progressed to IT Manager, Managing the Technical Operations and Customer Service teams in the UK (which included all our online activities and on-site Customer Training teams). I also helped set up physical and online presence in USA, Australia, France and Germany.
1994 – 1996 CAL Limited. Support Technician and Maintenance Developer.
Whilst hired in a technical role to work mainly on VAX/VMS servers and code,, my customer facing skills saw me most commonly utilised for on-site face to face support, where I rapidly gained a reputation for being a great problem solver and firefighter who can work well under pressure.
As well as being a Dad and husband a lot of my spare time is spent organising, attending and speaking at InfoSec community events. I also maintain a Blue Teamers Blog and I’m writing a book on the 90s UK Hacking Scene.
Outside of InfoSec, I am also a school governor, collector and restorer of 1980s arcade machines, runner, Blackburn Rovers supporter and have also built several online communities, the most notable has been running since 1996 and is still popular today
Click Here to contact me.