Glenn Pegden

CV / Resume

Headshot of Glenn

Glenn Pegden

glenn@pegden.com

Professional Summary

I am an experienced Cyber Security leader with a strong technical foundation and a proven track record of building and scaling high-performing security teams. My core expertise lies in Attack Surface Reduction, including Vulnerability Management, Application Security, Penetration Testing, and Bug Bounty operations. I’ve led transformative initiatives that have gained industry-wide recognition, speaking invitations, and awards.

Known for combining technical depth with strategic foresight, I take a people-first approach to embedding security within business processes. My background spans offensive and defensive security, compliance, engineering collaboration, and security governance at enterprise scale.

Selected Achievements

  • Built and led a green-field Security Testing (Pentest / Red Team) team that is now an embedded BAU function, focusing on control-driven testing.
  • Was responsible for a gold-standard Enterprise Vulnerability Management Programme which was at the forefront of Risk-Based Vulnerability Management.
  • Designed and implemented an organisation-wide AppSec “shift-left” strategy, recognised as a model of excellence.
  • Developed and operated a public Bug Bounty programme that attracted world-class researchers and industry recognition.
  • Created a CMDB-integrated vulnerability platform for contextualised risk-based prioritisation.
  • Invited speaker at major industry events including Qualys QSC and HackerOne, and winner of the Security Serious “Ethical Hacker / Pentester” award.

Key Skills & Experience

Security Expertise

  • Vulnerability Management (scanning, triage, remediation), AppSec (SAST, DAST, IAST), Penetration Testing & Scoping
  • Public and private Bug Bounty Programme Management
  • Threat Modelling, Incident Response, Threat Intelligence, Red/Blue Teaming
  • CMDB/Asset Management design and implementation
  • Developing Policies, Standards and Guidelines for multiple areas of Enterprise Security.

Leadership & Strategy

  • Led InfoSec teams across VM, AppSec, PenTest, and BISO functions
  • Developed internal security standards, controls and methodologies
  • Strong track record in mentoring and developing talent
  • Cross-departmental influence through stakeholder alignment and enablement

Development & Automation

  • Competent in Python, PowerShell, and automation of security processes
  • Experience integrating security tooling with development pipelines
  • OSCP-qualified with experience building and running CTFs and training labs

Regulatory & Compliance

  • Familiarity with PCI DSS, ISO27001, SOC 2, SOX, ITIL v3, NIST CSF
  • Built and evidenced compliance through technical and process controls

Community & Engagement

  • Organiser of BSides Leeds, DC151, BlueTeamHackers blog founder
  • Regular public speaker and university guest lecturer
  • School Governor (Finance and Resourcing focus)

Employment History

Security Testing Manager (External Technical Assurance)
2023 – Present | [Undisclosed Group Cyber Team]

  • Established and now lead a dedicated Security Testing function
  • Advocated and implemented a control-driven testing model, moving away from legacy consultancy models
  • Developed internal testing methodologies, standards, and documentation
  • Mentored early-career staff into high-performing security engineers
  • Currently leading expansion in line with proposed group Vulnerability Management standards

Security Vulnerability Manager & InfoSec Leadership Team
2019 – 2023 | SkyBet / Flutter UK&I

  • Managed teams across Vulnerability Management, Application Security, PenTesting, and Bug Bounty
  • Delivered a successful organisation-wide “shift-left” AppSec strategy
  • Invited speaker at Qualys QSC; Bug Bounty programme featured in Top 10 lists
  • Helped design and launch Jira-based CMDB, later used as foundation for in-house VM platform
  • Platform supported risk-based vulnerability prioritisation using multiple data sources

Senior Technical Vulnerability Analyst / Cyber Security Specialist Team Lead
2017 – 2019 | SkyBet

  • Progressed from initial Vulnerability Analyst role to lead the Cyber Security Specialist (BISO) team
  • Owned all aspects of VM and Bug Bounty processes
  • Oversaw pentest management, risk assessments, firewall reviews, and secure coding training
  • Delivered significant reduction in unremediated vulnerabilities across business units

Senior SOC Analyst
2017 | Maintel Communications

  • Designed and implemented greenfield SOC for MSSP offering
  • Built SIEM-based alerting, playbooks, and NetFlow/Cisco IOS integrations
  • Trained SOC analysts and prepared incident response procedures

InfoSec Manager
2016 – 2017 | Crisp Thinking

  • Company’s first InfoSec hire; implemented foundational processes and risk management frameworks
  • Built custom SIEM; led IR preparation, awareness training, and vulnerability assessments

Technical Project Manager
2011 – 2016 | Crisp Thinking

  • Managed client onboarding for ML/AI content moderation platform
  • Coordinated technical delivery across multiple high-profile brands

Director
2011 | Coding Futures (Startup)

  • Co-founded small development company focused on payment integration
  • Wore multiple hats including client engagement and project delivery

Consultant / Project Manager
2009 – 2011 | Pegden.com IT Management

  • Delivered diverse tech projects, often with freelancer-based delivery teams

Various Roles: IT Manager, Tech Support, Training Lead
1996 – 2009 | Visionsoft Limited

  • Progressed from Support Tech to IT Manager overseeing UK operations and international offices
  • Managed customer support, online operations, training delivery, and infrastructure

Support Technician & Developer
1994 – 1996 | CAL Limited

  • Provided on-site technical support and maintenance for VAX/VMS systems
  • Gained recognition for high-pressure problem solving and client rapport

Community Leadership & Engagement

  • Organiser: BSides Leeds, DC151 Cyber Group
  • Speaker: Qualys QSC, HackerOne, universities, private and public events
  • Winner: “Ethical Hacker / Pentester” – Security Serious Unsung Heroes Awards

Training & Knowledge Sharing

  • Delivered 150+ in-person training sessions (ITAM/SAM, defensive coding, offensive security)
  • Ran staff development and mentoring programmes
  • Led secure coding and security awareness training across varied departments
  • Developed several Open Source security tools, and contributed to other peoples projects.

Governance & Volunteering

  • School Governor with a focus on Finance & Resourcing
  • Built and run successful online communities (since 1996)

Personal Interests

  • Parent and partner, arcade machine restoration hobbyist, recreational runner
  • Supporter of Leeds Knights Ice Hockey and Blackburn Rovers

Click Here to contact me.