Since leaving university in 1993, I have excelled in a mix of technical and managerial roles. I’ve performed well in a very wide range of technical disciplines, but in recent years I’ve focused on Information Security, specifically Vulnerability Management.
Prior to this I’ve been a Technical Project Manager responsible for onboarding and platform integration of big brands and blue chip companies. I’ve also been a Director of a boutique software development studio who specialised in Payment Gateway integrations and I was a freelance consultant providing small businesses with IT management services.
Additionally, I spent 13 years with a software development company in the ITAM/SAM sector, where I was responsible for the Customer Support & Training Team as well as IT Operations.
As well as having very strong technical skills, including strong problem solving skills and an ability to pick up new skills very quickly, I have excelled in customer facing roles, and have a natural talent for bridging the gap between technical and non-technical teams. I also have a proven track record managing both teams and projects successfully.
- Extensive knowledge of Vulnerability Management, including Vulnerability Scanning, Tracking & Remediation, Pentesting, Risk Assessment and Bug Bounties.
- In-depth knowledge of wider InfoSec areas including Incident Management, Red & Blue teaming, OSINT, SIEM, C/I/A Analysis and Risk Evaluation & Remediation Procedures.
- Experience of building processes and procedures for Auditing, Risk Recording & Evaluation and incident reporting/management.
- Strong familiarity with leading InfoSec tools such as Qualys, Nessus, OSSEC, nmap, DNSMap, sqlmap, netcat, metasploit etc.
- Very good understanding of networking fundamentals across all layers of the OSI model.
- Good understanding of most modern OSs particularly Windows and Unix based OSs.
- Experience with the full ELK Stack (ElasticSearch, Logstash,Kibana).
- Experience of fully documenting and testing public APIs including developing sample code, using tools such as Swagger, Runscope and PostMan
- Experience of many 3rd Party APIs (as both a provider and consumer) including most major Social Media Platforms and numerous monitoring and management tools,
- Developed extensive Powershell cmdlet libraries to integrate with numerous 3rd party platforms.
- Extensive knowledge of IT Asset Management and Software Asset Management / Licensing.
- ITIL v3 qualified and experience of implementing many aspects of ITIL in a growing organisation.
- OWASP Member & Co Organiser of DC151 InfoSec Community
- 12 years managing an IT department, a customer & internal support team and an online presence team.
- Full responsibility for IT decision making including IT procurement, vendor negotiation, IT staff recruitment and training as well as setting up the technical teams of offices in Australia, France and USA.
- Successfully managed numerous onboarding and integration projects, working with both management and development teams of leading brands.
- Experience of both Agile and Waterfall (Prince2) Project Management methodologies
- Responsible for formal project specification documents for clients and developers, ensuring milestones, timescales and costs are understood and accepted by both sides.
- Over 13 years of experience managing all tiers of telephone and email customer support.
- Worked with dozens of big brands and multinationals as both Project Manager and Platform Integrator.
- Acted as sole conduit between sales, support/testing and development teams for several years.
- Familiarity with many leading helpdesk and CRM systems.
- Managed a 6000+ user community for over a decade.
- Conducted over 150 training sessions at customer’s premises on both software usage and ITAM / SAM best practice, with groups ranging from 1 to 20 people.
- Trained number staff members on conducting training sessions, effective customer support, customer services management, project management and an integration engineering.
- Experience of production and release cycles as a tester and a developer as well as an account manager.
- Regularly acted as a stakeholder on behalf of clients within the agile methodology.
- Adept and developing procedures and processes to ensure efficiency, accuracy and consistency.
2017 – 2019 (Senior) Technical Vulnerability Analyst / Senior CYBER SECURITY SPECIALIST – SkyBet
As the first hire of the newly appointed Vulnerability Manager I rapidly became a subject matter expert for the Qualys vulnerability scanner and as well as producing weekly management reports on our vulnerability position, I also became the main point of contact within the company for vulnerability remediation advice.
I’m my time as a Senior Technical Vulnerability Analyst, I performed almost all the tasks that were the responsibility of the Vulnerability Manager, either as part of my normal role, or as holiday cover. Tasks included Vulnerability Reporting, Vulnerability Remediation SME, Pentest Management (assessing the need for them, booking and chaperoning testers and analysing & processing findings), Risk Assessment, Secure Coding Training, Firewall Rule Review etc.
Within Vulnerability Management, I developed a particular specialism for Bug Bounty Programme Management, taking the lead running the company programme, organising 2 charity hack days, speaking on the subject at Universities, Security Conferences & Vendor Events and attracting some of the world’s leading Hackers to our programme.
As the companies needs changed I transitioned for a general company-wide vulnerability specialist into being a tribe-focused member of the new and growing Cyber Security Specialist team, initially temporarily becoming the specialist for the Central Tech Tribe (Infrastructure, Data and Enterprise) and later on after the role became permanent and the team changed, acting as the specialist for Gaming too. In this role, whilst my direct involvement with Vulnerability Management lessened, as I retained some relevant responsibilities such as producing vulnerability reporting, acting as the vulnerability SME within my assigned tribes and managing pentests and some aspects of the bug bounty programme.
2017 – SENIOR SOC ANALYST – Maintel Communications
I was hired as a Senior Security Operations Centre Analyst, but the intial role was the sole Security Specialist in a small team tasked with creating a greenfield MSSP Maintel’s and SOC from scratch. I quickly augmented my existing skills with expertise in areas such as the McAfee ESM SIEM, the Fortinet border protection and analysis devices and Cisco iOS devices, as well as preparing a team for incident management and investigation.
2016 – 2017 – InfoSec Manager – Crisp Thinking
I was Crisp’s first dedicated InfoSec employee, as such I devised and implemented numerous new procedures and policies as well as building on both my personal skills and our in-house expertise to build an SIEM system on an ELK stack. I also developed the company’s InfoSec Risk Register along with performing internal InfoSec audits, CIA and breech risk analysis and developed procedures for InfoSec Risk Management & Reporting and Incident Risk & Reporting as well as conducting external host pentests.
2016 – Transitional Role – Crisp Thinking
As a long time champion of better InfoSec practices within the organisation, I accepted an offer to slowly transition from the onboarding team to become an InfoSec specialist within the Operations team. As well as focusing my own training on taking my already extensive InfoSec knowledge and tailoring it for a more Corporate Role, I trained a new Project Manager to reduce the non-technical aspects of my existing role, allowing me time to work within the Ops Team, not just advising on security matters, but also using my ability to automate tasks and integration platforms at API level to help streamline many processes and provide extensive monitoring and well as developing an extensive library of powershell cmdlets to interface with platforms such as Google Cloud Compute, Elasticsearch, Logstash, Nmap, OSSEC, Nessus, OVH, Facebook Business Manager, Zabbix, GrayLog and DaPulse. I also performed the first comprehensive host and network audit and gained a good understanding of SOC2 compliance and how to implement it.
2011 – 2016 – Technical Project Manager – Crisp Thinking
My primary role was to project manage the integration of customer’s games, chat systems, forums and social media feeds into Crisp’s Platform, I’ve successfully managed projects to integrate dozens of leading brands from every sector into Crisp’s platform, managing every step from process and worked closely with both management and technical teams of numerous leading brands in the entertainment, gaming, health care, social media, fashion and travel. I also spent most of my first 3 years with Crisp simultaneously acting as the account manager for 50+ customers and running the Customer Support team, alongside Project Managing customer integrations.
As the company grew and it became necessary to build a dedicated Customer Service team, account managers and projects managers, many of whom I helped train and transition into the role and whose new teams continued to use the processes and policies I’d laid out. Over time my role focused more on Technical Integrations, seeing me work with customer’s development teams, to ensure the smooth integration of their platforms with ours. I also occasionally provided third line support for our new Customer Service team and acted as a general technical troubleshooter and configuration specialist for our own platform.
2011 – Director– Coding Futures
Coding Futures were a small startup I was offered a Director role with whilst working for a freelancer for them. I was responsible for numerous different areas and projects, often performing customer liaison and project management work, rather than technical tasks.
Whilst the projects we undertook were varied, the company specialised in both WordPress plugin development and custom payment gateways, giving me a unique insight not just into developing secure applications on a challenging platform, but also PCI compliance and the Data Protection Act.
2009 – 2011- Consultant / Project Manager – Pegden.Com IT Management
Taking advantage of the wide range of skills I’d gained over the previous 13 years, I set up as a self-employed IT Consultant/Project Manager specialising in Small Businesses. This has seen me overseeing a wide range of projects, often building teams of freelancers to meet project requirements.
1996 – 2009 – Multiple Positions – Visionsoft Limited
In my time at Visionsoft, my role and responsibilities changed as the company grew.
- Technician – Acting as the sole technical support representative in a fledgling company
- Technical Services Manager – Building and managing a customer support team to meet the growing demands of the company and expanding into customer training, internal support and system administration. Liaising with the development team to ensure both customer feedback and testing results were fed back into the development and release cycles.
- Technical Manager / IT Manager – Taking charge of all technical decision making in the company excluding software development. I managed the technical and customer service teams in the UK. I was also responsible for the company’s online presence (including significant input into online marketing) and headed up our customer training team. I also help set up support channels in USA, Australia, France and Germany.
1994 – 1996 CAL Limited. Support Technician and Maintenance Developer.
Whilst hired in a technical role to work mainly on VAX/VMS servers, testing and maintaining DIBOL code as well as specializing in PC desktop support, my customer facing skills saw me most commonly utilised in on-site face to face support, where I rapidly gained a reputation for being a great problem solver and firefighter who can work well under pressure.
Prior to this I had several freelance, part time or seasonal jobs. Whilst at university I did some freelance software development work for an Acorn Archimedes games development house and also acted a seasonal assistant in the IT department of Lancaster City Council.
I’m a dad, a keen runner and have been a season ticket holder at Blackburn Rovers for many years.
Currently in my spare time, when not spending time with my family, I enjoy taking part in Competitive Simulated Pentests and CTFs.
I have always been a keen IT hobbyist and I’ve written open source and freeware software for a variety of platforms using a variety of languages, development environments and frameworks. I have also built several online communities the most notable being based around a football website with over 6000 members which has been running since 1996. I also regularly attending social technical events, sometimes as a speaker.
Click Here to contact me.