2008 to Present: Cardwell Security Ltd: Director / Managing Consultant

2001 to 2008: Hays IT Consulting: Security Specialist / Computing Security Officer

Placed for the last five years as the computing security officer for BT Retail Technology, running a team of fifteen covering vulnerability management, system security, audit, compliance, third party security and responsibility for the programmes £1.26 million budget. My objective is to ensure the protection of the £950 million revenue generated by the line of business.

Duties Include:

• Development of security policies and standards.
• Managing third party security in the UK, Ireland and India.
• Vulnerability/Risk Management.
• Security Project Management.
• 3rd party security Audit/Resolution Management.
• Operational security consultancy.
• Penetration tests.
• Platform evaluations.
• Advice on the security aspects of contracts and system architecture solutions.

Other roles whilst at Hays IT Consulting / BT:

• Security Architect.
• BS7799 security auditor.
• Pen testing.
• Security Awareness.
• Security System Design.
• Instructed a class of 14 for the CISSP qualification; 100% pass rate.

2000 – 2001: International Network Services: Managing Consultant: Security Practice

I managed a highly skilled multi-disciplinary team of account managers, project engineers and consultants:

• Controlled a team of 20 that generated a multi-million dollar annual income.
• Responsible for P&L, staff development and team bonding, training and HR issues.
• Managed the UK and Ireland security practice. Promoted the need for sensible security solutions which supported the businesses objectives.
• Involved in business development and responsible for measuring the quality of client deliverables.
• I consistently exceeded targets on utilisation and realisation figures.
• I was the youngest managing consultant in INS international operations.

1999 – 2000: International Network Services: Security Consultant

Promoted to provide leadership to the security consultants and assisted the Security Practice Manager in business development. Also:

• Established the security practice within the UK. Worked on projects that demonstrated return on security investment (ROSI) and provided security input to bid proposals.
• Worked on projects for Internet service providers, telecoms companies, other consultancies and manufacturers. Covered a range of technical services which included system security design, UNIX security audits and penetration testing.
• Managed large scale project with design authority for the security elements. One of the largest being a new online jewellery retailer.
• Trained and mentored security engineers.
• European wide travel to work onsite with clients.

1997 – 1999: UUNET: Security Master

I managed an operational security team which was responsible for security policy, server and network security. Achievements included:

• Successful fraud investigations resulting in a £250,000 annual saving.
• Successful implementation of VPN for UUNET.
• First UK deployment of the PIX firewall and bug tested this device for CISCO.
• Key role in the design and implementation of a state of the art global secure intranet with full unique and dynamic access control system.
• Participated in Disaster Recovery group, identified key threats and reduced risk.
• Responsible for EU operations in the Global Security Team.

1995 – 1997: UUNET: Corporate Support Engineer

Provided support to corporate customers; in a lead role, substantially improved the level of service received by customers and assisted other engineers with complex technical issues. Selected to establish and lead specialist security team handling over 400 firewall customers and their support issues. Helped set up dedicated lab for mirroring customer support problems in a non production environment.