Dec 2022 – Jun 2023 · 6 mos · Remote

• Field CISO role enabling field sales and Solution/Data architects.
• Managing customer cybersecurity objections, CISO to CISO/CxO conversations, deal-support.
• Managing enterprise-readiness strategy, creation of security collateral.
• Evaluation and prioritisation of Product Security enhancements.

Jul 2022 – Mar 2023 · 8 mos · Berlin, Germany · Remote

• Designed ground-up security function including design, hiring, tooling, strategy, technology, and compliance plans, covering SOC, Vulnerability Management, Application Security, GRC, and employee and developer education and awareness.
• Oversaw Vendor Risk Management, Security Engineering, Vulnerability Management, Governance, Risk and Compliance, Privacy Technology, and Incident Response.
• Executed gap analysis and directed transformation for Cybersecurity Insurance, ISO27001, and IPO Readiness

Jul 2021 – Jan 2023 · 1 yr 6 mos

• Established comprehensive security function from the ground-up, including tooling, resources, and operating model, including new function areas:
• SOC, SIEM, and SOAR
• Application Security
• DevSecOps
• Governance, Risk, and Compliance
• Security Behaviour Management and Awareness
• Security Engineering
• Specified requirements, selected and implemented tools, hired operational and engineering talent, reporting to board
• Introduction of new security architecture standards across global org
• Creation and execution of security culture program across the company
• Expanded and matured Penetration Testing and Vulnerability Assessment programs including better management practices and hygiene around reporting and remediation management
• Completion of SOC2 Type II and ISO 27001 audits, and creation of compliance roadmap
• Product security “voice of the customer”
• Sales support, including CISO to CxO conversations, RFP/SQs, and legal/privacy support
• Completed one company acquisition and Security Onboarding of 3rd party development organisation including changes to security program scope, policies, SOPs, standards, guidelines, training etc
• Cybersecurity SME legal for regulatory compliance obligations and customer contracts
• Accountable for security budget, personnel development, forecasting, and all Security Business Operations

May 2021 – Present · 4 yrs 10 mos · Remote

• Advisory Consulting, CISO and board advisory support to multiple cloud startups, restarts, large enterprise, regulated markets, and established organisations.
• Always-on phone-a-friend service for incumbent and/or beleaguered CEOs, CIOs; CTOs, CISOs, CPOs, General Counsels, CROs, CMOs, for acute tactical issues or long-term strategic guidance.
• Proven delivery model with 8 phases across 4 workstream specialisations:
• 1.) Information Security Management - The effectiveness of your Internal Information Security Program.
• Good cost-effective security and risk management, from vision and strategy at the top, through remediation and transformation, down to engineering and configuration guidance.
• 2.) Product Security - What you build for your customers, how you build it, and how you operate it. Integrated AppSec, DevSecOps, best practices, and culture support to name but a few.
• Build it right first time, lean in, go faster, get a competitive edge.
• 3.) Field Security & Customer Trust - How you externalise your Trust and Security story, trust-based sales and marketing, customer Trust Experience Design, Trust communications, marketing, and PR.
• A great product and security program speaks for itself, right? Wrong, you need to speak for it. You need a good true security story internally and you need great Trust Storytelling to the market, prospect objection handling, voice of customer, pipeline friction removal.
• 4.) Security Product Management Consulting - Vision, Feature Roadmap, Competitive Analysis, Market Insights, Consulting, Sales Enablement, GTM, and Product Management specifically for security products.
• Tomorrow’s cyber unicorns need timely access to wise, informed, and insightful guidance today.

May 2017 – Sep 2020 · 3 yrs 4 mos

Mar 2016 – May 2021 · 5 yrs 2 mos · United Kingdom

• Working in the ServiceNow Security Office as part of the Office of the CISO, I have the honour of working with talented Security, Trust, and Communications professionals whilst leading an incredible global team architecting ServiceNow’s Trust at Scale programme, building out our cloud and internal security programs, Trust Management Strategy, a Security-minded culture, delivering innovative scalable processes, strategies, and collateral, and furthering Trust in ServiceNow, the Forbes #1 Most Innovative Company, and the fastest growing established cloud company in the world.

May 2015 – Mar 2016 · 10 mos

• Responsible for strategy, architecture, and digital transformation of legacy on-premise environments, Digital Forensics (specifically with regard to child protection and exploiting cutting-edged technology including cloud services to increase throughput and reduce processing time), environments strategy, technical principles and technical security principles to drive collaboration across multiple forces, acting as Technical Architect, TDA, Strategy Architect, and deputising for the CTO, reporting to the 4 forces CTO

Jun 2013 – May 2015 · 1 yr 11 mos · Horsham/London

• As the Chief Enterprise Security Architect for a leading global/FTSE100 insurer I am responsible for creating and developing the enterprise security practice, security solutions architecture, security consulting, Technology Risk and security TDA/Enterprise Technical Governance activities.
• During this time I have also been the lead architect on a hybrid cloud adoption including technical, ITSM, and commercial aspects.
• Work highlights include the creation of a business machines strategy, technology framework and end to end mapping, development of a tool to automatically visualize application flows within and across security boundaries, and the development of an innovative cost apportionment model which attributes real technology costs to high-level business focus areas, ensuring money is invested in the right areas.

Dec 2008 – Jun 2013 · 4 yrs 6 mos · Worthing, UK & Telford, UK

• Responsible for enterprise level network, security and infrastructure architecture and technical leadership for the HMRC customer across a wide variety of very high-value, high security public-facing projects.

Dec 2001 – Dec 2008 · 7 yrs

• As part of the UK IT leadership team, responsible for networks and security in a player-manager role encompassing Enterprise Architecture, Solutions Architecture, Technical Consulting, Project Delivery and Operations for both internal and external customers.

Oct 2000 – Aug 2001 · 10 mos

• Desktop and Server infrastructure refresh. Mail migration tools development including cracking of third-party encryption in order to facilitate £3m saving in mail migration effort.

May 2000 – Oct 2000 · 5 mos · On-site

Feb 1999 – Feb 2000 · 1 yr

Jul 1998 – Feb 1999 · 7 mos · On-site

Feb 1998 – Jul 1998 · 5 mos

• Application packaging, desktop systems management and low-level OS specialist.

Feb 1995 – Feb 1998 · 3 yrs