Jun 2021 – May 2022 · 11 mos

• This was an exciting role in which I advised and guided the IR Ops staff allowing them to develop their skills and capabilities with various levels of support. I provided in-house training on our tools and processes for teams and individuals that ask for or need help.
• I supported EA during the M&A of studios and organisations, ensuring that the newly adopted networks present as low a risk as possible by reviewing their security risk, tooling, hygiene and leading threat hunting activities.
• Finally, I was to lead major incidents that arise from the operation of EA's networks as it supports millions of players enjoying games from Apex Legends, Rocket Arena, Battlefield 2042 and FIFA.

Oct 2018 – Jun 2021 · 2 yrs 8 mos

• I led the Global IR Operations Team. We planned new response strategies and deliver realtime Incident Response activities across the EA environment. We had some awesome tech and amazing games that have scale like you wouldn't have believed.
• Titles like FIFA, Apex Legends, Need for Speed, Titanfall2, Apex Legends and Star Wars Jedi Fallen Order are all on our catalogue. To protect these games, IP and availability we had a diverse team working with great tools augmented with our own projects to detect and mitigate both directed and general cyber attacks.
• As a gamer at heart, EA was an amazingly professionally rewarding and fun job protecting the games I loved. It was a great place to work and many of the team are amazingly technical from the CISO down. Except for I must say my former line manager (who I won't name in public although he has been booted out); he was a useless spineless techno-waffler that couldn't IR his way out of a paper bag. He was the worst manager I've ever seen and unfortunately his role was to make my life miserable and he was the reason I reluctantly left as he affected my mental health with his suffocating idiotic contradictory inane leadership - life is too short to work for a buffoon.
• It was widely reported that in June 2021 EA was compromised by LAPSUS$. Well, I was the Incident Commander that lead the response actions for EA.
• While I was briefed and advising the execs I was supported by an amazing band of system, cloud and app admins, SOC analysts, IR forensics specialists, game security security engineers. Together we identified, scoped and removed the attackers from the network in record time. Professionally, the most challenging and rewarding time of my career made possible by the hard work and support by many - you know who you are...... Thank you.

Mar 2007 – Present · 19 yrs · EMEA

• For the past 17+ years, I've mainly been teaching the highly popular SEC504 Incident Handling and Hacker Techniques course. This hands-on technical course is a great starting point for newcomers to learn about incident response.
• After spending many years in Incident Response (IR) and Incident Management (IM), I realized the need for a course that focuses on building skills for managers and those dealing with major cyber incidents in companies. Since there was no such course available, I took the initiative to create one myself.
• That's how the SANS Cyber Incident Management course (MGT553) was born in March 2022. It's based on my years of frontline experience in IR and IM, distilled into a few days of training. The initial version was well-received, but we thought it needed more time and content. So, we extended it from two to five days and renamed it to LDR553.
• Check out my profile and when I am teaching next at the SANS website: https://www.sans.org/profiles/steve-armstrong-godwin/
• Here's the link to the newer 5-day course: https://www.sans.org/ldr553

Feb 2003 – Mar 2008 · 5 yrs 1 mo

• I developed and presented full day hands-on lectures for the IT Sy MSc in the Threats I and Threats II modules. These covered the technical aspects of many current threats presented to IT systems.
• I developed and presented a full 5 day module for the Biometrics MSc on Penetration Testing. This included considerable hands on experience for the students, with both Sy tools and Exploits. The week concluded with a full end-of-module lab exercise LAN complete with vulnerabilities and configuration errors.

Jan 1999 – Oct 2020 · 21 yrs 9 mos · Cheltenham

• As the founder and owner of Logically Secure my role was mainly overseeing our outstanding and growing team as they continue the development of our cyber security services and product offerings.
• As the company owner I ensured we employed the best developers and penetration testers and that they were receiving the best training possible and had access to the optimum equipment and software to meet our clients’ needs. I sought out new organizations with whom Logically Secure can partner with to maximize the business opportunities in the specialist areas where our skills and products are in high demand.
• I also monitored the quality and delivery of our varied services including Penetration testing, Cyber Investigations, Incident response, Digital Forensic Analysis, General Security Assessments and Incident Response training.
• As a seasoned Incident Responder I also provided specialist advice to our developers as they planned the roadmap of improvements for our patented Incident Response Platform CyberCPR and its associated training products.
• Finally, I lectured and gave presentations to a variety of audiences (from Universities, Closed User Groups, UK Auditing Bodies and Cyber Hacker events e.g. 44con). I have on several occasions appeared on both BBC television and radio as an SME discussing topical IT Security matters.

Oct 1991 – Oct 2007 · 16 yrs

• During my time in the RAF undertook a wide variety of General and IT Security related tasks and jobs around the country and world. Highlights include, Accreditation of the UKs Air Defence Systems, BOWMAN Accreditation, Head of Penetration Testing in the RAF, Head of UK base Security in Kuwait and Wireless Network surveys in Iraq.
• I operated as an Accreditator for DSSO, working to JSP440 and the various IM's and IS1 to 3. With over 7 years in Accreditation, I fully understand the problems, pitfalls and risks that surround system Accreditation.