Sep 2025 – Present · 7 mos · London Area, United Kingdom · Remote

• Advising the co-founders.

Feb 2025 – Present · 1 yr 2 mos

Jan 2025 – Jan 2026 · 1 yr · Remote · Remote

• We are dedicated to advancing the role of Chief Information Security Officers (CISOs) and cybersecurity leaders through rigorous professional standards embodied in our Code of Professional Conduct, our path to CISO Accreditation, and comprehensive benefits for our members, including mentoring, coaching, professional development, continued learning, well-being resources, and CISO-specific professional liability insurance.

Oct 2024 – Sep 2025 · 11 mos · EMEA · Remote

• Forbes Technology Council Is An Invitation-Only Organisation For Senior-Level Technology Executives. Members are respected tech leaders and executives — CEOs, CIOs, CTOs, and others — selected for the council based on their deep knowledge and diverse experience in the industry.

Sep 2024 – Present · 1 yr 7 mos · Remote · Remote

• As an Expert, I provide strategic advice and guidance to the investment team and founders within the Primary portfolio and broader network. Experts enjoy access to early-stage businesses, emerging trends and technology, and an expanded network of exceptional leaders and resources through a top-tier seed-stage firm.
• Primary is New York City’s premier early-stage venture firm working alongside founders to build unicorns like Alloy, Alma, Chief, Dandy Electric, Latch, K Health, Stellar Health, Slice, and many more.

Sep 2024 – Aug 2025 · 11 mos · Remote · Remote

• Using expertise and experience in Cyber Security, Business and IT to shape C-Vision's strategic direction and ensuring they stay on the path to success.
• C-Vision are committed to creating an environment where collaboration, innovation, and strategic thinking thrive within the relms of Technology.

Sep 2024 – Feb 2025 · 5 mos · Remote · Remote

• Curb Health’s mission is to help as many people as possible overcome the most challenging
• moments of behaviour change.

Feb 2024 – Present · 2 yrs 2 mos · http://www.youtube.com/@TheDecloakedPodcast · Remote

• A place where fellow cybersecurity freaks and geeks gather to discuss the ups and downs of the industry. We talk with leaders within the industry about their experiences, and stories from the trenches as we try to remove all the B.S. from various Cyber-related topics.
• The channel's purpose is education and to help tackle aspects of mental health within the industry. #cybersecurityleadership #leadership #cybersecurity #hacker #informationsecurity #cisotalk #ciso #cyberresilience #cyberresilience
• Note: Thoughts are our own and not reflective of past and present employers.
• Now on Spotify: https://open.spotify.com/show/1yYymo2c20rkcCDgeZynpN?si=6073cfe55b8e479f

Jan 2024 – Present · 2 yrs 3 mos · Remote

Aug 2023 – Jul 2024 · 11 mos · Remote · Remote

• Part of the Gartner ‘Think Tank’ thought leadership looking at emerging industry trends and research.

May 2023 – Present · 2 yrs 11 mos · Paris / Edinburgh / London / NYC / Remote · Remote

• Leading Security, AI Safety, IT and supporting technology strategy for a Forbes Top 50 AI unicorn.
• Built the company's first security function that secures our platforms, multi-cloud (AWS & GCP, 100s of accounts), agentic infrastructure, federated data networks, diagnostics and R&D software engineering divisions (AI, DS & ML).
• Responsible for scaling AI tooling, AI safety, AIOPs and GenAI security (LLMs, Agentic Platforms and Agents).
• Build, run and defend via ITSecOps. Managing our enablement tech stack.
• Switching between Engineering, I.T. and non-technical roles as CISO and CIO.
• Translating the complexity of security and engineering. Making it engaging and part of our culture.
• Provide technical leadership and direction, shaping the compliance priorities for multiple engineering and non-engineering teams. (Features, enhancements, BAU processes and GTM MVPs)
• Crafting our Security Engineering and IT roadmap and engineering capability to enable business and product goals to be met.
• Defining and monitoring the metrics of quality, efficiency and excellence and ensuring best practices and playbooks across cloud compliance, ISO, SDLC, QA, LLM etc.
• Hire, mentor, develop, and retain engineering talent.
• Leading our IPO strategy for all technology.
• Achieved ISO 27001, NIS2 and NHS DSPT. (Exposure to ISO 13485 medical devices)
• Utilising CSPM/CNAP, EDR, XDR technologies. (All implemented since I joined).

Feb 2023 – Jan 2024 · 11 mos · Remote

• I am a member of the Advisory Board.
• Cyber Security Hub maintains a specialist cyber security advisory board to contribute thoughts and analysis on the technology and services being used to advance IT security.

Sep 2022 – Feb 2023 · 5 mos · Remote

• Contributor to the cyber community at Purple Book. https://www.thepurplebook.club/blog-posts/why-your-security-strategy-must-evolve

Mar 2021 – Mar 2023 · 2 yrs · Remote · Remote

• Flo Health is the world’s first AI-powered health and wellbeing app. 265 million users worldwide, 50 million paid subscribers, number one Health app. 300+ billion health data points, providing the largest data set of health available in the world. Series B with $50 million. Apple Health is our biggest competitor. Company's valuation is $1 Billion.
• An Exec responsible for global Security across Cloud (AWS & Google), Applications, Networks, Infrastructure, Product, I.T., Engineering and Development.
• Built the company's first security function, and engineering capability for Cloud Security, Application Security, DevSecOps, Risk Management, Security Intelligence, Product Security, Vendor DD and pen testing. Supporting 200+ Engineers and developers.
• Mitigating 40+ million cyberattacks per week.
• Company implemented: Snyk (CI/CD tooling SAST & DAST, IaC, K8s etc.), Orca Security (CNAP), SIEM, Auth0 (265 million users), Okta, 1Password, HackerOne (3000+ Hackers), Vanta, Cloudflare WAF & ZTN, OneTrust & Metacompliance.
• Cloud security assessed against: HIPAA, CCPA, CIS 1.3.0 – 1.5.0, CIS K8S, NIST 800.
• SAST/DAST tooling implemented into SDLC, Dev pipelines e.g., Jenkins, bitbucket, Git. 76k items scanned per month. 600+ containers across 22 AWS accounts managed by 300+ repositories. (IaC via terraform)
• The first company of our kind to be ISO 27001 certified: July 2022, 100% pass mark.
• Mentoring our partner firm Palta on Security for their portfolio of six start-ups.
• Work with regulators, the FTC, ICO, CNIL.
• Press engagements, keynote speaking.
• A culture of ‘Security by design’ and ‘Hack First’ approaches enable and scale with the business not hinder it.
• Awards/talks: Multiple awards and keynotes during my time.

Aug 2017 – Mar 2021 · 3 yrs 7 mos · Edinburgh, City of Edinburgh, United Kingdom

• Zonal is the UK’s biggest EPOS and SaaS provider for the Retail and Hospitality industry. (Circa £70 million turnover). I am responsible for the strategic leadership of our InfoSec and Compliance requirements.
• Providing guidance to the ExCo Board members within the company.
• Built the company's first security function. Leading our company InfoSec and Compliance transformation programmes across; R&D, IT and Infrastructure Services in a SaaS and B2B environment.
• Built an award-winning Security function from the ground up, moving away from outsourced models to put in place the people and tools required to mitigate risks and manage security risk appetite.
• GDPR (DPO).
• Developed our new SDLC reviews to enhanced security, factoring in penetration testing, code reviews, and architecture analysis are an integral part of the engineering development effort (180+ Devs).
• My team are responsible for;
• Mitigating 200k cyber attacks a day.
• PCI DSS
• Internal/External Security penetration testing conducted. Including SecOps.
• Security management of Cloud, Mobile, App, Web & Cryptography (CVE management and remediation)
• SecDevOps into the CI/CD pipeline. Covering Infrastructure and App Sec.
• RFPs / RFIs. (£20+ million)
• Managing penetration testing (OWASP Top 10) (Scoping and implementation of any technical security testing)
• Delivering policies, standards and procedures to protect the organisation and it's customers (ISO27001, NIST and ICO guidance for protecting data).
• Advising on security technologies (e.g. AV, SIEM, IDM, IPS, F/W, SSO, DLP, Cloud, Endpoint, Networks)
• Overseeing forensics, incident response, threat hunting, security champions initiatives and CTFs.
• Managing security improvements across the Engineering and Dev teams for web and mobile products.
• CISO matters are covered under my remit. Regular keynote speaker at Security and Data Protection events in Scotland. Winner of ‘Best Information Security’ at the Scottish FinTech awards 2019.

Nov 2016 – Aug 2017 · 9 mos · Greater Edinburgh Area

• FanDuel is the ecommerce daily fantasy sports pioneer, a household name in the US and recognised as one of Scotland’s two unicorn companies. I was responsible for our day to day information security risk management, governance and regulatory compliance requirements for the company within UK and US.
• Key Achievements:
• I designed the company security risk framework, set and defined the company risk appetite. Increasing awareness of how risk appetite is meaningful to people's roles and supports effective decision making regarding our strategic growth.
• I review and provide assurance over our regulatory standards and requirements when applicable for; EU GDPR (data protection), ISO27001 (best practise and framework), DFS (daily fantasy sports regulations) to ensure compliance for the UK and US remits.
• I identify information security and operational risks to ensure that FanDuel and our vendors continue to comply with internal and external security and risk control sets, 3rd party supplier assurance, due diligence and oversight provided.
• Risk Assessments performed throughout the business to identify security and data privacy/protection risks and support the mitigation of these.
• Implemented our GRC tool (ZenGRC) to maintain company risks, I perform internal audits for UK and US, maintaining compliance requirements and controls testing. (E.g. PCI DSS remediation & Ops risks)
• Maintaining the development of security and risk policies governing IT practices and risk governance.
• Exposure to Qualys vulnerability management. Reviewing CVEs, alerts and incidents.

Apr 2016 – Nov 2016 · 7 mos · Greater Edinburgh Area

• I designed, built and implemented a new bank wide risk function that will better enhance risk management, governance and controls within Implementation / Infrastructure Projects which is responsible for all technology change projects and programmes that encompass technology infrastructure platforms. (Interim Head of)
• Key Achievements:
• I managed the Control Environment Certification (CEC) process and testing deliverables for the whole of 'Implementation' to ensure a robust technology risk control environment is in place. I achieved a CEC score of 2 (Second highest score).
• I was lead spokesperson for Technology Risk and Issues at the IP Governance Board (HoF, PMO & PM audience). Covering hardware changes, security and data protection upgrades and enhancements and software deployments.
• I designed the Operating Model standards and procedures for the department.
• I created our Risk Governance Forum (and was chairperson) to establish a place that discusses risk themes (Technology Projects: security, upgrades and migrations. PlanView £100+ million), review risk trends and any training needs for my risk partners.
• I conducted quality assurance over our risk partners in regards to portfolio and project management (Infrastructure, Security, Software and Hardware). Delivering deep dive and thematic reviews to provide constructive feedback and improvements.
• I utilise Portfolio, Programme & Project Management (P3M) standards that use Prince2 methodology to enhance risk awareness and best practise.
• I was also a Graduate Development Manager helping to inspire the next generation of RBS employees.

Feb 2016 – Apr 2016 · 2 mos · Greater Edinburgh Area

• I was advising the Technology CIO function on risk and control methodology, directing and leading our process analysts within the programme. Performing desktop reviews and oversight of new internal & externally managed IT critical processes. (Bank Technology Stand Up)
• Key Achievements:
• Review the new internal and external technology used process designs via IBM Blueworks technical architecture UML to provide assurance over standards, scope, activities, roles and responsibilities (RACI) to ensure designs are fit for purpose and ready for go live.
• Providing guidance and assurance over the process analysts to mitigate material impacts to the delivery of services via a risk control matrix (RCM) to ensure risks, deficiencies, controls and quality gates are captured.
• Confirming which methodology to use for control types and what framework should be used within process designs. Using COBIT 4 methodology to advise on how to close control gaps and weakness across Technology, Supplier and Security risks.

Oct 2015 – Apr 2016 · 6 mos · Edinburgh, United Kingdom

• Providing risk management consultancy in Security, Operational, Enterprise Wide & Technology Risk areas that cover UK and Global regions.
• Developing the strategy, direction, methodology and oversight needed for my clients to ensure they protect their customers and business appetite.

Jun 2014 – Sep 2015 · 1 yr 3 mos · Greater Edinburgh Area

• I am responsible for the development and management of new insights into the identification, profiling and assessment of risks associated with 3rd party technology supplied services/products. Reviewing current frameworks, methodologies, risk process design and implementation of a control function while delivering risk management in the UK, EMEA, and APAC Technology divisions for the Bank.
• Key Achievements:
• I conducted technology risk assessments and project manage these on behalf of areas such as Global IT Security and Infrastructure Services to deliver scope, identify risks and control gaps to embed risk management culture into ‘business as usual’ practise. Suppliers assessed: Oracle, Monitise, IBM, Entrust PKI and Security, Infosys, FIS, Vodafone.
• Setting and creating risk appetite thresholds and tolerance within the 3rd party supplier risk reporting for Technology Controls ExCo.
• Leading, defining and implemented the new 3rd party supplier reporting covering tiered suppliers, profiling of risks to cover KRI’s & KPI’s. Leading to the creation of the Technology Controls ExCo dash board to highlight supplier exposure insights.
• Providing risk training and guidance on technology best practise for UK and India based colleagues. Showcasing Cobit & ITIL awareness.
• Create risk profiles relating to ‘Orbit – Operational Risks’, ‘Change Management Failures’, ‘P1/P2 Problem Incidents’, ‘DLP Data Loss Prevention'.
• Knowledge of various reporting tools including; Orbit, Service Manager 9, INFOMAN.

Oct 2013 – Jun 2014 · 8 mos

• I monitored and managed all internal/external risk activities. I delivered the supplier management risk framework within a pre/post regulated mortgage environment for MMR (Mortgage Market Review). Tier 1, 2 & 3 technology suppliers (Security, ISO and Governance work).
• Key Achievements:
• I implemented the Supplier Management Framework (SMF) governance and performance, offering framework oversight and delivered Risk Controls Self Assessments (RCSA) to review outsourced supplier processes and technology risk and security threats to the bank's appetite for Mortgages and technology.

May 2013 – Oct 2013 · 5 mos

• I delivered SLAs, KRIs & RCSAs (Risk Control Self-Assessment) for all Insurance suppliers. Interim Supplier Manager Role undertaking through a transitional period within the Bank's Supplier Management Risk Framework implementation. Tier 1, 2 & 3 technology suppliers (Security, ISO and Governance).

Aug 2010 – May 2013 · 2 yrs 9 mos

• I was part of a team who established a complaints function to deliver this project pre-launch during the RBS migration of 2 million customers be a standalone function within the Bank. Dealing with TCF, ops risks and technology issues.

Feb 2009 – Jul 2010 · 1 yr 5 mos · Greater Glasgow Area

• I maintained the daily management of agents who worked on a project to identify risk analysis using technology fraud tools such as SIRA to review customer behaviours and case investigations.

Dec 2008 – Feb 2009 · 2 mos · Greater Glasgow Area

Jan 2005 – Dec 2007 · 2 yrs 11 mos · Australia

• Freelancer looking at digital transformation for a large retail client. Projects included online e-commerce, general security, PCI DSS payment card implementation etc.