Christopher H. — Consultant

As a Principal Security Consultant at NCC Group with over 22 years in IT and 9 years dedicated to cybersecurity, I specialise in cloud security architecture, DevSecOps, and offensive Azure security. I lead complex engagements across Microsoft Azure, Microsoft 365, and hybrid environments - helping organisations harden, automate, and secure their cloud operations. I've managed large-scale cloud security projects, conducted detailed Azure and Microsoft 365 assessments, and provided mentorship to junior consultants. My focus is blending offensive insight with architectural design - understanding how attackers move in Azure and building resilient, monitored, least-privilege environments to stop them. One of the initial contributors to ScoutSuite, now I make internal Azure assessment tools. Very hands-on with Azure Synapse, Docker, Kubernetes, Terraform, Bicep, Azure Policy, Defender XDR and Sentinel, I design and test solutions that scale securely and align to enterprise governance. # Certifications Expert / Architect-level * SC-100 (Cybersecurity Architect Expert) * AZ-305 (Azure Solutions Architect Expert) * AZ-400 (DevOps Engineer Expert) * MS-102 (Microsoft 365 Administrator Expert) Security / Identity * AZ-500 (Security Engineer Associate) * SC-300 (Identity & Access Admin Associate) Core / Networking / Data & AI * AZ-104 (Administrator Associate) * AZ-700 (Network Engineer Associate) * AI-102 (AI Engineer Associate) * PL-300 (Power BI Data Analyst Associate) GitHub * GH-100 (Administration) * GH-200 (Actions) * GH-500 (Advanced Security) Offensive & Other * OSCP (Offensive Security Certified Professional) * eCPPT, eWAPTX (INE Security) * CQURE Advanced Windows Security Programming * Zend Certified Engineer Focus Areas * Offensive Security * Azure Security & Architecture * Identity and Access (Entra ID, PIM, Conditional Access) * DevSecOps & CI/CD Hardening (Azure DevOps, GitHub Actions) * Offensive Azure Assessments & Cloud Pentesting * Threat Modeling & Zero Trust Design * Detection Engineering & Defender for Cloud / Sentinel

Stackforce AI infers this person is a Cloud Security and DevSecOps expert in the SaaS industry.

Experience: 20 yrs 7 mos

Skills

Cloud Security
Devsecops
Penetration Testing
Threat Modeling
Software Development
Project Management
Web Development

Career Highlights

Over 22 years in IT with 9 years in cybersecurity.
Expert in cloud security architecture and DevSecOps.
Hands-on experience with Azure, Docker, and Kubernetes.

Work Experience

NCC Group

Principal Consultant (2 mos)

Managing Security Consultant (3 yrs 9 mos)

Senior Security Consultant (3 yrs 8 mos)

QinetiQ

Ethical Hacker (1 yr 8 mos)

Fast-Fwd Multimedia

Senior PHP Developer / Project Manager (3 yrs 11 mos)

eSterling Ltd (Sterling Group)

Senior Php Developer (1 yr 4 mos)

etouches

Senior Developer (1 yr 4 mos)

Misco

Senior IT Account Manager (4 yrs 10 mos)

Fiat

IT Trainer (0 mo)

Education

Bachelor’s Degree at University of Birmingham

Associate’s Degree at North East Wales Institute

Christopher H.

Consultant

United Kingdom20 yrs 7 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Over 22 years in IT with 9 years in cybersecurity.
Expert in cloud security architecture and DevSecOps.
Hands-on experience with Azure, Docker, and Kubernetes.

Stackforce AI infers this person is a Cloud Security and DevSecOps expert in the SaaS industry.

Contact

Skills

Core Skills

Cloud SecurityDevsecopsPenetration TestingThreat ModelingSoftware DevelopmentProject ManagementWeb Development

Other Skills

AzureIdentity ModelsTerraformBicepDefender for CloudSentinelAzure Security AuditsScoutSuiteDockerKubernetesVagrantPHPSaaSWordPressCodeIgniter

About

Experience

20 yrs 7 mos

Total Experience

3 yrs 5 mos

Average Tenure

7 yrs 6 mos

Current Experience

Ncc group

3 roles

Principal Consultant

Promoted

Mar 2026 – Present · 2 mos

Managing Security Consultant

Promoted

Jun 2022 – Mar 2026 · 3 yrs 9 mos

Lead and manage complex cloud and application security engagements across Azure, Microsoft 365, and hybrid environments.
Oversee multiple project streams, ensuring quality coverage, technical accuracy, and timely delivery.
Mentor and train junior consultants and graduates, providing technical and soft skill development pathways.
Specialize in Azure and DevSecOps security assessments, covering governance, automation pipelines, and identity models.
Collaborate with clients to design secure-by-default Azure environments aligned to Zero Trust and Microsoft Cloud Security Benchmarks.
Drive offensive Azure and Microsoft 365 security research, simulating real-world attacker paths and implementing mitigations.
Continue hands-on technical work including Terraform/Bicep, Defender for Cloud/Sentinel, PIM/CA, and policy-as-code implementation.

AzureDevSecOpsCloud SecurityIdentity ModelsTerraformBicep+2

Senior Security Consultant

Nov 2018 – Jul 2022 · 3 yrs 8 mos

Delivered full-scope penetration testing, red team simulations, and Azure security audits.
Contributed to ScoutSuite Cloud Auditing Software (open-source) with modules and enhancements.
Member of the Containerisation team, focusing on Docker and Kubernetes security assessments and hardening.
Conducted Windows Active Directory and virtualisation audits (ESXi) and Terraform infrastructure reviews.
Supported project management, client reporting, and technical peer review for cloud security deliverables.

Penetration TestingAzure Security AuditsScoutSuiteDockerKubernetesTerraform+1

Qinetiq

Ethical Hacker

Mar 2017 – Nov 2018 · 1 yr 8 mos · United Kingdom

Conducted external, internal, and web application penetration testing, wireless assessments, and social engineering.
Delivered complex build reviews, scope definition, and threat modeling for enterprise clients.
Built and maintained internal penetration testing labs and capture-the-flag environments using vSphere, ESXi, Docker, and Vagrant.
Designed training material and mentored graduates entering the penetration testing team.
Developed offensive tooling and proof-of-concepts to simulate real-world attack chains across hybrid infrastructures.

Penetration TestingThreat ModelingDockerVagrant

Fast-fwd multimedia

Senior PHP Developer / Project Manager

Nov 2011 – Oct 2015 · 3 yrs 11 mos · West Midlands

Sole developer for the company’s first SaaS platform, CGFirst, later managing full lifecycle releases and feature expansion.
Coordinated with clients and internal teams to prioritize features and set sprint-based timelines.
Mentored junior developers on best practices in PHP, MVC frameworks, and version control.

PHPSaaSProject ManagementSoftware Development

Esterling ltd (sterling group)

Senior Php Developer

May 2010 – Sep 2011 · 1 yr 4 mos · West Midlands

Maintained and upgraded customer sites; led migration from legacy Classic ASP/Access CMS to PHP frameworks (WordPress, CodeIgniter, Shopify).
Streamlined deployment processes and introduced modular code practices.

PHPWordPressCodeIgniterWeb Development

Etouches

Senior Developer

Dec 2008 – Apr 2010 · 1 yr 4 mos · Slough

Modernized the company’s SaaS product from PHP 4.4 to PHP 5, introducing OOP design, PDO, and memcache.
Improved scalability and stability of a global event management platform used by large enterprise clients.

PHPWeb Development

Misco

Senior IT Account Manager

Nov 2003 – Sep 2008 · 4 yrs 10 mos · Wellingborough

Managed key enterprise accounts, scoped and delivered custom IT infrastructure projects.
Combined technical and commercial expertise to design cost-effective IT solutions.

Fiat

IT Trainer

Jan 2002 – Jan 2002 · 0 mo · Scotland (All Fiat Dealerships)

Delivered nationwide training for the rollout of Fiat’s new intranet platform.
Trained dealership staff across Scotland, adapting sessions for management, sales, and technical personnel.