Responsible for delivering the Managed Assurance Service (MAS) where I provide managed cyber activities for our clients who do not have the expertise or time to carry them out in house, including:- External Vulnerability Scanning and Validation- Deliver Security User Awareness Training- Perform Social engineering testing (including simulated phishing and physical engagements)- Deliver and Guide Clients through Cyber best practices- Perform Open-Source Intelligence research- Perform Dark web monitoring- Deliver, Audit, and accredit clients against the Cyber Essentials certification.Other duties include utilising my previous background experiences to develop and guide the service to be more equipped and mature. This focuses on operational improvements to enhance capabilities affecting internal and external delivery.

Content+Cloud (Formerly IT Lab)Working in a unique hybrid role pivoting between the support and driving of CSOC Engineering and CSOC Operations.Point of contact for digital forensic and e-discovery investigations and first hand incident response and handling. Duties include: - Work within a multi-disciplined CSOC team identifying, owning, progressing and resolving security incidents.- Perform the prompt and effective triage and investigation of security events and incidents applying sound problem solving methods to determine scope, urgency and potential impact.- Provide technical support for the identification and response to events of incidents of a suspicious or malicious nature, and apparent security breaches.- Address technical problems; install, configure, troubleshoot, and provide maintenance to security platforms. Provide specialist technical support to Incident Response. - Collaborate with stakeholders to identify access and data collection gaps providing specialist Cyber technical advice, guidance and support. - Drive customer satisfaction and continuously seek to improve operational performance. - Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities.- Actively support the CSOC and Engineering functions in the planning, development and execution of initiatives designed to improve services and performance.

Content+Cloud (Formerly IT Lab) Working for a newly formed SOC:- Being a 2nd line escalation point for clients and 1st line engineers as well as a Technical Account Lead for multiple clients. Being a lead for on-boarding new clients in a technical manner- Hands on incident response for customers- Analyse, triage and respond to security events, alarms and escalations as required. Recommend changes to enhance systems security and prevent unauthorized access to IT Lab and Client systems- Conduct project activities including planning and execution of changes, documentation, training, skills, knowledge transfer to the team and clients. I have also lead and delivered multiple projects that have developed and shaped the SOC and other team members. All of which were from my own ideas as opposed to being assigned- Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities - including ones that may impact clients- Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to increase MTTD whilst reducing false positives and negatives- Participate in vulnerability assessment scanning and then produce frequent reports and deliver the assessment findings to clients via presentation- Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents, and maintain case data in the incident response management platform- Training and mentoring of new joiners and upskilling and assisting with familiarisation of processes and toolsets, including providing technical knowledge and trainingCertifications obtained and studying:- CompTIA CySA+ ( Passed August 2019)- Microsoft 365 Certified: Security Administrator Associate (Sitting February 2020)- SANS GCIH (Q1 2020)

- Proactively preventing, detecting and responding to cyber security incidents to reduce risk to national infrastructure and business.- Adapting ways to protect and support our people, customers & communities.- Respond to immediate security threats on BT and commercial networks across the globe. - Responsible for working in a 24x7 Security Operation Centre (SOC) environment.- Detect, analyse, and respond to cybersecurity incidents using a combination of cutting edge technology and a strong set of processes. - Work with incident response teams to ensure security issues are addressed quickly upon discovery. - Monitor, analyse and defend against malicious or unusual activity that could be indicative of a security incident or compromise. - Manage apprentice's and provide relevant training.Certifications:- IBM QRadar SIEM Foundation (Pass) - March 2019

Working for a new formed SOC including:- Security Incident Management (Triage throughout, use of ticketing systems and multiple tools to perform an investigation). - Security Incident Response (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) - Security Monitoring (NIDS, SIEM, Honeypots, Red Cloak, TrapX, AlienVault, Varonis, OSINT & Digital Footprint reports and more).- Provide Threat Intelligence Service and write a cyber threat assessment each week for the estate.- Use SIEM/log analysis toolsets (AlientVault, Splunk) - I hold the Splunk certified power user qualification. - Vulnerability Scanning, documentation and recommendations (Nessus and AlienVault). I currently administer a BBC bureau where I use AlienVault for management and vulnerability scanning. - Regularly write SOC runbooks for other SOC analysts and specialists to follow. - Created multiple dashboards in Splunk for monitoring threats, speeding up investigations, and also displaying current threats to assets based around BitCoin/Cryptocurrency Miners. I then created an alert for this to notify me when the event triggers. - I hold a strong interest in trying to utilise the Dark Web for threat intelligence and proactive monitoring and this is progressing each day by implementing new thoughts and processes. - Effective time management and prioritisation for projects and day to day tasks. Projects include Cryptominers, Dark Web monitoring, utilising Intel sources to full potential, documenting the whole BBC Proxy Architecture, Incident Response processes and more. Certifications:- Splunk Certified User 6.X (87%) - October 2017- CompTIA Security+ SY0-501 - June 2018- Splunk Power User (87%) - June 2018Training:- AWS Intro - Completed 01/06/2018- Unconscious Bias - Completed 04/06/2018

March 2015 - July 2015. August 2016 - April 2017.At Sports Direct I am part of a team that provides support for Shirebrook head office which includes its warehouse and 500 head office users. I also provide end user support for all supported stores (500+). I have a wide range of responsibilities from troubleshooting hardware/software to users or stores, to resolving issues on a ticket system which are filtered on topic. This could include networking, promotions (SQL), hardware checks etc. At Sports Direct I have been able to expand my knowledge and experience in different software’s, applications and hardware. March 2014 - March 2015Basic hardware repairs - Dell/HP/Lenovo PC's and tablets. Other POS hardware such as chip and pins, monitors, till scanners etc.Software/Configuration - Imaging computers to suit different roles. Installing and troubleshooting software to end users and new computers. Citrix, Web servers etc. Networking - Hands on experience with Cisco equipment, regular use of DNS and Active Directory, Telnet and PuTTy. Troubleshooting - In house softwares and also hardware. Doing this has expanded my knowledge on computers and what errors and signs to look out for. Quality - Ensuring that all hardware and other equipment is kept to a safe and professional standard whether it be in the warehouse, head office or workshop.

At Allerton High School, I was the first point of contact in the IT department for all queries. The IT department uses a ticketing system - this is monitored frequently and issues are prioritised and resolved. This system is useful for monitoring what has been done, who by, and any methods used to fix the issue thus aids development of staff knowledge. I had regular use of Active Directory and Data/Profile servers in management of student/staff accounts ensuring group policies are enforced and security/permissions are in place. In addition to group policies, students and staff both have limitations on Internet usage and access permissions which are enforced through network monitoring services. I was heavily involved with a printer project whereby the school upgraded all printers to Konica - these range from desktop printers to industrial printers. I was given the task to set up the server and liaise with clients to make this project successful. From this, I regularly sought feedback from end users. I created numerous work instructions on use of the printers for students/staff reference.I was exposed to new softwares such as SIMS and Impero and I expanded my knowledge in networking. Being introduced to these areas in particular are ones I feel are useful as they cover MIS systems, remote services and also maintaining a healthy network. As a very hands on person, I was able to use my previous knowledge and experience when troubleshooting and repairing hardware/software. I was responsible for the imaging of laptops that are for teachers and students – I also created the images based on requirements. Each laptop is from a different manufacturer; however, mainly specialising in Lenovo, Dell, Samsung, and RM. This has been a good experience as I have gained first hand experience with big named companies – this includes liaising with contractors with repairs and further troubleshooting.