At Arinco I was a Tech Stream Lead as well as a full-time consultant. Arinco are Microsoft's Australia Partner of the Year for 2024. As a lead, I helped shape our security offerings and how we deliver to our customers, working closely with our security partnership managers in Microsoft, and the Arinco Sales and Marketing teams. My work as a consultant included delivering security engagements covering all of Microsoft’s security products and services across M365 and Azure, including Defender (Defender for Endpoint, Defender for Cloud Apps and Defender for Cloud), Entra ID (Entra ID PIM, Conditional Access, Identity Protection and Governance), Purview, Sentinel, Azure Security and Azure DevOps.Arinco's security services and offerings are organised under a security programme called "Security Done Right". This is a series of security initiatives and accelerators designed to help organisations:• Get the value from the security technology they've already bought• Leverage best practices to get secure• Get the reassurance that security processes are fit for purpose for the cloud• Get the reassurance that controls are being operated properly• Ensure they have a managed risk profile• Ensure they have the capability to detect and respond to incidentsA brief summary of some of my major engagements are included below.• Cloud Security Standards, Guidelines and Security Risk Assessments – Australian Energy Company (Retail)• M365 Security Review & Assessment – Insurance Broker (Start-up)• Security Architecture Framework and Cloud Security Standards – Australian Bank• Azure Security Review & Assessment – Large Australian Petroleum Company• Security Architecture Framework, Cloud Security Standards & ISO Certification – Global Law Firm• Azure Security Review & Application Security Assessment – State Port Authority• Zero Trust Architecture Assessment & Roadmap – Large Australian Retail Conglomerate

Specialist Senior Managers are those who focus on client delivery and eminence in a particular industry, skill or technology. During my time in Deloitte, I was responsible for developing the security architecture proposition within the UK Cyber practice, for building out a network of practitioners across Europe, and for developing key vendor relationships. Notable client engagements are highlighted below.Security Architecture Secondment (Financial Services)• Responsible for cyber security design, threat and risk assessments for a number of new banking products and services hosted in Azure, including:- A new platform to enable crypto currency trading, integrated with Internet banking- A new digital home loan platform- A series of core banking APIs and API gateway for enabling 3rd party consumers to integrate with core banking services• Responsible for developing a zero-trust strategy and capability model to:- Communicate the principles of zero trust- Identify security architecture building blocks and a common taxonomy- Define maturity states across key zero trust capability pillars- Show dependencies and linkages between capabilities- Develop architectural roadmaps based upon analysis of current and target states• Responsible for providing security strategy advice to the organisation's global sites

Enterprise Security Architecture (Financial Services)• Developed the Enterprise security technology blueprint for a new digital bank based in the Kingdom of Saudi Arabia, with particular focus on native Oracle Cloud capabilities.Virtual CISO (Energy, Oil & Gas)• Responsible for providing security strategy, best practice & continual improvement advice to industry leaders and executives as part of retainer-based contracts.• Developed a cyber security KPI and risk reporting framework aligned to CSC Top 20 and ISO 27001.Cyber Incident Response & Enterprise Recovery (Energy, Oil & Gas)• Lead Architect responsible for the end-to-end architecture and design of an Enterprise IT recovery, rebuild and transformation project following a major cyber incident.• Responsible for guiding, challenging and reviewing architecture and design across all programme workstreams including networking, on-prem & cloud infrastructure, identity & access management, core applications, end user compute, O365, security logging & monitoring, OT and Target Operating Model.• Delivered a number of key new technologies and security controls including:- Windows 10 E5, Windows Server 2016 & 2019- Cisco Meraki, Fortinet Fortigate- Azure AD, Conditional Access, CyberArk Cloud (PAM)- O365 E3 & EMS E5- Azure ATP, Office 365 ATP, Windows Defender ATP, Cloud App Security, Azure Security Center- InTune, Azure Update Management, Azure Monitor, Azure Policy- Microsoft Azure Compute, Networking & StorageCyber Technology Consolidation Programme (Telco)• Developed a methodology to prioritise cyber capabilities for centralisation / standardisation as part of a major cyber security transformation programme.• Developed the logical architecture for centralised secure messaging and vulnerability management capabilities.

Security Advisory & Security Standards – Non-Bank Lender

As Infrastructure Manager I was responsible for leading a team of experienced solution architects and consultants, overseeing the design and development of a broad set of technology initiatives for both centralised IT services and individual business unitsAs part of the evolving the security function I built and led team of security engineers, created fit for purpose policies which were ratified by the CSR executive leadership team and worked closely with the group risk & audit committee to ensure alignment with broader enterprise risk frameworksAs a member of the senior leadership team for an ASX listed company, I was involved in a variety of department-wide initiatives which served to demonstrate core service values and maintain the departments position as a highly regarded partner

I led the modernisation of CSR’s security capability shifting security from an infrastructure-based, operationally focused practice to a risk-based, strategic function, aligning with ISO 27001. Key roles and responsibilities included:• Providing high-level designs and reference architectures for security controls and solutions for on-prem, cloud and OT environments• Managing key security vendor relationships• Providing guidance and advice to internal partners, team members, solution architects, and senior leadership teams on various aspects of information security• Conducting risk assessments and maintaining up-to-date knowledge of the cyber security threat landscape• Managing and overseeing security technology evaluations and proof-of-concepts

Secure messaging and infrastructure SME

Deployable LAN SME