In charge of all preventative aspects of security across the Constellation Automotive group, with 11 members of staff split between engineering (Devs, DevOps and Architects) and Security Assurance (Ensuring Security by design, project and product reviews, evidencing maintenance of controls)Owner and designer of the CAG Target Security Architecture, a programme to ensure the correct technology, services and processes are deployed. With savings of £2.2 million and increased coverage of tooling by 350% and 6xs the amount of group companies reporting into and using the internally designed and build SOC.

Joined Cinch while still a Greenfield and the brand had just launched. The initial role was to build an Information Security Team that could support cinch and be scaled to cover other Constellation Group functions such as BCA and WeBuyAnyCar. Focused on Growing the team from 1 to 16 staff members, embedding a DevSecOps culture, building a GRC, Operations and Engineering functions under Security that would allow a rapidly scaling agile organisation not to be limited or bottlenecked by Security. Focusing on visibility, empowering developers and risk owners to understand their decisions and guide them to minimise the impact to both the business from a cost and technology choice perspective. Acting as Primary Security Enterprise architect for the Constellation group within an internal redesign structure and redundancy/continuation point of contact for handover for various CISO role position changes. Current Technology SME for all Security technology within the Constellation Group helping design and build the next 3 years technology and departmental transformation strategy

Working with the Technology team to build and launch Oxbury Bank. While there helped ensure Oxbury went through the validation and granting of its banking license. Oxbury is the UK's specialist agricultural bank. The primary focus is measurable and integrated security. Risk-focused without losing technical knowledge. My job is to make places of work secure so all members can do their jobs with minimal friction.

Brought into SportPesa to embed, grow and secure there move into the EEA markets.This includes overseeing heavy investment within the Information Security department and the integration of best practice learnt from the intelligence and banking industries with innovative technology. Aligned with creation of the strategy for robust compliance and governance. Coupled with creating and embedding the culture, processes and technological control to ensure swift ISO 27001 accreditation. Minimising risk while ensuring sensible measurable investment.

• In charge of Threat Intelligence and aligning Information Security risk to the FAIR methodology o Developed mechanisms to track and contextualise internal and external intelligence feeds. Creating the framework to track both the frequency, capability and influencers of the threat actors within the general/specific landscape affecting the Bank.o Created the methodology used within Threat intelligence to ensure its alignment with FAIR risk methodology, ISO 27005 and the business needs. Onboarding intelligence feeds from various areas of the business including fraud and customer to enrich the data, which in turn provided lower scale of impact.o Ensured that the output aligned to the Strategic needs of the bank and its overall approach to risk.o Created Threat Intelligence channels with other banks in the Edinburgh area to share information and engaged suppliers to ensure processes for escalation and enrichment were present.o Engaged 3rd parties to undertake deep web intelligence gathering exercises and scope/run incident test scenarios.o Tested and onboarded 3rd party tools when found to be value add, created tools specific to the needs of the bank.o Mapped and cost the data assets of the bank in terms of financial value in the case of breach.o Created weekly reports to stakeholders directly impacts (fraud, customer, IT, suppliers) as well as supplying specific risk reports to business areas.o Creating live dashboards showing the status of the services in terms of risk from threats against risk appetite. Giving insight into if the external or internal environment was out of appetite to allow the SOC to explore why.o Business relationship manager in Information Security for Finance and Risk.• Ensuring development of application and services comply with PCI-DSS• Reporting to the Board upon the Risk posture of the bank to current Risk environment

• Undertaking policy and contractual compliance reviews/development - Standards including ISO 27001/2• Information Security Subject Matter Expert to project and application development• Assurance on Third party design• Vulnerability and test management process development • Business impact assessment development and process creation

Working as part of a team to support the delivery of the Information Security Framework across Life & Pensions business units and to external clients (11,000 staff covered). Working with local Information Security Managers to support a robust program of security assurance activity and ensuring that issues are identified, reported, addressed/escalated or accepted as appropriate.General Activities• Undertaking policy and contractual compliance reviews – To set standards including ISO 27001/2• Undertaking 3rd Party Security Due Diligence Assessments • Management of ongoing Application Security Assessment programme • Development of training exercises and materials • Supporting Information Security Managers and key stakeholders across L&P • Undertaking Assurance Activities in line with of a rolling plan for completion• Ongoing development and production of Information Security Dashboard for L&P Division and business units• Management and coordination of Pen-testing, including undertaking• Undertaking of Physical and Logical reviews across internal external sites• Development of Contracts between 3rd parties and Client to ensure compliance with all measured standards. • Coordination of Information Security Related Audit action

Invented and developed a new microcomputer and currently registering 5 patents in the fields of Information security, electronic design and product design. Device created alongside controller mobile application, built on Android and Apple platforms. All U.I, functionality and testing done within this role. In charge of all business strategy and security.General Activities:• Getting business ready for initial investment. £30,000 investment secured in first round investment..• Securing partnership links and networking. Currently, 7 partnerships spanning 3 continents.• Making sure the design of the product was ISO27000 compliant, ensuring that the software used would fulfil and pass any information security audit, including being used as a secure EPOS system. • Facilitate market research and identify best route to market including managing different strategies dependant on market and geographical area. • Development of all custom built software for device, from initial idea, development and testing.• Creation, development and delivery of all IT infrastructure (LINUX and Windows based). • Creating job specifications and finding the right personal for the team to bring device to market.• Maintaining relationships with both Public and Private sector ensuring all development stays within the EU directives for E-Waste, Data Security and Safety.• Applying for legal protection on sensitive Intellectual Property. Done through Patents, Copy-rights and licensing agreements. Experience in this field within Europe, US and Asia.• Forecasting project over a 5 year cycle, taking into account unknown risks and assumptions. Updated regularly. Including, finance, operations, HR and Risk.• Creating all documentation on the following points.Additional Skills:Java, XML, Android development, Testing SDK packages, FPGA (novice), Writing press conferences, Film directing and acting. ITIL Foundation.

Job Role was project leader in Glasgow (head office) and assistant to external information security Consultant. Secured ISO27001 information security standard for the company in first asking. Company worked with the banking and debt collection sector and had to comply with the UK Banking information security standards within a year of employment.General Activites• Internal Audit of company IT and preparing internal ICT documentation to ISO 27001/2• Redesigning for hardening the IS system, designing from external input of data to storage, both in-house and external data storage. • Testing and auditing the physical security of the company creating new road maps of physical security overhaul to be undertaken within a year. Including implementing new hardware and ensuring the upkeep of the current system health. • Changing companies policy from a reactive to a proactive security policy complaint to all EU Data Protection• Overhauling company’s overseas collection policy to ensure compliance with all EU directives and UK banking directives. • Represent ICT as a point of contract for all IT and IS security measures.• Penetration testing and analysis of the current IS capabilities and logging, dealing with and signing off on any incidences that occurred. • Create new security policies in line with changing technology in the fields of mobile communication and cloud based data/infrastructure.• No new security issues were reported from audits after new policies were implemented. Project overran by 2 months based on changing policies from external customers. - Left Position to create start-up leaving company with ISO 27001 accreditation compared to no formal Information Security department upon arrival.

Research project was in the “The perceived risk vs reliability issues of Cloud computing in the finance sector of the UK” it was predominately focused on Information Security. Focus on preventative methods and accurate reporting.General Activities• Researching and presenting within the field, representing Strathclyde at Global conferences.• Teaching and Marking within Business Technology, Computer Science, Management Development and Project Management.• Risk mapping Cloud computing risk, network and physical level.• Researching new standards of IT security and auditing current standards.• Testing Cloud models and building systems/networks. • Risk consultancy external for Strathclyde; NATO, RBS, The Lewis group. • Working towards CISSP certification. 2 out of 4 years CISSP CBK. • Started studying for CEH certification. • High understanding of PCI-DSS.• IP creation and analysis.• Writing teaching projects and tutorials as well as instruction documentsWinning awards for best tutor in terms of highest attendance and highest marks.

Tester Internship – Bloxx Ltd (May 2011 – September 2011)Internship in the testing department of Bloxx Ltd, a web filtering company. • Creating and writing of testing scripts both manual and automated. • Reporting on results, debugging and completing bug reports to correct level of issue.• Testing customers system remotely to ensure policies sold were correct.• Working with tech support to ensure customers systems were working and any issues brought up were correctly identified and catalogued.• Redesigning the user interface to ensure new version was more customer centric.• Building the user interface with C# and Silverlight inside a Visual Studio 2010 environment.• Re translating from English to French and ensuring all text correctly translated when language was selected.

Individual consultant brought in to recommend changes to the system used, mainly reporting, used within the Premier foods head office.Changes included a new system to accurately work out forecast accuracy. Using Excel as the script base and linked into a Cognos datafield