Helping Glilot capital make the right investments in cyber startups.

Responsible for global security at dunnhumby.

Responsible for global information security across the organisation (over 80 disparate businesses). Significant budget responsibility. Member of the senior management team. Responsible for technical operations, strategy, governance and assurance.• He works closely with the board• He implemented the privacy programme to meet the requirements of the General Data Protection Regulations (GDPR).• Created two information security strategies and achieved board buy-in for them both. Delivered those strategies to the agreed budgets.• Created a matrix-reporting model (full time and part-time volunteer, security resources) where security leads were embedded into business divisions. The model was so successful, it was later adopted by privacy, legal and risk. This included the BISO programme, where volunteers would give a day-a-week of their time to security.• Built a security programme based on risk and detailed threat analysis which was then periodically benchmarked against peers.• Built the M&A due diligence process to assess Euromoney's acquisitions for security risks and worked with the integration team to manage proactively.• Credited (by the executive board and management board) with enacting real cultural change in an organisation that was previously resistant to good security practice.• Commanded a significant budget but continued to derive value-for-money wherever possible.• Created information security dashboard based on 1.5 million records from 50 sources of security information. The group management board now rely on these to manage everything from vulnerabilities and training completion to risks and their supply chains. It represents the embodiment of a single-pane-of-glass view of security concerns and has been presented to industry peers at senior events.• Created and chairs the Information Security Steering group (ISSG). A cross-divisional decision-making body made up of members of the management board and their direct reports.

Information security leader at Utility Warehouse.

Responsible for information security risk for all businesses owned by the Euromoney group with global accountability in New York, London, Hong Kong and Montreal principle offices.

Responsible for the overall information security and risk for Equifax UK and Ireland.

Information assurance, risk management and security architecture at the PA Consulting Group.

Responsible for managing complex information security engagements with large organisations.

Senior Associate

Consultant Analyst

July 2005 ­ September 2006· Responsible for design of two enterprise-wide security controls intended for deployment into two new data centres; o Centrally controlled anti-virus management and reporting service, ePolicy Orchestrator. This service is difficult to deploy into networks with complex Active Directories. It involved extensive design and testing in virtual environments in order to finalise the solution. o File transfer audit solution; The Region Gateway, as it became known, was a bespoke file transfer solution designed to track all files being transferred in and out of the production environments and examine each file for signs of viruses. This solution took several months to design and test in our virtual environments.· Responsible for security initiatives as part of the Security Architecture team, it was my responsibility to initiate protocols that would better secure the, then, current network infrastructure; o I initiated and designed a process that improved the security of the PKI process. This included minimising the number of places the private key was held, securing the storage of the private key and securing the transmission of the certificate and the request of the certificate. o I spearheaded a process that culminated in the deployment of a Certificate Revocation List (designed by me, implemented, according to my instruction, by Operations) which would greatly increase the network's resilience against spoofed architecture. internal processes of their respective teams at my suggestion. These included; o A problem resolution system with 200+ users to resolve issues with servers o A work request system with an SQL Reporting package attached.