I hold an important senior role as part of the Protect BT Group function within BT Networks having moved across from BT Global. This shift put us closer to the heart of several transformation activities and able to provide more tightly integrated advisory and consultancy services.My role is about leading on non-Commercial engagement with the National Cyber Security Centre, primarily on activities under the NCSC Active Cyber Defence programme, and then working across BT and wider Industry to embed and promote adoption. In effect, I’m a security business partner across BT and NCSC.I'm actively and heavily involved in everything BT is doing on the Telecommunications (Security) Act 2021 as lead evangelist, torch bearer and drum banger as well as being technically engaged on scope definition, dialogue and consultation with DCMS, Ofcom and NCSC, and consulting and guiding the rest of the business on the path to compliance.I represent BT on the NICC Security Task Group, currently working on a number of standards and documents.I also continue to lead on adoption of the NCSC-funded BT-developed "BGP Spotlight" BGP hijack monitoring tool. If you have an ASN and you want to keep good eyes on it, message me and we can set you up.I work with our Consumer CISO, NCSC, Industry and StopScams UK on the broad topic of trying to protect consumers from scams and harm.I own the Security Standards Roadmap on behalf of the Chief Security Advisor, guiding how members of the Security teams within BT engage with wider external standards activity across bodies such as ETSI 3GPP, ITU, NICC, GSMA and more.

As part of the new BT "Tech Fellowship" reward and recognition programme, and in parallel with my day job, I hold the role of "Distinguished Engineer", recognised for my contribution to not just BT but the wider telecommunications industry. As we grow the Tech Fellowship, I'll also be acting to develop the community as we identify our Accomplished Engineers and our Fellows.There were over 120 applications to Distinguished Engineer in the first cohort and just 30 selected as having made the grade.

Part of 'Protect BT' within BT Security, I provided BT Group-wide leadership of global cyber asset discovery, advanced threat research and our advanced cyber analytics toolset. My function was a second line of defence function. I took care of a team of around 20 people dispersed across the UK and reported into the Chief Security Advisor.Some key highlights:* 'White Team' member for BT TBEST activity* Purple team member, taking learnings from red and shifting them into either process or control on the blue side* Onboarding of multiple UK telco organisations onto the NCSC funded, BT developed 'BGP Spotlight' tool - part of NCSC Active Cyber Defence* Early stage impact assessment of the NCSC Telecoms Security Requirements (TSRs)I remained heavily engaged with both industry and Government (primarily through NCSC) to share knowledge, reduce threat, increase collaboration and protect 'UK plc'.

My role as a Trustee is contributing to making sure that the Foundation is run and maintained in an appropriate manner by the staff of the Foundation. Myself, and the other Trustees, are effectively the Board of Directors, making sure that the Foundation remains aligned to its objectives and financially viable.Since Dec 2024, I have formally been the Secretary to the Board.Breck Foundation was founded in 2014 in response to the tragic loss of Breck Bednar, a 14-year-old boy who was groomed and murdered by someone he met online. Breck Foundation aims to prevent this from ever happening again. The work of the Foundation saves lives. Breck Foundation is a Southeast England based charity, with national relevance and impact. We reach thousands of children and young people in schools and other community settings every year with Breck's story. Our talks and educational materials fill a gap in the current UK curriculum that otherwise leaves children vulnerable to online grooming and exploitation. With 98% of young people now active internet users, current and future generations grow up having to navigate new and evolving digital dangers. Our priority is to help them develop the resilience and skills they need to live, play and thrive online in safety.

I am the Chair of the GSMA Industry Specifications Issuing Group for the GSMA Security Assurance Scheme. The GSMA’s Security Accreditation Scheme (SAS) enables mobile operators, regardless of their resources or experience, to assess the security of their UICC and eUICC suppliers, and of their eUICC subscription management service providers. Two schemes operate under SAS:SAS for UICC Production (SAS-UP): This is a well-established scheme through which UICC and eUICC manufacturers subject their production sites and processes to a comprehensive security audit. Successful sites are awarded security accreditation for a period of one year, extending to two further years upon each successful renewal. This scheme has accredited some of the industry’s largest suppliers. GSMA also provides advice to its members on how to benefit from SAS-UP.SAS for Subscription Management (SAS-SM): To ensure industry confidence in the security of remote provisioning for eUICCs, a related security auditing and accreditation scheme exists for the providers of eUICC subscription management services.Much more information here - https://www.gsma.com/security/security-accreditation-scheme/

I sat on the techUK National Security Committee for around 12 months. The Committee comprises 20 techUK members, including 6 SME representatives and 14 larger organisations. The Committee brings together a broad group of industry leaders from across the National Security sector, who will champion the industry's interests and drive an ambitious programme of activity between techUK and its stakeholders across the National Security community. The Committee acts as the voice of the wider techUK National Security membership, and its primary focus is to address strategic concerns that impact the National Security technology sectors.

I led and looked after a diverse and brilliant team of 14 which focused on Security Governance, Security Risk Management, Supplier Risk, Vulnerability and Threat Management, Security Awareness, Physical Security and Security Liaison (Disclosures). My team were located across our offices in West London and Salford Quays, Manchester. I worked out of West London. I reported into the Chief Security Officer.During my time with the organisation, TalkTalk was building and maturing security capability against the NIST Cyber Security Framework where my team delivered mainly against the 'Identify' and 'Protect' domains. Some key highlights of my time at TalkTalk include:* Delivered independently verified and demonstrable maturity improvements in NIST controls under my stewardship consistently, year on year* Re-certified to ISO27001:2013 and CAS(T) twice during my tenure* Supervised the delivery of a multi-channel, multi-media security awareness campaign, recognised as the ‘Cyber Awareness Plan of the Year’ by the Cyber Security Awards 2018* Embedded a cultural shift from 'get well' to 'stay well' thinkingPart of my remit also included liaison and influence at a number of external forums, standards bodies, cross-sector working groups and Government departments and agencies, including continuing to work on matters relating to risk mitigation with respect to Huawei.

The UK Smart Metering project is one of the largest smart metering projects in the world, with the aim of installing over 53 million smart meters across the UK by 2020. Telefonica UK (O2) is the largest Communication Service Provider (CSP), responsible for the South and Central UK, and delivers the connectivity between the meters in peoples’ homes and the centralised data processing centre.I'm hugely proud of the part I played in getting the service to live status - a great achievement by a huge team within O2.My role was to deliver technical and management information assurance, governance and cyber security consultancy to support the Telefonica UK Smart Metering secured delivery and ongoing secure operation.I helped to shape the overall Smart Metering security strategy; providing clear and straightforward guidance on potential risks to the service and ensuring that the level of information security controls and related processes were commensurate with the projects contractual obligations, data protection requirements, corporate responsibilities and technology aspirations. The Smart Metering programme was successfully re-certified to ISO27001:2013 during my tenure.I was also the internal Policy Authority for the Telefonica UK PKI schemes supporting Smart Metering and both a Senior Responsible Officer and Associate Responsible Officer within Telefonica for the wider Smart Metering and DCC PKI ecosystems (“SMKI, DCCKI and IKI”).

Part of the Technology Security team, my accountabilities covered security away from the more traditional IT networks and focused on mobile networks (2G, 3G, 4G) and on mobile equipment (SIMs and devices).Some of my highlights at O2 include:Developed, communicated and managed a clear view of the risk landscape presented to O2 by certain suppliers (notably Huawei), working cross-functionally and cross-organisationally to reduce risk across infrastructure and managed services. Developed and maintained strong, deep, trusted and effective relationships with key stakeholders, acting as a focal point between O2, Huawei, wider industry and parts of UK Government.Half of the internal security team which worked on the O2 Emergency Services Network bid, ranking first for quality of security response at the ITT phase. Internal security consultant to the wider bid team across the bid process.Represented O2 at Industry level at forums such as CPNI NSIE, NICC Technical Security Group and the GSMA Fraud & Security Group (and sub-groups). Significant contributor to NICC ND1643 (v4.1.1), defining standards for Interconnect Security. Cryptographic key management and guardianship across the O2 mobile network and the (segregated) Smart Metering network. Senior Responsible Officer (SRO) for the Smart Metering PKI infrastructure within O2.Delivered 6-figure annualised cost reduction in the cost of 999 calls to O2 through rapid reactive management of high-volume nuisance callers.Internal fraud and security consultant and liaison point to high-profile digital product lines within the business including TuGo, JustCallMe and Mobile Voice Recording.

I led the Security & Risk function (ten FTE) within Three UK covering all aspects of our holistic approach to security. I provided leadership, direction and strategy for the team as they transformed, building a strong capability to protect the business. My passion throughout my time in the role was to align the security vision to Three's brand values of simplicity, quality and discovery.I was the overall accountable for Business Continuity and Risk Management, Physical Security and all aspects of Logical and Information Security.

As part of a wider Security Team, I led the Security Risk function with four direct reports. I was broadly responsible for security policy and procedures, management and reporting of security KPIs, issue management and resolution, security risk management and broad provision of security expertise to the business.Highlights of my time within this role include:Leadership and development of the Security Risk team with four direct reports and working to establish that team as a “go to” centre of excellence for security within Three.Leading on the development, communication and promotion of a thorough and comprehensive set of Minimum Control Standards; evolving and distilling the concepts of a policy suite into a single dynamic document for use internally and by strategic partners.Developed a ‘Managed Service’ approach to security, effectively outsourcing the installation, operation and monitoring of security infrastructure and capability as part of a Managed Service Transformation project. Worked extensively on supplier selection processes and appraisal, continuing to work with the chosen supplier on implementation.Until Three recruited a specific Business Continuity Manager in January 2012, I led and managed the business continuity and crisis respose capability within Three UK. During my time in this role, I have led the Olympic Planning programme (particularly important to Three UK given proximity to the Dorney Lake venue) and led on the response to the Riots experienced in the UK in August 2011.

My role covered risk management, security, audit and business continuity. Key highlights of my time in this role include:Initiated and passionately championed the development of a new, pragmatic and holistic Security Strategy for Three UK comprising of the review of existing capability, gap analysis, development of organisation structure proposals and provision of dedicated support to the Head of Fraud & Security Strategy to secure approval. This work led to the creation of a new Security function and clarification of security accountabilities within Three UK.Consistently delivered a bi-annual company-wide risk assessment to Three UK’s parent company (HWL) on time and to high standards over 4 years, obtaining sign-off and approval from the CFO and CEO and taking responsibility to present to the HWL Group CFO.As part of our product appraisal process for fraud risk, I directed a programme of activity within the Fraud Risk team to deliver a comprehensive and wide-ranging 38-point action plan to quantify, outline and minimise the fraud risks associated with the launch of Apple iPhone on Three UK. This ranged from delivery of additional secure caging in the Warehouse to development of new and innovative customer identity verification solutions in Retail.Took ownership of, maintained and directed Three UK’s Business Continuity Programme as a Category 2 responder under the Civil Contingencies Act (2002), taking specific responsibility for controlling and leading the team response to over 10 major incidents.Produced and delivered a number of significant audits including an influential end-to-end technical process review audit of MBNL as a key member of a multi-national, multi-company audit team created by the CTOs of both parent companies, delivering significant process and capability improvement recommendations (which were put in place and yielded significant improvements in performance and delivery).

My broad accountabilities in this role were around the execution of technical and process audits as the sole technical resource within a small internal audit team. My key achievements in this role are as follows:Contributed to the development and execution of the annual Three UK Audit Plan adopting a risk-based approach to planning.Planned, executed, delivered and communicated a broad range of IT audits against that plan to business stakeholders, gaining commitment to deliver against audit recommendations made. Examples of work conducted include a General IT Controls review (focusing on Customer Care, Billing and Acquisition), VIP Account Security, Prototype Handset Security and Customer Authentication.Contributed to regular reporting to the Risk Committee.Developed and implemented an effective team tracker for audit points to aid reporting.

This was a highly varied role as the organisation moved from a pre-launch state into operations and covered products security, handset security, security assessments and Industry liaison. My key achievements over this time were:Completed a wide variety of end-to-end security assessments covering diverse areas such as content publishing, real-time rating, ciphering and key management and took responsibility to cross-functionally drive the implementation of recommendations made.Supported the launch of the Three network live to customers on 03/03/03.Specified and implemented Industry-leading PIN protection product security controls for mature adult entertainment (age-restricted) content streams within a 3G network product offering, supporting the adoption and take-up of video-based content to a niche audience.Adopted an active role as the primary liaison point for all aspects of handset security within Three UK, interfacing to the security team within the 3G Handset Group including the guardianship of key cryptographic information and the progression and evolution of handset network lock security across a number of handset vendors.Represented Three UK on a variety of forums including MICAF, GSMA Security Group and the GSMA Central EIR User Group. Contributed to the design and adoption of the Mobile Phone Industry Crime Charter.

My role over this period covered a broad range of areas with an emphasis on subscriber fraud controls. My key achievements over this period include:Progressed from Graduate Engineer in 1996 to Team Lead role in 2001, taking a subject matter expert role in Fraud Management Systems from 1997, working with the external vendor to adapt the incumbent system from a TACS (analogue) environment into GSM or 2G (digital).Owned a project to deliver an entirely new and novel Fraud Management System for pre-paid customers with specific responsibility for requirements definition, product evaluation, supplier selection, budget approval, deployment, testing and implementation. Worked with the supplier and Vodafone Procurement to broker a global deal.Co-owned and contributed extensively to a project to encrypt Vodafone’s database of prepaid voucher numbers (in excess of £1bn of value) using dedicated encryption hardware.Produced a number of product reviews to support reduction of fraud risk in the product design phase.

I spent a year at the Centre for Human Sciences on an Industrial Placement as part of my degree course. My key achievements were:Contributed to the development of a model of human thermoregulation for use in combat environments using the FORTRAN programming language.Supervised, designed, observed and reported on various experiments to assess suitability of proposed UK Armed Forces equipment from a thermoregulatory perspective using human subjects. Experiments included evaluation of NBC Casualty Bags and Suits, artic underwear and a detailed study supporting an external PhD student researching exposure exhaustion hypothermia.