As a Director at EY I'm am focused on helping private and public sector clients to uplift their Cyber capabilities and guide clients on balancing Cyber risks with the benefits of an accelerated adoption of Digital capabilities. I help clients with:> Developing and executing Cyber strategies and transformation programs.> Developing overarching Cyber Security architectures and designs.> Implementing new Cyber capabilities and services.> Designing, building and executing Identity and Access Management roadmaps, programs and capabilities> Executing Governance, Risk, Compliance and Certification programs.> Next Generation Security Operations, Threat Detection and Response.

At CK Hutchison I led the development of a Group cyber security function when a need was identified to consolidate, rationalise and uplift cyber security capabilities across the Group.Responsibilities:> Development and execution of the Group Cyber Security Strategy> Development and maintenance of Group cyber security policies and assessment of BU compliance> Co-authored the Group 3 Year ICT Strategy> End-to-end management of cyber security capabilities delivered to head office> Provide guidance and input into the strategic plans and roadmaps of the business units and ensure strategic alignment across the GroupKey Achievements:> Established the Cyber Security Working Group> Developed and implemented Group cyber security policies and implemented a Governance, Risk and Compliance (GRC) platform to automate and workflow compliance assessments> Provided cyber security advice, support and resources to over 20 major BUs> Identified key strategic vendors and negotiated enterprise agreements with support from internal procurement teams> Established Global Cyber Security Collaboration Portal where cyber security practitioners from across the Group can connect and collaborate on topics of common interest> Established and led a working group to define, build and implement a Group shared Security Operations Centre> Led projects to replace or implement new cyber security tools and capabilities for head office

Cathay Pacific had embarked on a large-scale US$200M program to replace and modernise its IT infrastructure and application stack after a series of weaknesses were identified and to address previous IT failures/outages. I was the lead security architect on this transformation and provided support to other program such as the Airbus A350 commissioning into service.Responsibilities:> Developing technical solution and security architectures, and high level and detailed designs for projects> Solutions and product selection> Completing proof of concept exercises> Provide advice and support to engineers and vendors during project deploymentKey Achievements:> Completed all cyber security deliverables and worked closely with other architects to design, build and implement a new pair of active-active Data Centres and successfully cutover core infrastructure services. The new data centre facilities included a new private cloud, Software Defined Network (SDN) and storage platforms> Provided security architecture and design advice and support to application owners and architects responsible for migrating applications to the new data centre> Completed analysis and reviews of a proposed website robot management solution and provided recommendations to reduce the commercial impacts of website crawlers, scrapers and robots> Developed the architectures and designs for new SIEM and DLP capabilities> Collaborated with other security architects to develop future project roadmaps, the overall domain enterprise architectures, and the enterprise security architecture and strategy> Completed security reviews and testing of solutions deployed to eEnabled aircraft and the new A350 aircraft, including cockpit, crew and passenger facing systems

I was seconded to the Jakarta office to develop, build and lead a Cyber Security and Forensic Technology consulting practice for Indonesia in September 2014. I was heavily involved in building and aligning these capabilities across South East Asia Consulting.Responsibilities:> Developing sales pipelines and building PwC’s cyber security market profile through building client relationships, internal referrals, and organising, presenting at or attending market events> Building a team of cyber security and forensic technology practitioners and managing delivery projects for clients within agreed budgets and timelines> Developing proposals and client pitches> Building learning and development programs for the team> Developing and managing the forensic technology and cyber security budgetsKey Achievements:> Built a new cyber security and forensic technology lab> Led the collection and analysis of electronic evidence for an investigation into share trading losses for a major bank > Led an investigation into regulatory compliance reporting issues for a bank> Led an incident response and containment engagement related to cyber-attacks targeting the revenue and charging systems for a client

I was promoted to Manager in July 2012 where I became responsible for delivering a wide range of services to clients including:> Leading the IT Security Architecture and Design work on numerous projects for a global organisation. These projects included: - The integration of an acquired business with their enterprise IT services - The disengagement of a divested business unit from their IT environment without disrupting the business - A Bring Your Own Device (BYOD) mobility solution to replace their existing Blackberry Enterprise Services solution - The deployment of an Integrated Document Management solution based on Sharepoint - The development of a security hardened SOE, encrypted messaging and collaboration platforms for the Mergers and Acquisitions group> Technical lead on a project to develop a data loss prevention strategy for a federal government department, including identifying, scoring, ranking, and prioritising their most sensitive systems and data sets> Leading the outsourced Ethical Hacking and IT Risk Management functions for a global organisation and Internal Audit Ethical Hacking engagements for a state government agency.> Leading the Cyber Enablement Programme, an internal programme that was established to support rapid growth of Cyber services delivered to clients in Australia.> Secondment as the lead investigator to the CERT team of a major bank> Leading an eDiscovery for a global organisation that had been running for over 2 years> Leading the investigation into alleged attacks on a clients systems by a competitor and former business partner

As a Senior Consultant I delivered a wide range of services to clients including:> Completed information risk management activities on a $60 million information system deployment at a major bank> Operations Manager for the outsourced investigations function provided to a global client> Technical lead on an incident response engagement for a client affecting 40 systems in 8 different locations globally> Secondment to a global organisation to complete firewall design, management and remediation activities, a PGP encryption deployment, Bluecoat proxy tuning and ad hoc operational tasks> Forensic Technology lead on numerous fraud and human resources investigations> Technical lead on a multi year eDiscovery with a major bank> Designed and managed solutions to upgrade and optimise current systems and tools used by the Forensic Technology practice, including upgrades to firewalls and Internet links, networks, and forensic systems and workstations> Developed our initial live memory forensic analysis capability in Australia

At CSC I was responsible for delivery of operational and project-based security services to clients. I completed secondments to the Department of Immigration and Multicultural Affairs and BHP Billiton during my time at CSC.Responsibilities:> Conduct vulnerability assessments, security risk assessments and system security plans for federal government, financial services, mining and manufacturing clients> Deliver endpoint protection services to clients within agreed SLAs and KPIs> Provide security operations services and engineering services to client projects and initiativesKey Achievements:> Seconded to the eBusiness Systems group of a federal government department to provide security advice, security documentation and manage security audits of their eBusiness infrastructure and applications. Turned around the relationship with the client after numerous prior delivery failures> Completed numerous security risk assessments, system security plans and security risk management plans for a federal government department> Conducted common criteria assessments of software and hardware to certify software and hardware to specific common criteria levels for use in government deployments> Managed and deployed endpoint protection services for multiple clients globally using the McAfee, Symantec and Trend Micro suite of products> Designed and deployed a global intrusion detection solution for a global natural resource’s organisation> Seconded to the Security Operations Centre of a global natural resource’s organisation to provide intrusion detection (IDS) monitoring services, investigation support services, and architecture reviews of all changes for threats and risks prior to implementation into the enterprise environment