After spending the first decade of my working life “in the print” as both a production manager and camera/scanner operator I became one of the many “refugees” at the turn of the millennium who transferred their skills over to and retrained in the new emerging technologies. Mostly working as a Business Analyst and PM developing interactions with Microsoft Exchange Server.

Since February 2014 I have worked for Sucuri, currently as lead of the Enterprise Firewall support team having worked with their security products a couple of years before that, having been friend and collaborator with the co founder.

For the first 18 months while the Web Application Firewall product was still fairly immature, I worked primarily as a security analyst in a team of 3, troubleshooting issues that tend to emerge when a new firewall in enabled on a web application. Testing secured sites for bypass and exposure. Tools used were mostly bash scripts, accessing logs from firewall servers etc.

Then for the next 2 years I was promoted to lead the team of support analyst which had grown to 10+, reporting to upper management using defined PKIs, interviewing new candidates and preparing training material now on Confluence, conducting regular 1on1s and hosting weekly meetings. Contributed to the “Jira” requirements that built both an AI bot that auto answers 30% of raised client issues, resolving most without clients ever noticing it was a bot, and a simpler log viewing and filtering system that simplified the resolving of issues for newer less experienced analysts.

Shortly before Sucuri was purchased by GoDaddy I was promoted to lead the the Enterprise on-boarding and support team, a new initiative, with some clients spending multi-millions. This involves detailed understanding of the web applications, often setting up staging environments, assisting in setting up SSO (Ping & Okta) to their firewall control panels, and integrating our logs with their SIEM (Splunk). I feed the current backlog with Jira’s for new features requested by Enterprise clients, which occasionally are adopted for all.

Currently I would be considered a Subject Matter Expert within the organisation regarding all things security related to our products, questions asked would be similar to:

Is this PCI/NIST/HIPPA compliant?
Is it safe to pass this as a GET request?
Are we exposed to xyx? prove we are not.
Why HSTS, and how do we set it up.
Following infection why am I seeing Google “attack” me?
How do I setup this alert? And why do you say that would not be a good metric?

Highlights

• Over 20 years’ experience in the field of IT management and security
• Proficient with a wide range of desktop and server architecture with an extensive combination of software programs and applications
• Completed several high standing computer certification programs
• Confident and adept in working with a diverse range of people and authorities
• Worked on and supervised many high profile security cases

Subscriptions & Membership

ISACA Director at Large
PMI Associate member
Scrum Alliance member
Internet Society Global member

Education and Training

London South Bank University • April 1999
City & Guilds: Software Creation Level 2
City & Guilds: Information Systems Design & Programming Level 3
PMI NB: PMP/CAPM • Dec 2013

PMI • PMP (Project Management Professional) • July 2014
ISC2 • CISSP (Certified Information Systems Security Professional) • May 2014
Scrum Alliance • CSPO (Certified Scrum Product Owner) •  November 2014
ISC2 • SSCP (System Security Certified Practitioner) • March 2013
HP • ASE (now ExpertOne) – Prolient ML/DL Servers • April 2004 (lapsed)
Cisco • Cisco Certified Network Associate • June 2000 (lapsed)
Microsoft • Microsoft Certified System Engineer • May 1999 (lapsed)

Skill and Application Summary

Management

Confluence / Jira
Agile (as Product Owner)
Microsoft Sharepoint
Microsoft Project
Microsoft Powerpoint
Gliffy & Creately Flow Charts
TeamWork Project Manager
Subversion Version Control
Microsoft Visual SourceSafe
IceScrum & Ontime Scrum
Axure Rapid Prototyping

Infrastructure and Connectivity

Microsoft Exchange Server Installation, Upgrade and Management
Microsoft Server Access Control Management (AD)
Microsoft Server Installations and Upgrades
Microsoft IIS & SQL Installation and Management
Amazon, Google and HP Cloud Services
Symantec Enterprise Solutions
Virtualization – VMware Server/ESX and MS Hyper-V
Access Control Lists on Firewalls and Routers
VPN Point-to-Point, Terminal Services

Security

Business Risk and Continuity Planning
Backup and Redundancy Technologies
Vulnerability Assessment – NMap, Walkthroughs
Penetration Testing – Metasploit, WPScan
Firewalls – ModSecurity (WAF), Barracuda (Internal)
Microsoft Certificate Services (PKI) and PGP
Prepare Paperwork for Court Orders, DMCA notices and ICANN Dispute Resolution
Auditing – Event Viewer via WinRM, GFI Events Manager, Snare and Logzilla (syslog-ng), ModSec.
Privacy – DPA(UK), PIPEDA (CA), HIPAA

I am a vocal advocate for consumer privacy and security online with an emphasis on Social Networks. I have been active in a number of forums combatting hate speech and manipulation by state actors causing division in Western societies.

Beyond my posts here, Sucuri have a list of my articles here.