Wellington, Wellington, New Zealand
A thought leader with a real passion for improving business outcomes by employing my diverse experience in technology, leadership and sound business acumen. Over 23 years IT experience (~15 in CyberSecurity). Highlights include: • Expert in IT security governance, risk management and compliance, including ISO 27001, NZISM, NIST 800. • Proven track-record of successful leadership, governance, mentoring and coaching. • Skilled in cloud technologies including IaaS, PaaS, SaaS & IaaC in AWS, Azure and GCP. • Expert capabilities and Accredited in Open Source and DevSecOps culture and technologies; Tooling includes Linux / UNIX, Windows Server, Jenkins, Gitlab, Git, Atlassian JIRA, Synk, Ansible, Docker, Kubernetes, Red Hat OpenShift, Seacucumber, SonarQube, ElasticSearch, Kibana, Splunk. • Strong capability in security tooling including: Kali Linux, OWASP Zap, Burpsuite, Metasploit, Wireshark, NMAP, Kismet / aircrack-ng, OpenVAS, ClamAV, Fail2ban, AlienVault, WAZUH, Graylog, Nikto, SQLMap • Budget, Contract, tender and vendor relationship management. • Accredited in ISO 27001, ITIL and working experience in SOC2, Sarbanes-Oxley, Agile / Scrum, Kaizen Methodology, Six-Sigma & ISO 9001. • Working Business development Management (BDM) & Account Management experience. • Development and implementation of change management processes and customised technology. • Product research & evangelisation. • Designing, implementing and maintaining core infrastructure services requirements. • Technical Project management, business case development and responsibility for multi-million dollar projects.
Helping some of NZ's best loved businesses & brands to reduce risk and grow their cybersecurity capabilities. * Management of business operations, sales & partnerships * Cybersecurity Risk and Compliance Advisory Assessments (GRC) based on NIST, NZISM & ISO 27001 * Virtual CISO: Assisting companies with Security Governance and Support * Creation of Intellectual Property for Vulnerability Scanning & reporting software * In-person and online Cybersecurity training * DevSecOps Consulting inc. Cloud, Linux & Windows automation services
I assist the Advantage's clients, serving the in the role of contract Virtual Chief Information Security Officer; providing strategic Governance, Risk, Policy and Compliance advisory services. Advantage serves some of NZ's best loved brands in the financial, digital and infrastructure industries to name but a few. Core duties include: Board level communication to translate security needs to business strategic needs and vice versa. Ensuring compliance with organisational, legal and contractual requirements for protecting information, systems, and privacy. Facilitating Security Risk management processes and maintaining ISO based risk registers. Monitoring & Maintaining compliance with Information Security policies and standards inc ISO 27001, NIST 800-53/CSF, Australian Essential 8 and the NZISM. Creating/Maintaining Cyber Response Plan/Communications Plan. Implementing Information Security metrics and Key Performance Indicators (KPIs). Coordinating information security projects through appropriate Information Security Steering Committees. Ensuring alignment between Information Security requirements and architectural design. Controlling the overall Information Security budget. Staying informed about all Information Security incidents impacting the company. Coordinating the development of disaster recovery policies and standards. Overseeing the development of Information Security awareness and training programs.
Presenter of two regular media shows: 1) Podcast co-host on bi-weekly show "The Technology Whisperers", a show that demystifies the hubris around Technology and tells all about things that commonly affect you and your business. Audience suitable for board level to intermediate roles. 2) YouTube personality on "Al's Geek Lab", a regular YouTube channel with over 10,000 subscribers, topics generally include documentaries covering computing history, repairing and retro computers as well as gadget reviews, tech news and more. 3) Video production for Revolution InfoSec YouTube channel
In my time at Servian Cognizant NZ, I worked with a wonderful host of clients across New Zealand as I built the CyberSecurity offering from the ground up. It was a great privilege to meet clients face to face to understand the realities of doing 'Real Kiwi mahi' and what cyber risks could mean to their business. Together, we built mana that empowered some of our nation's backbone organisations to be stronger in the face of a rapidly growing threat of cyber attacks. Highlights in this role included: * Developing a host of new products and services including a risk-first based assessment service * Leading a team of cybersecurity consultants and engineers * Performing ISO/NIST/NZISM based gap assessments * Reducing risk by ensuring asset based security controls in place at clients * Providing ongoing governance by offering VCISO based services * Performing affordable vulnerability assessments and web, API and network penetration services
During my tenure at Solnet, I became the Chief Information Security Officer, reporting to the CEO and CFO, as well as forming a security steering committee. I personally oversaw both the non-technical and technical governance of the organisation, and assisted with security elements of our clients security governance from time to time. Highlights of this role included: * Implementation of the Security Incident Response Plan adherent to NZISM. * Governance based on NIST, ISO27001 and NZISM frameworks. * Risk based top-down approach to reviewing security controls and assets.
As part of the senior management team, this role is integral to the commercial success of Solnet. Highlights involved: * Coaching, mentoring and providing thought leadership for the Enterprise Platforms offering, leading over 20 staff. * Process enhancement including the combined duties of Chief Security Officer. * Internal ICT Governance. * Managing delivery of both commercial and operational outcomes * Pre-sales & business development Technical skills used in the role included: Security: Kali/Parrot OS and associated tools, OWASP tools. Operating Environments: Linux /LAMP, Red Hat Stack inc. Red Hat Virtualisation, RHEL, CloudForms. Windows Server. CI/CD/DevOps inc: RedHat OpenShift, Ansible, Jenkins, Atlassian Bamboo, Atlassian Bitbucket. Hardware: Dell & IBM servers, Dell & EMC SAN. Networking: Cisco Switches/VPNs, Dell PowerConnect, CheckPoint Firewalls