England, United Kingdom
Cybersecurity leader with 13+ years’ experience building and scaling security functions, teams, and programmes across high-growth PaaS/SaaS technology businesses, financial services, and pre- and post-IPO environments. Current areas of interest include enterprise security strategy, security architecture, AI security (secure AI adoption, shadow AI) and SaaS security. Founder and co-chair of the Cloud Security Alliance SaaS Security Controls Framework (SSCF), focused on technical SaaS security guidance at scale.
Senior cybersecurity leader reporting to the CISO. Focus areas include enterprise security strategy, security architecture governance, SaaS security, cyber risk, secure AI adoption, and executive / board-level reporting.
Early security hire brought in to build the European information security function for a fast-growing global PaaS/SaaS technology business. Built the regional security team, operating model, and core capabilities across product security, application security, cloud security, vulnerability management, and cyber risk. Owned CVE CNA capability and launched the company-wide bug bounty programme.
Led the UK and Asia cybersecurity team, reporting directly to the Global CISO. Contributed to global cybersecurity strategy and led regional security transformation programmes across enterprise security, security architecture, asset management, incident response, and cyber risk management. Partnered with senior business and technology leaders, including the UK business head and CTO, to improve cyber risk visibility, strengthen security decision-making, and align security priorities with business objectives. Led key regional security capabilities, including incident response, cyber risk management, security architecture, and delivery of strategic security change.
Early cybersecurity hire brought in to support a major security transformation programme across production and corporate environments. Designed and implemented core security tooling and controls, including global EDR, DDoS protection, PKI, phishing simulation, vulnerability management, and security monitoring capabilities. Managed and delivered internal and external penetration testing across network, infrastructure, and application environments, working with technical teams to remediate findings and improve control maturity. Supported the build-out of practical security capabilities across enterprise systems, production platforms, and business operations.
I proposed, designed and implemented large scale security solutions as part of SRE team. Executed initiatives such as vulnerability scanning using Nessus, enabled SElinux and Linux-based firewalls. Architected large scale malware defence using rkhunter and maldet. Used security tools such as Metasploit, Veil AV evasion, RSA 2FA and others. Trained and advised Junior System Engineers.
A SRE engineer responsible for monitoring and maintaining of over 3000 Centos Linux-based servers distributed worldwide and accompanying global network infrastructure. Participated in critical incident response and was instrumental in securing server infrastructure. Implemented new scalable method of automatic BIOS upgrading for Dell servers, reducing manual workload by 70%. Performed large scale deployments with minimal customer impact.
Proposed and implemented a Google funded project covering Implementation of most common mobility models with random failing integration. This was a math and simulation problem that is useful when simulating movement of wireless data nodes.