Greater Southampton Area
I’m a senior platform and security leader managing a 13-15 person Platform Assurance function across Incident Response, Site Reliability Engineering, DevOps and Network Engineering in a SaaS environment. My work sits at the intersection of product security, reliability, platform engineering and business impact. I focus on turning security and operational resilience into practical engineering delivery: clear ownership, stronger controls, better observability, faster incident response, and measurable improvements to delivery outcomes. Current scope includes WAF, AppSec observability, App/API protection, IaC controls, edge behaviour detection, credential abuse, account takeover and bot defence, Security Champions, developer enablement, Incident Response tooling, vendor selection, tooling spend, FinOps-aware business cases and product-security risk prioritisation. I have also built and deployed a production SRE AI Operator using Claude AI, with observability orchestration, incident-management orchestration and quality-assurance workflows. This has reduced product incident investigation from 15 minutes-to-several-hours down to around 2-10 minutes. I’m most effective in roles that need a technical but business-aligned leader across platform assurance, security engineering, product security, AppSec, SRE, DevOps, incident response, AI operations and operational resilience.
Senior Manager leading a Platform function across Incident Response, Site Reliability Engineering, DevOps and Network Engineering within the Platform organisation. Scope includes product security, AppSec observability, WAF, App/API protection, IaC controls, edge behaviour detection, credential abuse, account takeover and bot defence, developer enablement, Incident Response tooling, vendor selection, tooling spend, FinOps-aware business cases and platform enablement. Key areas of leadership: Multi-Team Platform Leadership • Manage Incident Response, SRE, DevOps and Network Engineering teams, setting priorities, delivery rhythm, operating standards, governance and stakeholder reporting. • Build cross-organisation initiatives aligned to ROI, product-led growth, product security, operational resilience and platform enablement. Product Security, AppSec & Edge Security • Lead product-security work across application and edge behaviour, including secure-by-design delivery, threat modelling, CI/CD controls, IaC controls, vulnerability prioritisation and runtime/application telemetry. • Manage edge-security priorities across WAF/DDoS posture, bot and credential-abuse defence, account-takeover signals and application/API behaviour patterns. AI Operations, SRE & Incident Automation • Built and deployed a production Claude AI-enabled SRE AI Operator with Observability Orchestrator, Incident Management Orchestrator, reducing product incident investigation from 15 minutes-to-several-hours down to around 2-10 minutes. Commercial & Operational Outcomes • Own WAF, AppSec observability and Incident Response tooling, including vendor selection, tooling spend, business cases, adoption planning, risk trade-offs and FinOps-aware value tracking.
Led customer trust and GRC initiatives across EMEA, aligning cybersecurity, compliance, and business assurance to meet complex regulatory standards. Specialized in risk management, audit readiness, and automation of governance processes for enterprise and government clients. - Directed Customer Trust GRC operations across multiple regions, ensuring adherence to global regulatory and security standards including ISO 27001, SOC 2, NIST, GDPR, and FedRAMP. - Supported pre-sales and assurance programs for large-scale enterprise and public-sector clients, guiding over 350 RFPs/RFIs per quarter with a focus on compliance posture and security transparency. - Performed comprehensive risk and gap analyses against evolving financial and data protection regulations such as, EBA, PCI-DSS, and GDPR, enhancing organizational compliance maturity. - Designed and deployed automation workflows and audit management systems, reducing manual compliance review and response times by up to 80%. - Established a centralized customer audit and knowledge platform to streamline control evidence, boosting confidence and generating a measurable increase in client engagement and renewal rates. - Led cross-functional GRC and Security Engineering collaboration, embedding audit, compliance, and trust frameworks directly into service delivery and platform operations. - Partnered with legal and data protection stakeholders to manage contractual security reviews, redlining, and due diligence, accelerating deal cycles by 50%. - Developed and operationalized metrics dashboards (KPIs/OKRs) for executive reporting, improving transparency and decision support for risk governance programs. - Managed and mentored a regional team of analysts, enhancing skill development, delivery quality, and retention through structured performance and growth planning. - Drove continuous improvement in customer assurance, improving response consistency, and compliance communication across high-value client engagements.
• Led a team of 10+ personnel responsible for all aspects of company GRC/ISMS initiatives and controls. • Streamlined secure cloud migration to Microsoft Azure and AWS from Atlassian/Jira, expediting digital transformation. • Strengthened identity security through IAM and SSO technology, implementing Multifactor Authentication across the global workforce, and enforcing application security for the SaaS product. • Enhanced security visibility with SOC monitoring, deploying SIEM and internal Incident Management, reducing resolution time for information security incidents and meeting client SLA obligations. • Elevated human protection by conducting KnowBe4 phishing and security campaigns integrated with Exchange Online and Azure Enterprise Applications and implementing a result-oriented tailored security awareness program. • Mitigated phishing attacks by implementing Microsoft ATP controls and reducing spoofing attempts through DMARC policies based on SPF authentication. • Oversaw end-to-end KnowBe4 implementations, including architecture design, technical requirements, pilot testing, setup, and phased deployment. • Facilitated the development and acquisition of high-value contracts through diligent compliance efforts and client relations. • Managed security the ISO 27001, PCI-DSS and SOC 2 compliance and security audits including auditing internal controls for compliance quarterly • Administered multiple key systems, including Jira/Atlassian, Microsoft Azure, SharePoint migration, iHasco, Knowbe4, and KeyStone OnDemand staff training awareness and data protection programs. • Implemented company-wide system automation to enhance resource management, client relations, SOC compliance, and support audit requirements. • Automated Incident Management, Operational monitoring controls, Risk Management, Staff onboarding, Vendor Diligence, and Legal, Regulatory, and Contractual Obligations.
- Researched and authored engaging articles on emerging cybersecurity trends, academic security events, and campus safety initiatives. - Developed detailed write-ups on university-hosted cybersecurity seminars, hackathons, and workshops, transforming complex security topics into accessible content for students. - Demonstrated exceptional attention to detail and the ability to rapidly learn and adapt, independently managing multiple security content projects. - Leveraged the University’s brand narrative to create informative and persuasive content, highlighting campus security measures and digital safety best practices. - Collaborated with academic departments and student organizations to produce high-quality security-focused articles for the university newsletter and online platforms.