London Area, United Kingdom
A practical hands-on, business focused security leader with a blend of skills drawn from business consulting, technical computing experience, team management and commercial expertise. Mark is a problem-solver with a "Can-Do" attitude and an infectious enthusiasm/drive that consistently delivers business value with built in security, while building trust with stakeholders - a claim that is verified by his track record. No job is too big or difficult - it is the challenge that drives him, he has a bias for action. I focus on the problems and fix them. Mark has set up successful greenfield internal security teams and external consulting practices alike. He specialises in taking organisational security capability from "zero to hero" in an accelerated timeframe. Mark is experienced in owning P&Ls and hitting revenue targets. Mark's hands-on experience covers most skills in CyberSecurity;/Privacy/Governance including design, forensics, pentesting and policy developement. However, these days he focuses on: - Presenting security issues to executives and board level management, with solid resolutions - Audit/Regulatory Remediation & complete turn-arounds - Devising security strategies for top companies & managing their roll-out - Delivering security policy & security standard initiatives - Demonstrating that Cloud and practical DevSecOps can produce secure results - Implementing security architecture frameworks and tools (NIST, ISO27001) - Incident Response, Breach Recovery & Crisis Management Qualifications include: Bsc , MBA, CISM, CISSP, Cisco CCNA/CCNP/CCSP, Checkpoint CCSA/CCSE, ITIL, PrinceII, AWS, AZURE, CLAS, DevSecOps
Corpay is an incredibly successful, S&P 500 financial services company. HQ'ed in the USA, it specialises in global business payments, credit card, FX, cross boarder payment and spend management. Corpay boasts $4Billion revenue and 25,000 employees. This new role is a hybred Regional CISO role as the security leader for security activities in UK, EU and ANZ. The company has an extremely active aquisation program so the work is varied and diverse invovling intergration of new businesses into operations of the group company. Other initiatives includes refreshing the security programme, incident management, security tools portfolio, SOX, SOC2, ISO27001 2022 and PCI4.
EURO 2024 (first time I have watched a whole football match), Wimbledon, Olympics 2024 (what was that opening ceremony all about ), Paralympics ( didnt watch the opening :-0 ) and rebuilt a brick workshop/shed in my back yard. I had promised to write another book and write some software but I figured I would give the old bonce a rest
Jaja is a challenger Cloud SaaS fintech that provides digital, physical credit cards and banking services. The most up-to-date and concurrent technologies form the landscape at this exciting new industry challenger: - Mobile, and web solutions on a Cloud native platform based on Aws. - Fully Containerised & serverless with no legacy - Aws, Docker, K8S, Terraform+puppet driving full Infrastructure and Configuration as code. - A maturing DevSecOPs environment with a CI/CD pipeline that includes SCA, SAST and DAST. All in a "Clicks, No bricks" environment with no perimeter using Zero trust networking Apart from the buzz-word bingo, this is truly a dream environment for any CISO who loves to get his hands dirty - and I had to with a small team of 4 staff.
JLL (formerly Jones Lang LaSalle) is a fortune 500, 100,000 employee, $18 bn revenue, regulated financial services and investment management company specializing in real estate. This was a new role designed as a hands-on Head of Security, promoted to EMEA CISO. Reporting to the Global CTO, it is responsible for all-things cyber-security in the region. My accelerated security programme includes introducing enhanced Incident Management, APT prevention, EDR, WAF, Cloud, DevSecOps, Multi Factor Authentication, SIEM, Cybersecurity awareness training, ISO27001 and process documentation/improvement. Virtually every aspect of cybersecurity has been enhanced to reflect our firms prominence as a business, and the significance of digit channels within that business. Based on independent maturity analysis, our rating has been driven from a sub 1 score to a 3+ in less than 3 years. The most important change in culture I introduced to the organisation was the aggressive pursuit of prioritised cyber threats at the business level - I regularly interact with the many EMEA CFOs/COOs to discuss and secure a powerful mandate for each new initiative.
CISO and Head of Security with a specific mission: Greenfield implementation of a full security, IT governance and regulatory program. The role has expanded to include Head of IT for the UK operation plus CISO/Head of Security for group companies across Europe. This was a very hands-on role requiring a very can-do attitude to clear a significant backlog and drive change in a firm that was to all intents and purposes owner-managed; with 2 million customers but running the way it did when there were 200 . Packing in 3 or 4 years of projects in less than 2 years, major successes include: • Introduce a 3-year strategy/road-map with Exec reporting • Full docker image security enhancement using Distroless images • SDLC and code security implementation from “engineering principles” into automated checks in a maturing CI/CD pipeline; includes SCA, SAST and DAST using Snyk + other tools. • External pentesting and BugBounty • Internal API testing and verification (ApCheckNG / Postman+Newman) • Introduction of a managed SOC (Expel.io) • Implementing and supporting Crowdstrike MDR • Roll-out of Asset Management and maintenance using NinjaOne and Jamf Pro • Overhauling corporate IT and zero-trust security management • ISO27001 / PCI-DSS Level 1 • Making Security an operational reality using a metric driven approach • Automation of IAM with BetterCloud • Building the Security team and rebuilding the Corporate IT functions • Producing a full set of Security policies and procedures • Introduction of Third party risk assessment • Implementing MFA and SSO • Introducing change control