Manchester Area, United Kingdom
Phil has 25 years of experience providing tactical and strategic risk based assurance and Cyber security decisions for numerous organisations in both the Public and Private sector. Phil has worked on a number of challenging ICT Programmes with respective impact levels and classifications, encompassing cyber risk management, assurance and guidance for MOD, Central Government, Police Forces, The Royal Air Force and The Royal Navy. Over the years Phil has gathered comprehensive experience of writing risk assessments to support accreditations and assurance decisions, security strategies and security policies for clients which draw upon a wide ranging number of best practice frameworks ranging from HMG Security Policy Framework, CPNI, National Cyber Security Centre (NCSC), the Cloud Security Principles, Centre for Internet Security, NIST and associated standards. A safe pair of hands, hands on when required, a pragmatist at heart, professional, hard-working, flexible, highly motivated, with a keen eye on emerging security technologies with well-developed communication, problem-solving and negotiation skills. Phil is used to working under pressure within tight schedules and financial constraints whilst also encouraging others to ensure that the highest standards are achieved and maintained throughout the programme lifecycle. Key Skills - Cyber Security Consultancy - Strategy and Leadership; - Negotiation skills; - Ability to achieve Stakeholder buy in; - Authoring of Security Requirements; - Qualitative and Quantitative risk assessment; - ISO27001 Compliance; - Cloud Security (Azure and AWS); - 3rd Party liaison; - Threat and Vulnerability Assessment reviews; - Secure Architecture design and review; - Public and Private Sector Delivery; - Incident response strategies; - Physical Security Assessments to CPNI Standards; - Application and Knowledge of Policy;
Former CLAS consultant. Currently providing Cyber, Digital and Information Assurance Consultancy to Public Sector Organisations including Local and Central Government. This includes: Attending regular security meetings to gather feedback and support the enhancement of projects. Working with other regional and external entities to capture additional requirements. Responding to global security events. Supporting the delivery of Information Assurance across the organisation Provide support in relation to the other Information Security team functions Provide general advice and guidance on IT security related matters as and when required.
Provided daily advice and guidance to a portfolio of around 30 projects in order to provide secure, resilient and reliable DWP Digital Products that seamlessly enable customer-staff interaction. Guidance provided to ensure compliance and governance against DWP Technology Patterns, Policies, and Principles relating to all core DWP Technology Domains such as Application, Hosting, Cloud, Data Management, Networks, Integration, End User Devices and at all phases of the delivery lifecycle i.e. Requirements, Design, Development, Test, Deployment, Maintenance, Decommissioning, Alpha, Beta, Live. Review and Scoping of IT Health checks to address Primary Security Concerns for numerous projects. Cloud platform technologies used AWS and Azure.
Call off Contract Production of comprehensive RMADS for DSAS on behalf of Raytheon to help gain successful accreditation of a LAN and successful connection to the RLi. Work included running numerous Security Working Groups to ensure the correct physical and electrical separation due to the networks different protective markings. Production of numerous in house policies including business continuity, disaster recovery, incident response, and Security Operating Procedures governing existing staff and external parties were also produced in order to support the accreditation.