Security Competencies
Working in IT for more than two decades has brought me great exposure to many environments, technologies, processes and complexity. I have worked for companies of all shapes and sizes. I have worked to ITIL for many years, of which I am certified in, and actively hold the vendor-neutral CompTIA Security+ certification. This is in addition to over two decades of solid Internet, and and various other competencies.
Responsibility
Since the being involved within the Internet, I have taken ownership of infrastructure security.
This was recently demonstrated when I had the responsibility for the enterprise security of a retail company to a one of the UK's largest power stations - power stations are known to be one of the largest target vectors for attackers.
Frameworks
Having obtained the CompTIA Security+ certification, and aligning my working practises to the ITIL operational framework. I have standardised my working practises to well-proven industry recognised best practise.
I assisted an organisation to achieve the ISO27001 security accreditation for its hosted infrastructure and utilising tailored ITIL best practices to suit the operations of the IT team. This helped them bid for large central government tenders.
Additionally, I have helped a utilities company to implement the Critical Security Controls for Effective Cyber Defence framework to help bolster and measure its defences.
Perimeter Security
Working for several companies including one hosting central government online services, I personally managed perimeter security policies and devices, I later had responsibility for policies and worked through providers to maintain these. Technologies span Check Point, Cisco, Palo Alto and F5.
Online Services
I have a long and proven track record in securing hosted infrastructures and have assisted in shoring up the security for online services for organisations such as Essex police.
Auditing
Applying best practice, I ensured that all externally infrastructure had frequent external security assessments, also known as penetration tests, to check for known vulnerabilities and treats, etc. The reports often came back clean with little remediation needed highlighting the best practise and good design implemented and thorough controls and operational management.