| Summary | IT Professional with over 25 years’ experience in delivering secure IT Services. Rewarded by building relationships with customers and cultures within teams, and the satisfaction of people focused services that balance usability and security. |
| Work History (References available on request) | January 2022 – Present : environmental NGO Strategic Lead Information Security * I’m responsible for managing information security risk within the core organisation and across the wider federation. * As part of a program of a program of improvements to reduce cyber security risk I led the implementation of Azure Sentinel SIEM/SOAR and Microsoft Defender for Endpoint. * To increase awareness and reduce barriers to improvement I developed a Cyber Security Framework for the organisation based on the NCSC ’10 Steps to Cyber Security’. This includes a foundational standard, three maturity levels and detailed guidance on technical and policy or process controls to reduce risk. * As part of the development of the framework I re-wrote the Information Security policy to improve readability and provide a template policy for the federation. * To inform decision making I developed a Threat Intelligence briefings for senior leadership and technical staff and Cyber Security awareness briefings for executives, managers and both technical and non-technical staff. |
| June 2020 – December 2021 : University of Plymouth Head of IT Customer Services and Security I filled the vacant Head of IT Customer Services post on an interim basis until a candidate was appointed permanently in the role. In the seven months I was in this role (before relocating back to Cambridgeshire); * I was responsible for 1st and 2nd Line Support, End User Device Management, Audio-Visual and Portfolio Management Teams (7 direct reports, 39 staff). * I led the team providing the critical support resources for the clearing process. * I retained responsibility for Information Security at the University, including the Enterprise Security Team (1 direct report, 4 staff), and security improvement projects. * I led the deployment of Microsoft Defender for Endpoint across all Windows 10 and Server systems and the rollout of Multi-Factor Authentication. | |
| 2019 – 2020 : Delt Shared Services Ltd Client Services Manager * Led a team of 32 staff, with 5 direct reports (3 Team Leads and 2 ITSM Specialists), an annual budget of £1m. * Responsible for incident and request management, problem management and continuous service improvement. * Led the service design and service transition process, responsible for the effective transition of service into production including change management. * Built strong relationships with key stakeholders, measures client satisfaction through service level reviews and feedback surveys and feeds conclusions into service design and improvement. | |
| 2013 – 2019 : University of Cambridge Head of the Clinical School Computing Service * Led a team of 39 staff, with 7 direct reports (5 Managers, 1 Infrastructure Architect and 1 Administrator) with an annual budget of £1.5m * Responsible for the departmental strategy, created to support the School of Clinical Medicine 5-year plan, informed by feedback from service users and key stakeholders. * Directed the Design, Transition and Operation of IT Services to the departments, institutes and units within the School according to ITIL principles. * Represented the School on the University ISC Operations Committee and Schools/UIS Liaison meetings. | |
| 2012 – 2013 : University of Cambridge Support Team Manager * Led a team of 11 staff providing front line services to the departments, institutes and units within the School. * Restructured the flat Support Team based on ITIL functions and roles (Service Desk, Systems Support, Projects) each with their own Team Lead. * Implemented two new services (Linux Managed Desktop and Laptop Backup) based on user feedback and risks identified by Support Team staff. * Responsible for the implementation of a new IT Service Management application (LANDesk) to replace a disparate set of legacy databases and applications. | |
| 2010 – 2011 : University of Cambridge MISD Service Manager * Managed the Service Provision by MISD to the Institute of Continuing Education and Madingley Hall, including responsibility for the Service Management Plan * Consultant to Murray Edwards College advising on the College IT Strategic Plan and providing technical advice to the College IT Manager * Implementation and Service Manager for the MISD Document Management Service * Implementation and Support for the MISD Service Desk Review Project * Chair of the University Departmental IT Management Group and representative of that group to the University IT Review Committee. | |
| Education and Training | 2017. QA Ltd (London) * Certified ISO27001: 2013 Practitioner 2015. QA Ltd (London) * ILM Level 5 Award in Leadership and Management 2014. QA Ltd (London) * ITIL® Foundation certificate in IT Service Management * BCS Certificate in Information Security Management Principles 2008. Rezound Ltd. (Sheffield) * CompTIA CTT+ (Certified Technical Trainer) |
| 1989 – 1991 : Hedingham VIth Form : Essex AS Level Economics; A Level English, Economics and Geography (C; B, C, C) | |
| 1984 – 1989 : Hedingham Comprehensive School : Essex 9 GCSE’s. (5 A’s, 1B, 2C’s 1D) | |
| Experience | Leadership and Management I have spent eighteen out of the last twenty years in management roles, leading small to medium sized teams. In my most recent role I lead a team of 32 staff, and my first assignment was a complete reorganisation of the team, and transfer of the service design and transition functions into my remit. In my recent career I’ve led improvements in the following areas; ITIL Service Management processes. Information Security Risk Management, Information Security Policy and Governance. Strategy, prioritisation and project management. Financial planning and forecasting. Staff training, appraisals and development. |
| Technical Knowledge Whilst my experience over the last 10 year has been largely in management roles, I have continued to maintain a level of technical knowledge of client systems, server, storage and network infrastructure, and in particular information security threats, vulnerabilities and technical controls including; Secure implementation and configuration of servers, Technical review and selection of anti-malware products, vulnerability assessment and penetration testing and acting on results, incident response to information security breaches, use of logging and monitoring tools to detect and counter information security threats. | |
| Information Assurance In my previous role as a service provider to Biomedical Research a key responsibility was identifying the risks of disruption, the impact of service outage, and the implementation of appropriate countermeasures and contingency arrangements. Improvements I led in this area include; Migration of a legacy server room at risk of disruption from building refurbishment to a purpose-built facility in a better location, a NetApp Storage infrastructure replacement programme which improved data security and resilience, and improvements to Change Management processes to reduce service disruption caused by unmanaged change. | |
| Information Security Management I have always found information security to be one of the most interesting and rewarding aspects of any technical or management IT role, and this culminated in my role at CSCS where I led the development and continuous improvement of security policy, governance and practice, including; Creation of a School level Information Security Policy, implementation of a Secure Data Hosting Service (achieving NHS Digital ‘Data Security and Protection Toolkit’ certification) and improvements to the SDHS to enable research on data from Cambridge University Hospitals Electronic Patient Record system (culminating in the University’s first ISO 27001:2013 certified safe haven). | |
| Interests | Coarse fishing, paddle boarding, archery, cycling, camping. |