I am a highly motivated information security leader, experienced in strategy, planning, managing staff, running security reviews, designing policy, and handling security incidents.
My experience includes the greenfield development of Information Security Management Systems (based on ISO/IEC 27001), the initiation and project management of information security risk assessments, and the design and implementation of many awareness initiatives. I have competence in both the ‘soft’ and the ‘hard’ sides of IT and information security, including experience in network and system administration, policy and strategy development in the defence and education industries. I have the CISSP, CISM qualifications and am an Associate Member of the Institute of Information Security Professionals. I am also the editor for ISO/IEC 27014 (information security governance). Finally, I have been a QSA, qualified to assess companies against the Payment Card Industry Data Security Standard (PCI DSS).
My interests lie in the security of all types of systems, and the human aspects of system vulnerability. I’m the sort of person who will always have a foot in both the technical and strategy camps. I enjoy helping people to find solutions to thorny problems, and strongly believe that information security is fundamental to reliable business operations, not a ‘nice to have’.