Career

I’m a big fan of single page CVs, I’ve been using them for years. As a hiring manager, getting a short CV that is to the point and relevant to the role is much appreciated. However sometimes someone may wish to drill more into my roles, and thats what this page is for. I have always treated my career like a my own graduated programme, I move around to experience different markets, leaders, approaches, challenges and technology. I tend to move roles whenever I begin to feel comfortable in the role as I like to seek growth opportunities!

LRQA

LRQA is a global assurance provider, with operations in 140+ countries providing assessment, inspection, advisory and cyber services.

Head of DevOps | Jan 2024 - Present

Upon completing the AppSec assessments, it was clear that LRQAs low maturity for engineering was the most significant cyber risk, and to ensure I was making the biggest impact I asked to take ownership of DevOps, helping the organisation move to automated CI/CD SDLC processes, aligning the various DevOps factions and standardised IaC practises to help deliver a new Azure Platform with Hub & Spoke Design with Landing Zones for application development.

Head of AppSec and Resiliency | June 2023 - Jan 2024

Initially hired to perform application discovery and security maturity assessments. I completed this using BSIMM, in the process discovering 100+ systems and several development capabilities, the resulting report I presented to non executive directors to highlight challenges and seek investment. In this time I also delivered a code signing solution (DigiCert KeyLocker), and consulted on several third party and in house development projects.

ClearBank

ClearBank is a cloud native UK dual regulated clearing bank providing services such as agency banking and BaaS (Banking as a Service).

Senior Engineering Manager | Oct 2022 - June 2023

Responsible for x3 team streams across x8 engineers, delivering platform security services such as SAST/SCA/Managed Identity, security consultancy such as Risk Management, Threat Modelling, Security Learning and Security Champions initiatives, and developing initial secret management team and approach. Operational activities handed over to junior management team and managed successful exit from the organisation. Working with key customers on security concerns, investigation and development of case studies for strategic technology.

Engineering Manager | May 2022 - Oct 2022

Development of second year of security engineering strategy and awarded further investment taking team size to x7 engineers. Responsible for delivery, product management of security services, developing junior managers and enabling team rotations. Also responsible for customer facing engagements for technical security. Delivered 85% reduction in Snyk flaws during 2022, 80% voluntary uptake in security learning (Hacksplaining), supporting secure low code development, ISO27001, and enabling strategic migration to managed identity. Met all outcomes for the 2022 on time.

Team Leader | June 2021 - May 2022

Business case accepted and given funding to hire x4 engineers to deliver first year of security engineering roadmap. Responsible for hiring, team development, communications and stakeholder management. Responsible for delivery of SAST, SCA and IaC scanning (Snyk), Estate wide threat modelling (ThreatDragon), Review of permissions movement to zero standing access with time based access (MS Access Packages) and tactical remediation of critical infrastructure flaws. Roadmap delivered on time.

Senior Security Engineer | Jan 2021 - June 2021

Responsible for full stack development, technical product ownership and delivery management of several internal security tools. Initial assessment of ClearBank estate, roadmap development and target operating model for security engineering.

Veracode

Gartner Market Leaders in application security testing, providing a comprehensive suite of automated tools and security services.

Senior Application Security Consultant | Feb 2020 - Jan 2021

Consultant with a Gartner Application Security Testing (AST) Leader providing security remediation consultancy to Teir 2 banking clients internationally. I also built opensource integrations to reduce friction when using Veracode security tooling and was active in the Veracode Community.

Clarks

International shoe retailer, founded and headquartered in Street, UK. The Clarks ecommerce platforms alone generated over 1 million revenue daily.

Application Security Engineer | Nov 2019 - Feb 2020

As part of the leadership team for IT Security and Digital Engineering, I was the start of the application security capability at Clarks. Supporting 60 engineers in building secure products and the safety of a multimillion eCommerce platform. Responsible for building & running an app sec programme, implementation of SAST (Coverity) and SCA (BlackDuck), DAST (ImmuniWeb), eLearning (Synopsys) and managing pen test engagements.

UK Hydrographic Office

UKHO is a trading arm of the ministry of defence and is part of the civil service, focusing on maritime charts and safety of life at sea.

Lead Software Engineer | Aug 2018 - Nov 2019

Responsible for x2 delivery teams, ensuring product quality and timely delivery for GIS and data services. Additional line management responsibilities with engineers outside of my delivery teams. Recognized as an expert in application security, tasked with improving standards across 8 mixed technology teams. Running a programme of improvement such as education, introducing threat modelling, adoption of SAST and DAST technologies and chairing a security champions initiative.

Senior Software Engineer | Sep 2017 - Aug 2018

DV cleared software engineer building GIS software in Python, C# and JavaScript. Responsible for full stack development and security advisory to support our Navy client.

Xeretec

Xeretec is a Xerox channel partner, providing print, managed print services and solutions.

Senior Software Engineer | Aug 2016 - Sep 2017

Responsible for building software development capability at Xeretec. Took the team up to x4 engineers, responsible for hiring and performance development. Took to market a BI solution enabling customers to reduce print costs, and building a support suite of applications for print devices and scaling it across a print fleet of 12,000.

Marine Technical Limits

MTL is an asset integrity and repair company specializing in FPSOs

Software Engineer | Feb 2015 - Aug 2016

Software engineer building virtual reality offshore training in Unity3D and the Oculus rift. Responsible for full stack development.

Hi Reader! If you like what you read, please consider supporting me and there are a few ways to do this!

If I can be of value to your organisation considering viewing the security and speaking services I offer.
If you are interested in LRQA services, considering letting me make an introduction.
Or perhaps consider just buying me a coffee.