Information Security, Risk and Governance leader.
Heavily involved in changing culture and behaviours in information security and risk solutions for the last 21 years in the UK, US and throughout Europe. I have led security teams for Ernst & Young and PwC in Scotland, as well as founder of 2 security consultancies and the BSides Scottish conferences.
Finalist for Cyber Evangelist of the year 2018, Scottish Cyber Awards
Shortlisted for International Contribution to Cyber Security, and Cyber Risk Strategy of the Year
Chair of the Scottish branch of the Chartered Institute of Information Security
Deputy chairman of the Information Security Forum Supervisory Board
Director and co-Founder of BSides Scotland security conferences
Defcon SOC Goon
Member of the Institute of Directors
Past President of ISACA Scotland and Member for 18 years
Previously Mensa Security SIG Secretary
Fellow of CIISec (F.CIIS)
Security mentor and evangelist
Moderator of the Security, Music, Parenting, Outdoors, Travel, Video Production and Sound Design sites. Past mod on Personal Productivity (RIP)
Contributor to the Open Web Application Security Project (OWASP)
EC Council Certified Chief Information Security Officer (C|CISO)
ISACA Certified Information Security Manager (CISM)
ISACA Certified in Risk and Information Systems Controls (CRISC)
IAPP Certified Information Privacy Manager (CIPM)
has also been a member of the Standards and Operations Committees for the Council of Registered Ethical Security Testers (CREST), an ISC2 Certified Information Systems Security Professional (CISSP) and a CLAS Consultant.
Extensive experience in Enterprise Risk and Security, from a deep technical grounding in application, network and platform security, as well as over 10 years working with global banking clients helping them identify, evaluate and mitigate information risks from a business and governance perspective.
Created security development pathways and managed large scale security programmes, including global attack & penetration engagements, privacy and security assessments, incident response and fraud and forensic investigations.
Acts as a mentor and coach for numerous security professionals in Scotland, providing career guidance as well as promoting a passion for the industry.
Presents regularly on aspects of Information Security at various events in the UK, especially on the business implications of security issues, building effective security teams and changing organisational culture.
Published in the Financial Times, ISACA Journal, Computer Weekly and others.