Lead Cloud Security Architect2019 - PRESENTDeutsche Bank
Technologies: Azure, Google Cloud Platform (GCP), Office 365, Terraform, Identity & Access Management (IAM)
- Engaged to provide cloud security consultancy focused on establishing a secure multi-cloud adoption from a security operations perspective.
- Reported to the director of cyber threat analytics and cloud security monitoring, defining identification and remediation processes for Azure, O365, and GCP threats and aligning with MITRE ATT&CK and CSA Cloud Control Matrix (CCM) frameworks.
- Derived program deliverables and the workstream structure from cloud security strategy.
- Evaluated an Azure AD solution design and provided remediation best practices against cyber threats related to Azure identity and access management (IAM) services.
- Designed the cloud service provider agnostic security monitoring and logging strategy, roadmap, and Azure and GCP reference architectures.
- Developed security policy as code guardrails using Terraform Sentinel and Prisma Cloud for both Azure and GCP.
- Assessed 50+ Azure native services and 70+ GCP native services to establish encryption requirements, guardrails, and security logging, monitoring, and incident response requirements aligned with NIST and CIS Benchmarks best practices.
- Implemented Azure Sentinel using Terraform Enterprise (TFE) to provide user and entity behavioral analytics (UEBA) and security orchestration, automation, and response (SOAR) capability while integrating with existing incident response processes.
- Acted as a subject matter expert to define, optimize, and train the security operations center (SOC) team on security monitoring use cases for Azure and GCP.
Cyber Security Architect2018 - 2019The Royal Bank of Scotland
Technologies: AWS, Azure, Office 365
- Engaged to provide cyber security consultancy for the strategic adoption of public cloud services, particularly AWS, Azure, and Office 365.
- Reported to the head of security architecture, owning all O365 security-related topics.
- Defined the penetration testing scope and end-to-end engagement of internal and third-party pen testers for mobile connectivity and cloud authentication services.
- Evaluated security controls taxonomy to identify required software as a service (SaaS) and platform as a service (PaaS) controls based on ISF standard of good practice (SoGP) and the UK NCSC cloud security guidance for AWS and O365 services.
- Provided risk-based evaluation of an entire suite of Microsoft cloud and on-premise security components to deliver the best value for enterprise-wide license purchasing decisions.
- Enforced cryptography requirements for cloud and on-premise traffic in line with the security policy.
- Defined a zero-trust Azure AD security model using privileged identity management (PIM).
- Implemented Azure Information Protection (AIP) for GDPR-compliant classification of sensitive data with integration to existing data loss prevention (DLP) and encryption solutions.
- Provided continuous security assurance and vulnerability assessment to enable additional functionality by DevOps engineers towards an agile project delivery.
- Defined an O365 security logging and monitoring roadmap using Microsoft Azure services to integrate existing security tooling and security operations center (SOC) processes.
Senior Infrastructure Designer2016 - 2017Standard Life Aberdeen
Technologies: AWS, Azure, Office 365, IT Infrastructure, IT Systems Architecture, Design, Estimations, F5 Networks
- Engaged in delivering conceptual, logical, and physical infrastructure designs focused on advancing long-term infrastructure and cloud strategies for the operational IT business area. I reported to the senior program manager.
- Translated customer requirements into viable public cloud (AWS and Azure), private cloud (third-party managed IaaS), and on-premise infrastructure solutions.
- Led the implementation of the Payment Card Industry Data Security Standard (PCI-DSS) compliant cloud-based debit card payment solution.
- Designed an enterprise-wide logging and monitoring solution using Splunk SIEM and Dynatrace following evaluation of multiple products with a primary focus on existing technology integration.
- Owned principal approval for AWS and Azure infrastructure designs aligned to a cloud adoption strategy.
- Acted as the key stakeholder for assuring third-party platform as a service (PaaS) and software as a service (SaaS) solution designs hosted on public cloud platforms, primarily AWS and Azure.
- Devised an Office 365 capability-based enterprise roadmap working with Microsoft to provision Exchange, SharePoint, and Lync Online services for newly acquired business propositions.
- Worked closely with project and delivery managers to produce an estimation of infrastructure costs and resource requirements and business case summarization to enable business case approval.
- Acted as the key infrastructure stakeholder in currency and obsolescence (decommissioning and containment of legacy technologies and suppliers) and critical services (improving resilience) programs.
- Led design pattern standardization, network perimeter requirements, and public cloud adoption on Azure for several new business acquisitions based on a cloud-first services principal.
Lead Infrastructure Architect2015 - 2016Standard Life Aberdeen
Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations
- Engaged to directly support business teams migrating 2,000+ servers from the on-premise data center to a hybrid private cloud/infrastructure as a service (IaaS) platform underpinned by a long-term data center exit strategy.
- Reported to the senior portfolio delivery manager and managed the workload of a team with system analysts, business analysts, and test analysts.
- Presented service impact implications to non-technical senior business stakeholders.
- Liaised with a third-party networks partner (BT) to ensure design compliance and timely delivery of network changes aligned with the internal business team changes.
- Evaluated the existing physical infrastructure to establish cost savings achievable from virtualization and successfully P2V’d all suitable infrastructure.
- Drove decision-making within the technical direction team owning the corporate strategy.
- Led design activities to provide solutions for storage-related migration challenges and increased resilience to the existing systems.
Technology Architect — Infrastructure2014 - 2015Royal London Asset Management
Technologies: IT Infrastructure, IT Systems Architecture, Design, Estimations, Oracle, Data Center Migration, F5 Networks
- Hired to identify appropriate, cost-effective, and robust technical solutions to support business development, such as a data center exit design delivery providing cost savings of over £3.2 million/year for mainframe, Wintel, and telephony services.
- Designed the adoption of cloud solutions using a combination of infrastructure as a service (IaaS) on AWS and Azure, platform as a service (PaaS), and software as a service (SaaS) to securely provide dynamic service scalability and high availability.
- Evaluated the existing services to establish cost savings achievable from virtualization and cloud.
- Owned the design through approval, delivery, and review phases, including the oversight of subject matter expert-developed design work.
- Defined and implemented an enterprise mobility strategy encompassing corporate and bring your own device (BYOD).
- Led the migration of an Oracle and SQL infrastructure to a virtualized environment.
- Chaired and participated in technical design approval groups (TDAGs).
- Performed quality assurance (QA) of proposed designs and post-implementation reviews for infrastructure solutions.
- Worked with the IT security team to ensure full compliance with standards and the overall security strategy.
Solutions Designer | Project Technical Lead2012 - 2013The Royal Bank of Scotland
Technologies: Active Directory Programming, Identity & Access Management (IAM), Group Policy Management, Role-based Access Control (RBAC), Design, TOM
- Worked on the Active Directory (AD) remediation project, produced the complete design, and implemented a new global AD delegation, security, and group policy (GPO) model and the corresponding role-based access control (RBAC) matrix.
- Produced Infrastructure high-level designs (HLDs) for infrastructure solutions covering areas including options analysis, cost-benefit analysis, target operating model (TOM) design, and infrastructure cost estimates.
- Led end-to-end design of a new Dell/Quest Change Auditor infrastructure solution to track and audit all AD data and structure changes required for regulatory purposes.
- Analyzed the existing elevated AD privileges using advanced Microsoft Excel and Access—including an SQL Server back-end design, and database structure and SQL data analysis queries—to ensure the principal of least privilege's optimal implementation.
- Acted as a stakeholder influence and managed third-party vendors and internal teams.
- Managed the work stack and mentored senior technical analysts, technical analysts, business analysts, and communications analysts.
Customer Solutions Architect | Technical Team Manager2011 - 2012The Royal Bank of Scotland
Technologies: Virtual Desktop Infrastructure (VDI), VMware, Active Directory Programming, Design
- Reported directly to the Fujitsu program director, managing all client-based Fujitsu technical project resources, technical design, project delivery, and driving new business on the RBS managed service account.
- Owned line management and workload management of technical project teams— with 32 technical team members each working on multiple projects—including the complete formation of new sub-teams as determined by project and program requirements.
- Led a team on project work across the RBS strategic virtual desktop infrastructure (VDI) environment based on VMWare ESX infrastructure.
- Considered to be one of the few VDI subject matter experts at RBS.
- Produced low-level technical project designs (LLDs) for team members and RBS platform teams using industry best-practice methods in line with RBS governance, policies, and standards.
- Produced high-level technical project designs (HLDs) and statements of works (SoWs) for project managers in order for them to prepare budgets and bids.
- Guided project management and the delivery of multiple projects streams throughout the entire lifecycle across various RBS projects and programs, covering multiple infrastructures and delivering an average of 30 ongoing projects at once.
- Owned stakeholder management of third-party vendors, project managers, and program managers (both business and technology) to formulate detailed project plans.
- Spearheaded the detailed reporting of team resources, project financial forecasts, and end-of-month reconciliations to Fujitsu finance and project management office (PMO) teams.
Technical Team Lead2009 - 2010The Royal Bank of Scotland
Technologies: Virtual Desktop Infrastructure (VDI), VMware, F5 Networks, Windows, NetApp, VBScript, Perl, Windows PowerShell, Data Migration, Oracle
- Delivered over 70 projects across RBS, undertaking project management and technical leadership roles on various projects.
- Acted as a key member in the design and implementation of the VDI solution for the RBS IT systems off-shoring program.
- Implemented and supported the new virtual desktop infrastructure (VDI) rollout of 7,800 virtual machines (VMs) using Windows XP based on a VMWare ESX and F5 Networks FirePass VPN infrastructure.
- Owned the analysis and remediation of server, client, and application issues for the entire VDI infrastructure.
- Led the migration from Windows Server to NetApp filer, successfully moving home and profile data for 10,000+ users.
- Migrated business-developed databases from Microsoft Access/SQL Server to an Oracle 8i/10g infrastructure.
- Developed bespoke Perl, VBS, VBA, and PowerShell scripts to automate bulk Active Directory activities.
- Led Active Directory and Exchange activities across multiple domains and forests and increased the overall team efficiency by 600%.
- Trained and mentored team members on RBS governance, policies and standards, and technical implementation methods.
Senior Technical Analyst2008 - 2009The Royal Bank of Scotland
Technologies: VBScript, Active Directory Programming, MS Exchange, Novell NetWare, SAS
- Delivered over 30 projects across RBS, often in technical lead roles, displaying deep-rooted knowledge of RBS legacy infrastructure and domains and their integration with current systems.
- Designed VBS and VBA scripts to implement and enhance the existing migration strategy and provided technical support for the migration of 6,000+ EMEA users.
- Designed the migration strategy, management, implementation, and support of a large project, migrating 7,000+ users from a Novell NetWare infrastructure to a Windows NT/2003 infrastructure within RBS insurance.
- Acted as the primary technical resource on implementing the new Aspect telephony products— Workforce Management, Perform (real-time adherence), and Empower—to integrate with Windows NT and Active Directory providing cost savings of over £3M/year.
- Designed and implemented a SAS module and technical audit installation throughout the entire RBS estate providing cost savings of over £10 million during subsequent contract negotiation.
- Provided third-line support to the back-office migration team of engineers for any escalations on the Windows NT 4.0 to Windows Vista rollout.
- Assumed third-line Active Directory/Exchange support to engineers for the migration of 1,500+ users across several domains onto a single domain on the UK business banking rollout.