Information Security, Risk and Governance Specialist.

Heavily involved in information security and risk solutions for the last 16 years in the UK, US and throughout Europe.

• Scottish Chairman of the Institute of Information Security Professionals
• Immediate Past President of ISACA Scotland
• Full Member of the IISP (M.Inst.ISP)
• Security mentor and evangelist
• Moderator of the Security, Music, Outdoors, Video Production, Sound Design and Personal Productivity Stack Exchange sites and Administrator for the Security Stack Exchange Blog
• Contributor to the Open Web Application Security Project (OWASP)
• EC Council Certified Chief Information Security Officer (C|CISO)
• ISACA Certified Information Security Manager (CISM)

• ISACA Certified in Risk and Information Systems Controls (CRISC)

• have also been a member of the Standards and Operations Committees for the Council of Registered Ethical Security Testers (CREST), an ISC2 Certified Information Systems Security Professional (CISSP) and a CLAS Consultant.

Extensive experience in Enterprise Risk and Security, from a deep technical grounding in application, network and platform security, as well as over 10 years working with global banking clients helping them identify, evaluate and mitigate information risks from a business and governance perspective.

Key roles in integration programmes, aligning security policies and business risk appetites across divisions in order to provide pragmatic security solutions.

Has created security development pathways and managed large scale security programmes, including global attack & penetration engagements, privacy and security assessments, incident response and fraud and forensic investigations.

Core clients have included global and UK banks, government departments as well as organisations in the Energy, Telecomms and other markets.

Acts as a mentor and coach for numerous security professionals in Scotland, providing career guidance as well as promoting a passion for the industry.

Provides subject matter experience at both strategic and technical levels, defining, reviewing and assessing enterprise level information security strategy, policies and standards for clients, incorporating the ISO 27000 series, COBIT, ITIL and other industry recognised baselines.

Presented at the inaugural e-Crime Scotland Summit and presents regularly on aspects of Information Security at various events in the UK, especially on the business implications of security issues.

Published in the Financial Times, ISACA Journal, assisted in the production of ISACA's APT white paper, and various other publications.