Business Engineering | Data Science in Cyber | Digital Forensics | Incident Response | SIEM | MDR | MSSP | Ops & Service Service Management | Solution Architecture
Associate Managing Director SPARK @ KROLL
Senior Director, Proactive Security Services @ Cybereason
Global Head of CERT @ Atos
CERT & Red Team Lead EU @ Atos
Lead SIEM Architect @ Atos
SIEM Engineer @ Atos
Security Risk Analyst @ Royal Bank of Scotland
IT Systems Administrator @ Comp Safe Support
I hold CISSP, CEHv8, GCFA and GCIH certifications and NATO Secret and EU Secret security clearances.
WHO I AM
I have a rich history working in numerous roles in the cybersecurity industry, dating back to 2008. Throughout my career, I led incident response efforts for numerous high-profile breaches, designed, consulted on, and delivered a wide array of cybersecurity services, solutions, and products. This diverse experience has allowed me to cultivate a unique blend of leadership, product development, Managed Security Services Provider (MSSP) expertise, and hands-on technical proficiency.
My professional ethos revolves around the conviction that addressing future challenges in cybersecurity requires more than just expanding our workforce. We must leverage our existing resources better while enhancing efficiency with automation and ‘as-code’ approaches. I am deeply committed to disrupting the linear correlation between headcount and delivery through innovative strategies, application of technology, and streamlined processes.
One of my core strengths lies in my ability to bridge the gap between technical acumen and an experience-driven pragmatic understanding of business requirements and leadership expectations. This unique blend allows me to stay dedicated to my passion for working with technology, while making a meaningful impact on overarching business goals, ensuring a comprehensive and strategic approach to security management.
"Organizations, whether well-established or on the path to growth, faced with challenges of balancing their daily operations, struggle to maintain focus on innovation, projects, and true strategic planning. Yet, it is within these challenges that opportunities for growth and transformation truly emerge."
WHAT I DO
Cyber Innovation Hub
Employing the Diamond Model approach, I instil continuous innovation within companies, fostering an environment of the 'innovate or die' attitude.
The guiding principles of Cyber Innovation Hub methodology are inspired by the building blocks of the concept known as Design Thinking, including:
Inclusiveness: All ideas, concepts, and challenges are welcomed, and real-world experience of front-line defence and offense are essential
User-driven: Customer needs and priorities are at the heart of the design process
Data-driven, Bias-Free: The design process emphasises data-driven decision-making that allows us to extract bias from the final equation
Rapid Prototyping: Iterative and incremental design philosophy allows us to bring customers impactful changes and new approaches at unprecedented speed
Taking on end-to-end ownership and oversight of projects, I assume leadership roles within existing teams or recruit the ideal professionals from my personal network for the job.
I drive work with speed and focus that most devops teams being entangled in daily operations and competing priorities can’t afford.
I provide immediate relief to senior managers facing challenges that exceed the capabilities of internal resources, ensuring swift resolution and expert support.
I serve as a trusted advisor, offering expertise-driven consultancy for specific projects, conducting in-depth Strengths, Weaknesses, Opportunities, Threats (SWOT) analyses, and assisting in strategic planning.
I support clients in running Request for Proposals (RFP) for selecting security service providers and products.
Subject Matter Expertise
I possess cross-functional technical expertise and market awareness in various areas, allowing me to support your organization in:
Building data collection platforms and ETL processes
Logs, evidence, telemetry, observables, TI, business intelligence, etc
Executing Digital Forensics and Incident Response (DFIR) investigations based on my own or organization’s toolset and process
Identifying scenarios, automating workflows based on different detection technologies, triaging findings, fine-tuning
Writing rules, verifying detections, building multi-product data unification layers
EDR/SIEM deployment and tuning
Onboarding customer on EDR or SIEM product with detections tuning, use cases definition, filtering, log sources connection, and triage playbooks creation
External Attack Surface Management (EASM)
Performing one-time and continuous external scans and data collections from various sources with the goal of mapping client’s external attack surface so it can be constantly monitored and managed
Business Email Compromise (BEC)
Performing fast and cost efficient investigations based on extracted Azure logs
Client's BEC delivery pressured by the 'race to bottom'
Performed extensive business and process assessment based on deep review of over 400 past cases and dozens of interviews
Time spent on different phases, margins, realized x-sell, relevant clients’ technologies, top TTPs, top IVs, typically available logs, bottlenecks, quality issues
Delivered an MVP that based on testing allowed for up to 10x speed gains
Selecting a pay-as-you-go Databricks platform with Bronze-Silver-Gold data processing model allowed us to codify SME expertise and plan for a future-proof, interoperable, scalable, and cost-efficient cross-service unified data platform.
Productionized the solution for 40+ analysts across three Azure locations globally and consulted on the fixed-price go-to-market offering
Based on the first 100 cases processed in the new platform speed gains averaged around 3x compared to the previous process. Most skilled analysts were capable of gaining up to 10x on some cases. Case openings hit all-time record high over three consecutive months.
Designed, developed, and operationalized a Security Validation managed service by orchestrating Velociraptor, ELK, Shodan, Virustotal, and Pandas software to deliver a low-effort internal and external Attack Surface Management offering.
Set up a fully functional 24/7 SOC and CSIRT teams with security monitoring, alerts triage, incident response, threat hunting, and threat intelligence capabilities. Built a ARR focused go-to-market Managed Detection and Response service offering around them equipped with cross-sell capabilities and closed feedback loops.
EDR, SIEM, and security data lakes
Performed EDR and SIEM onboarding projects for clients with 100k+ endpoints, delivered correlation rules and response use cases, developed playbooks, enrichment scenarios, and incident response plans.