Credentials

My Approach to Security

Security shouldn't be a checkbox exercise.

I help growing businesses implement practical, risk-based security that fits how they already work. The goal is a posture your team can maintain, supported by clear policies, sensible controls, automated enforcement, and metrics that show real progress.

Areas of Expertise

Endpoint Security & MDM

Deployed and managed Intune, Omnissa Workspace One, and BYOD policies. Configured Conditional Access, device compliance rules, and application deployments at scale.

Identity & Access Management

Deep expertise in Entra ID, Active Directory, Conditional Access, and hybrid identity architectures. Designed identity environments from scratch during corporate spin-offs.

Vulnerability and Patch Management

Cut 45k+ vulnerabilities by 50%+ in under two months using Qualys VMDR & Patch Management, prioritising Cyber Essentials Plus criticals and increasing device coverage from <60% to 99%+ with automation.

Security Automation

Built PowerShell and Power Automate workflows for automated patching, onboarding/offboarding, HR-to-directory sync, and vulnerability remediation — reducing manual security tasks significantly.

Compliance & Certification

Led organisations through ISO 27001, Cyber Essentials Plus, and TISAX certifications. Full lifecycle from gap analysis and policy authoring through to audit preparation and successful certification.

Incident Response & Risk Management

Managed cybersecurity posture through Qualys EDR, maintained asset and risk registers, and drove risk mitigation strategies aligned with ISO 27001 and NIST frameworks.

Frameworks & Standards

ISO 27001:2022

Authored 25 ISO 27001-aligned policies covering all 93 Annex A controls, plus 20+ business continuity plans. I contributed to core certification artefacts including the Statement of Applicability (SoA), asset register, and risk register, and drove certification readiness through successful external audits.

Cyber Essentials / CE+

Drove gap analysis, technical controls mapping, evidence collection, and remediation for successful Cyber Essentials Plus certification.

ISO 21434

Consulted on automotive cybersecurity standards, turning customer and compliance expectations into actionable infrastructure controls. Moderated cybersecurity community meetings to unblock teams, clarify customer needs, and steer delivery toward strong, customer-ready outcomes.

TISAX / IATF16949

Acted as a hands-on compliance enabler for automotive security standards at Vitesco Technologies and Expleo Group—implementing infrastructure controls, operationalizing policies, and supporting teams through certification readiness activities.

Certifications

Microsoft 365 Certified: Fundamentals

Microsoft

Google Workspace Administrator

Google

ITIL v3 Foundation

AXELOS

Qualys Certified Specialist — VMDR

Qualys

Qualys Certified Specialist — Patch Management

Qualys

Microsoft Certified: Azure AI Fundamentals

Microsoft

Automotive Cybersecurity Engineer (ISO/SAE 21434)

TUV / Industry Certification

Microsoft 20347A Enabling and Managing Office 365

Microsoft

Oracle PL/SQL Developer Certified Associate

Oracle