Professional Experience

Fractional IT & Security Officer (vCISO)

Oxford Data Plan

July 2025 – Present

  • Engaged as a fractional IT and security leader to build and lead the company's IT function from the ground up — no formal IT operations, security framework, or dedicated technical leadership existed before this engagement
  • Designed and implemented the entire IT and cloud security foundation — identity and access management (IAM) using Microsoft 365 and Entra ID, endpoint management through Intune, Conditional Access policies, and operational workflows
  • Built a fully automated employee onboarding and offboarding pipeline using Power Automate and Azure Automation runbooks, integrating with HiBob (HR system) for automatic account provisioning, licensing, and access control based on department and team
  • Extended identity lifecycle with SCIM provisioning and SSO integration across the company's SaaS stack, so changes propagate automatically beyond the Microsoft environment
  • Implemented a ticketing system to centralise IT service management, providing visibility into workload and eliminating dropped requests
  • Evaluated and rolled out company-wide cybersecurity awareness training (Guardey) as part of a broader security culture programme
  • Built the complete ISO 27001 ISMS documentation package from scratch — policies, procedures, risk registers, and supporting evidence — positioning the company for certification readiness
  • Developed the company's long-term IT strategy aligned to business growth, including ongoing evaluation and rationalisation of the software stack to eliminate duplication and control costs
Microsoft 365 Entra ID Intune Power Automate Azure Automation HiBob SCIM / SSO ISO 27001 PowerShell

Principal MSP Cloud Support Engineer

The Orange Crew

June 2025 – Present

  • Engaged through Upwork as the senior-most technical resource for a US-based MSP supporting over 30 clients across Microsoft 365, Entra ID, on-premises Active Directory, hybrid identity environments, and Google Workspace
  • Initial engagement: recovered a client's failed on-premises domain controller from a 6-month-old backup — reconstructing all AD objects and settings into a new, clean domain on a virtualised server, preserving the original domain name and restoring full functionality
  • Retained as third-tier escalation engineer — the final line of defence before engaging vendors like Microsoft directly
  • Planned and executed a full Hyper-V host migration — relocating domain controllers, file servers, and critical VMs from legacy hardware to a new virtualised platform with near-zero downtime
  • Led a multi-phase hybrid identity transformation: LAN subnet migration (192.168.x.x → 172.28.x.x) for VPN compatibility, on-premises AD domain migration, and Entra ID Connect deployment for hybrid identity
  • Deployed secure browser infrastructure across 400+ ChromeOS devices for a test centre client, migrating from Google Workspace management to meet examination compliance requirements
  • Built standardised audit reports covering Active Directory and Entra ID health across the full client base, with ongoing advisory on DNS hygiene (SPF, DKIM, DMARC) and security posture
  • Deployed Azure Virtual Desktop (AVD) environments for clients with specialist remote access requirements
  • Maintain 5-star rating and 100% job success score on Upwork with Top Rated Plus status — top 3% of performers on the platform
Microsoft 365 Entra ID Active Directory Hyper-V Azure Virtual Desktop Google Workspace ChromeOS Windows Server DNS / SPF / DKIM / DMARC

Fractional IT & Security Officer (vCISO)

Sirio

August 2025 – Present

  • Engaged as a fractional IT and security leader for a small business (<20 employees) with no formal IT function or security framework — primary objective was Cyber Essentials certification, successfully completed by end of 2025
  • Deployed Qualys across the entire estate as a unified endpoint security platform — antimalware, EDR, vulnerability management, and patch management with zero-touch automated deployment for OS and third-party updates
  • Implemented Microsoft Intune for endpoint and device management with Conditional Access policies to enforce security baselines — establishing a zero trust foundation proportionate to the company's size and risk profile
  • Provide ongoing day-to-day IT support and act as trusted security advisor to the Director of Operations, including completing customer security questionnaires that support business development and client retention
  • Contributing to ISO 27001 readiness alongside the company's external ISMS provider — ensuring proposed policies and controls are practical and proportionate for a sub-20 person organisation
Qualys VMDR Qualys EDR Intune Microsoft 365 Entra ID Cyber Essentials ISO 27001

Senior IT Security Consultant

Qodea

September 2024 – July 2025

  • Served as a senior IT security consultant providing expert-level infrastructure and cybersecurity support to internal teams and leadership
  • Owned the endpoint security and vulnerability management programme — deployed and configured Qualys VMDR across 300+ devices with fully automated vulnerability scanning and zero-touch patch management for OS and third-party updates
  • Designed automation workflows that reduced patch deployment time by approximately 60%, eliminating manual intervention from the patching cycle
  • Configured and implemented VMware Workspace ONE as the company's MDM platform, achieving over 98% device enrolment coverage within three months of deployment
  • Completed the company's ISO 27001 ISMS documentation, with focus on Business Continuity Planning (BCP) and Disaster Recovery (DR) procedures — directly supporting audit readiness
  • Built automation integrations between internal SaaS platforms to reduce manual workload on the service desk, and provided ongoing security consultancy to leadership on infrastructure hardening and risk management
Qualys VMDR VMware Workspace ONE PowerShell ISO 27001 Cyber Essentials BCP / DR

Product Cybersecurity Consultant

Expleo Group

June 2023 – August 2024

  • Led automotive cybersecurity consultancy aligned to ISO 21434 and TISAX, including founding and leading the global Automotive Cybersecurity Community that produced a 100+ document knowledge base for secure ECU development practices
ISO 21434 TISAX Risk Assessment Security Auditing

Head of Local IT

Vitesco Technologies

April 2020 – June 2023

  • Led the IT separation during Vitesco's spin-off from Continental, building the first independent Vitesco IT environment in Europe from scratch — on time, under budget, with zero disruption to business operations
  • Managed the local IT team and annual IT budget, achieving 12% cost savings through strategic vendor negotiations and process optimisation
  • Ensured compliance with TISAX and IATF 16949 certification requirements
Active Directory Azure AD Windows Server TISAX IATF 16949

Senior IT Infrastructure Engineer

OSRAM Continental

July 2018 – March 2020

  • Designed and deployed the complete hybrid identity infrastructure (on-premises Active Directory + Azure AD + Microsoft 365) during the company spin-off, including the Operational Technology (OT) domain — enabling seamless authentication and cloud resource access from day one of the new entity
Active Directory Azure AD Microsoft 365 OT Infrastructure Hyper-V

Senior IT Infrastructure Engineer

Continental

June 2017 – July 2018

  • Managed full hardware lifecycle and served as IT consultant to business departments, including leading server virtualisation migrations and cybersecurity awareness initiatives
VMware Windows Server Active Directory

IT Helpdesk Manager

Arcadia Support RO

September 2014 – June 2017

  • Managed a global IT helpdesk, defining ITIL-aligned processes and deploying the SysAid ITSM platform across the global support structure
SysAid ITSM ITIL v3 Active Directory

IT Helpdesk Team Lead

Accenture

June 2013 – September 2014

  • Led helpdesk operations focused on KPI delivery, team mentorship, and professional development
ITIL Windows Active Directory

IT Helpdesk Engineer & InfoSec Support Technician L2

Centrico Selir

January 2009 – June 2013

  • Provided L2 support across Windows, Active Directory, DNS/DHCP, and McAfee ePO endpoint security, authoring 50+ knowledge base articles that reduced resolution times by 25%
McAfee ePO Active Directory DNS / DHCP Windows