Over the past fifteen years David has provided consultancy and information security training services to clients from a broad spectrum of industry; including the Financial Services Sector (Investment and High Street Banks, Insurance and Reinsurance Companies, Broking Houses); Petrochemical and Pharmaceutical Companies; Utilities and the Public Sector.
For the last ten years, he has been heavily involved in BS 7799, including being part of the BS 7799 rewrite team in 1999, creating the certification processes for the ‘BS 7799 standard’, and was one of the first ever certified BS 7799 c:cure Auditors.
David has assisted, as a BS 7799 Consultant, a number of companies that have gone on to achieve BS 7799 certification, and was the first, and to date only, certified Principal ISMS Auditor for BS 7799.
David also has extensive computer forensic experience.
David has led his own consultancy to BS 7799 and ISO 9000 certification for their consultancy services and has developed an accelerated methodology for implementing BS 7799 in organisations
David is currently teaches a M. Sc. in information security and reading for a Ph.D. in Open Source Intelligence mapping of the CNI at the University of Glamorgan. Currently cleared to SC in a number of government departments, also holds SC (A) and is CLAS registered (2004 – 2005). Currently a serving TA officer in the Land Information Security Group (LIAG), a member of the Metropolitan Police Computer Crime Unit Expert panel.
Co-Author of ‘A Guide to Information Security Management’, Perpetuity Press, 2002, ISBN 1 899287 60 4
Key Skills
Baselining systems to security policy
BS 7799 Implementation and Auditing
Creating Security Policies, Standards, Procedures and Processes
Compliance auditing to SOx, GLB, HIPAA, SAS 70, FSA requirements incl CP142
Data Protection Act 1998 Compliance and Consultancy
Disaster Recovery, Business Continuity & Contingency Planning
Due Diligence and Audit
Expert witness
Forensic Computing and evidence recovery
Mainframe Security and Access Control (MVS, VM/CMS and VME)
Network Security (MVS, AS400, VME, NetWare, VMS, UNIX, NT and the Internet)
Networking (LANs, WANs & Interconnectivity)
Outsourcing security issues including SLAs and performance
Security (Computer & Physical)
Training and development of training courses
Educational and Professional
Education
Certificate in Data Protection (1998 Act) (ISEB)
Certificate in Information Security Principles (ISEB)
Diploma in Safety Management (BSC)
M. Sc. Distributed Computer Systems (UoG)
M. SC Information Security (Distinction) (UoW)
Other
BCS Consultancy Register
BCS Register of Security Practitioners
Certifications and Chartered Status
Certified Principal BS 7799 ISMS Auditor
Certified Information Systems Auditor (CISA)
Certified Information System Security Professional (CISSP)
Certified Listed Advisor Scheme (CLAS)
Certified Management Consultant (CMC)
Certified Software Manager (CSM)
Certified Fraud Examiner (CFE)
Chartered Information Systems Practitioner
Memberships
British Computer Society (F)
Business Continuity Institute (M)
Chartered Institute of Arbitrators (M)
Institute of Analysts and Programmers (F)
Institute of Communications, Arbitration and Forensics (M)
Institute of Information Systems Management (F)
Institute of Management Consultants (M)
Institute of Risk Management (MIRM)
International Institute of Risk and Safety Management (M)
Most Recent Consulting Experience (Last 5 years in reverse order – recent first)
University Computer Centre – Perform gap analysis for BS 15000 and BS 7799. Perform joint roll out for certification to both standards including all documentation, implementation and training.
Investment Bank – Compliance audit including SOx, GLB, BS 7799 and recommendations for closing the gap identified.
County Police Forces – Perform various forensic recoveries and produce trial packs. Expert witness services as required.
Various organisations Perform various forensic recoveries and produce trial packs. Expert witness services as required.
Property Company – BS 7799 roll out so that client can achieve certification.
Major Government Department – Perform a Gap Analysis against the Departmental security Standards and the ADS for E-business rollout. Advice on updating ADS and Departmental standards.
Direct Marketing Company - Perform a BS 7799 Gap Analysis. Advice and implementation for implementing BS 7799 and other related security issues.
Police Forces – Perform various forensic recoveries and produce evidence packs for Trial.
Recruitment Consultancy – Perform forensic recovery and produce evidence pack for industrial tribunal for Director who was acting inappropriately
Smart Card Company– Perform a BS 7799 Gap Analysis and develop a risk register with supporting procedures. Advice and implementation for implementing BS 7799 and other related security issues.
Police Force and a number of specialised Investigation Consultancies – provide computer forensic support and evidential recovery as required. Expert witness work provided as required.
Property Company – Perform a BS 7799 Gap Analysis. Advice and implementation for implementing BS 7799 and other related security issues.
Government Department – Perform a BS 7799 Gap Analysis. Advice and implementation for implementing BS 7799 and other related security issues.
Government Department (Police Organisation) – Perform a BS 7799 Gap Analysis. Stand in as security advisor (PKI and BS 7799) until permanent replacement found. Advice and implementation for ITIL processes and security procedures.
Financial Service Start-up – Perform a data protection and security audit to BS 7799. Make recommendations for compliance and implement the required DP Act compliance procedures.
Major City Law Firm – Provide computer forensic support and recovered evidence for an insurance investigation.
P & I Club – Perform a Data Protection audit and make recommendations for compliance.
Rail Infraco – Develop a set of business continuity plans for the Infraco. These covered loss of facilities rather than the traditional ‘railway crash’ scenarios.
Major City Law Firm – Review current client facing Internet applications from a security standpoint and make recommendations for improvement. This included technical testing as well as management reviews.
Research Establishment (Government Joint Venture) – Provide advice to the organisation who is seeking BS 7799 certification, including the definition of the ISMS, definition of an appropriate risk assessment process, deriving the SoA, and detailed training courses to support the rollout. |