Systems Engineer by training, InfoSec Consultant by trade focussing on pragmatic security risk assessment and treatment, I lead the InfoSec engagement on high risk, high impact projects that shape large organisations and which you *will*, unknowingly, use! I've worked across a range of sectors in InfoSec from defence, media and Government, and currently focus on AppSec and DevSecOps; developing and implementing AppSec strategies across big organisations by:
Being able to teach threat modelling to developers is a skill based on many years of InfoSec risk management across a number of industry sectors and frameworks, such as ISO 27001, NIST and HMG IAS1&2, and my background in systems engineering, working with frameworks such as UML and MODAF/TOGAF.
My approach to InfoSec is built on my systems engineering background and, as such, I'm a huge advocate for InfoSec becoming data driven, measurable and value adding. After all, "user experience is everything, security only needs to be good enough".
Things that currently pique my interest:
This site has been around since 2016 in one form or another and tends to get heavily modified with little warning! I created this site for two reasons:
That second point means that this site is hosted in an AWS S3 bucket, served via Cloudfront (with Lambda@Edge injecting Content Security Policy headers) and is IPv6 enabled. In previous incarnations, it was self hosted on an EC2 instance just to get the CSP headers to work, but Lambda @ Edge smashed that one out the park!