Skip to toolbar
Principal Job Title
CTO, CISO
1 Line Summary
Serial CTO/CISO with a passion for Information Technology and Security.
Availability & Rates

You must be registered and logged in to see this information.

Log in or Join
Ratings

HiveRank: Affiliate (192)
Country
United Kingdom
Closest Town / City
Aylesbury
Self Nominated & Interviewed by

Member since: 28-10-2018
My Background Details
Until June 2018 employed as the Global Chief Information Security Officer, NCC Group responsible for security strategy across a global and complex business. Formally Chief Technology Officer, Managed Security Services at NCC Group. Having previously served as a senior RAF officer working in the military communications and intelligence environments. Educated to masters degree level, I am a business focused strategic leader with a strong technical background in all of the Cyber Security and Information Assurance service fields. I have maintained UK Government secure systems covering both technical operation and their system’s security accreditation, as well as acting a senior strategic advisor to multiple industry verticals.
Current Role Details
Responsible for establishing and maintaining the company’s vision, strategy and programme to ensure that information assets and technologies are adequately protected. Directing staff in identifying, developing, implementing and maintaining processes across the organisation to reduce information security breaches and other information technology risks. A key role that forms one of the ten executive positions with NCC Group.
Planning and primary lead on multiple security programs, reducing the detection of internal Red Team activities to seven seconds from a previous stance of being unable to detect their activities.
CASE STUDIES
SIGNIFICANT REDUCTION IN MALICIOUS ACTIVITY DETECTION AND RESPONSE TIMES. - Case Study: 1 of 2.

Situation
Shortly before I took over as CISO for NCC Group, they had completed their first ever internal Red Team Exercise. Before reading the final report, I asked only two questions. How long did it take you to detect their activities and how long before they owned a privileged account? The answer was, we didn’t and around 10 seconds!

Task
Design a remediation plan that address the critical vulnerabilities identified during the exercise. Design and implement better security controls across the corporate network. Schedule a second Red Team exercise after the implementation.

Action
Identify best-of-breed technology solution and leverage vendor relationship to achieve the best value for money. Security stacks solutions across:

• Network Visibility
• Access Control
• Privileged Identity Management
• Information Discovery and Classification
• Security Incident and Event Management (Use Case Workshop)

Improve user security awareness training, review and redraft key policies.

Results
After 12 months of work in the planning and implantation, a second Red Team exercise was conducted. The answers were vastly different, 7 seconds and 7 days.
IMPLEMENTATION OF ISO STANDARDS - Case Study: 2 of 2.

Show / Hide Full Details


Situation
In order to meet with increasing customer demand for industry standard compliance across process quality, manged services and security; It was decided that we would seek ISO certifications for 9000, 20000 and 27001.

Task
An aggressive time scale of 6 months was set to produce all regulatory policies, procedures and controls for these standards.

Action
A small team, led by myself was set up to build the frameworks of documents and controls required assisted by an external third party to review and critique our approach. Workshops were conducted across all areas of the business, along with new training packages.

Results
We successfully gained all three certification, within the given time scale, with significant buy-in from all staff. No major non-conformities were noted and the organisation adopted the concept of continual performance improvement, not just is light of these certifications, but across all aspects of the business.



John Green

Profile picture of John Green

@john_green

active 2 days, 13 hours ago