Skill set
Industry fields of expertise
Bob in a few words
Are you concerned about ransomware but don’t know what to do?
Are you unsure if your business is safe from hackers?
Are you worried about data security but don’t know where to start?
I have over 25 years cybersecurity experience and have helped business both large and small to understand and manage their cybersecurity vulnerabilities and weaknesses.
Core to my approach is bridging the gap between technology and business priorities. What this means is:
✅ I will give you a clear picture of your cyber weaknesses
✅ I will suggest cost effective and pragmatic solutions
✅ I work across all technologies and products, such as AWS and Azure
✅ I can help you to implement solutions as well as advise
To give you an idea of the range of businesses I have worked with, here are some example projects:
- Security design (Azure) for green energy startup with 5 staff
- Strategic cyber health check for Ed Tech business (AWS) with 20,000 clients
- Cyber security operating model design for UK high street bank
- Security design of trading system for UK investment bank
- Preparation of a small agricultural business for Cyber Essentials
My approach is always pragmatic, straight forward, and based upon 25 years of experience.
The types of services I can help with are:
- vCISO services
- Building cyber capabilities and teams
- Cybersecurity healthcheck
- Cloud security design (AWS, Azure)
- Product or system security review incl. SAST
- Compliance - PCI DSS, GDPR, NIS
- ISO 27001 & Cyber Essentials
If you would like to know how I can help you, please Propose a Project (above) to start the conversation.
Experience
- Nicolson BrayFounder & Lead Information Security ConsultantJanuary 2014 - December 2024 (10 years and 11 months)Providing cybersecurity consultancy to UK small and medium sized businesses
- Developed and managed a Cybersecurity consultancy offering for UK small and medium sized businesses, bringing Financial Services IT Security risk management capabilities to mid-market & SME sector
- Presented to Senior Management Teams and Boards enabling them make risk based strategic IT Security investment decisions - Senior Stakeholder Engagement
- Carried out IT Security Audits and Assessments of mid-sized UK businesses
- Developed and implemented an IT risk and control framework based on NIST 800, CIS Critical Security Controls (CSC), ISO 27001 & Cloud Security Alliance Cloud Controls Matrix (CCM)
- Lloyds Banking GroupIT Security Operating Model Business Change ManagerJanuary 2013 - December 2013 (11 months)London, UK
- Developed IT Security Target Operating Model (TOM) covering Security Operations, Security Engineering, Security Architecture, Network Security, Security Risk and Security Governance processes
- Included service & team organisational structures, headcount, and roles & responsibilities
- Project managed and led successful TOM implementation over 12 months impacting five Directorates & 400 staff – enacted process and cultural change
- Defined and implemented IT Security Maturity Framework to measure TOM implementation progress – KPIs providing core MI reporting
- Handed over to CISO team on completion
- Lloyds Banking GroupTeam Lead & Program Security ArchitectOctober 2011 - January 2013 (1 year and 3 months)London, UK
- Supported program business case development securing £120 million of funding over three years
- Designed and developed Lloyds global IT Security Risk processes – based on NIST 800-30 & ISO 27001 and RSA Archer implementation
- Designed and developed Lloyds Application Security processes - Secure SDLC - Veracode and HP Fortify - SAST & DAST
- Oversaw development of IT Security policies and 70 architecture patterns & standards across all security domains
Recommendations
Certifications
- CISSPISC22005
- AWS Solution ArchitectAWS2024
- PRINCE 2PRINCE 22014