CISO , Head of Information Security, GDPR, PCIDSS, International Speaker, Advisory Board Member
How good guys sharing threat intelligence is essential to data protection.
A senior cybersecurity leader, CISSP and ITIL qualified, with demonstrable experience in leading Information Security protection of international standards compliant 24/7 highly available systems in regulated environments. Working to ISO27001, ISO9001, NESA-IAS, PCIDSSv3.2 and P2PEv2.
Currently responsible for the MSS/SOC/SIRT and DFIR at a leading T4 Datacentre and Managed IT Services organisation.
Previously responsibly for PCIDSS and ISO27K at a leading European payments provider capable of settling many hundreds of millions Euros a year. That was preceded by a term of CISO level cyber risk advisory in Information Security management systems, Security Operations dashboards and incident response plan improvement at a leading security projects specialist. That followed a position monitoring PCIDSS compliance across the UK (ASDA & George) and delivering a new information security risk register, systems controls risk assessments and security consultancy to all ISD Projects. At Manchester Airport I was responsible for group level development and delivery of the IS Assurance Plan – an Information Security audit plan supporting PCIDSS, ISO27001, DPA98 and COBIT activity. Experienced at liaising with senior leadership teams to CX and board level to educate key stakeholders on the benefits of good security practice, changing cyber threats and a risk based approach to committing resource.
A 17 year career in IT, with seven years in roles within financial services. Specialist knowledge of producing working information security policies from international standards and frameworks such as CIS, NIST, HMG, SANS, NSA, AusDSD and NESA-IAS.
With a passion for educating an audience on choosing preventative and detective security controls, I can work as a trusted security adviser supporting the translation of security requirements into workable business solutions.
This article exposes how cyber-threats indicators sharing platforms, such as the Malware Information Sharing and Threat Sharing Platform (MISP), can help all actors involved in information security and data protection within Europe in fulfilling their obligations under the future General Data Protection Regulation (GDPR) to apply in the European Union (EU). Although such kind of platform could be used in order to share personal data, the reason why such data is exchanged should be perceived as being within the legitimate interest of data controllers and the interest of the individuals whose data is being shared, therefore in line with the requirements of the GDPR.