$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Highly Skilled & Certified Cyber Security and Information Security Consultant
Kenny McLean
,
Newport, United Kingdom
Experience
Skills
I'm offering
A NCSC Senior CCP IA-Architect, Senior CCP SIRA & CISSP certified information security consultant who has over 10 years' experience gained from the defence, public and private sectors. My technical background has allowed me to effectively assess and mitigate system and network security risks and threats, both at the SME and large enterprise business level. I have also successfully advised and led the secure design, architecture, implementation & integration of various secure systems from small-budgeted projects to multi-million-pound programmes.
Markets
United Kingdom
Links for more
Once you have created a company account and a job, you can access the profiles links.
Industries
Language
English
Fluently
Available
My experience
2020 - ?
freelance
Security Advisor, Senior Practitioner
Office for National Statistics.
Outline
The primary focus of the role is to provide the ONS business with security advice and best practice to develop 'Secure by Design' protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS. These responsibilities were applied to ONS' on-prem infrastructure, Cloud Infrastructure (AWS) and VMware Cloud (VMC) Software Defined Data Centre (SDDC)
Key Responsibilities
• Expert in information risk management into enterprise risk management.
• Inform the Lead and Chief Security Officer and other senior ONS stakeholders on business-driven information risk management strategies, policies, and practices.
• Expert knowledge of ONS data classifications and appropriate security controls.
• Expert understanding of ONS data security and architectures to enable the delivery of consistent security advice.
• Expert knowledge of the Data Access Platform which is assigned as Critical National Infrastructure.
• Advised stakeholders on the implementation of new security controls across programmes.
• Expert in the development of new security policies and controls.
• Provided expert knowledge of ONS-wide information risk assessment techniques, reporting frameworks, processes and ensured their consistent application.
• Develop and mentor Security Advisors.
• Planned and managed delivery of security tasks aligned to the ONS Agile Framework.
• Established successful working relationships with team members, key internal and external stakeholders which improved the value of security services provided.
• Ensure security controls are proportionate and align with NCSC and GDS guidance.
Key Achievements
• Created a repeatable process to allow consistent assurance across cloud projects by aligning ONS Cloud Security Principles with CIS (v8) Critical Security Controls, safeguards, and Cloud Provider Foundational Benchmarks.
• Assisted in the creation of the Cloud Security Model which ONS follows.
• Gave training to Security Operations personnel on how to identify firewall change requests which did not meet security best practice or ONS principles.
The primary focus of the role is to provide the ONS business with security advice and best practice to develop 'Secure by Design' protections for organisational assets and embed the ONS Security Framework - principles; policies; processes; threat model; security risk management into the ONS. These responsibilities were applied to ONS' on-prem infrastructure, Cloud Infrastructure (AWS) and VMware Cloud (VMC) Software Defined Data Centre (SDDC)
Key Responsibilities
• Expert in information risk management into enterprise risk management.
• Inform the Lead and Chief Security Officer and other senior ONS stakeholders on business-driven information risk management strategies, policies, and practices.
• Expert knowledge of ONS data classifications and appropriate security controls.
• Expert understanding of ONS data security and architectures to enable the delivery of consistent security advice.
• Expert knowledge of the Data Access Platform which is assigned as Critical National Infrastructure.
• Advised stakeholders on the implementation of new security controls across programmes.
• Expert in the development of new security policies and controls.
• Provided expert knowledge of ONS-wide information risk assessment techniques, reporting frameworks, processes and ensured their consistent application.
• Develop and mentor Security Advisors.
• Planned and managed delivery of security tasks aligned to the ONS Agile Framework.
• Established successful working relationships with team members, key internal and external stakeholders which improved the value of security services provided.
• Ensure security controls are proportionate and align with NCSC and GDS guidance.
Key Achievements
• Created a repeatable process to allow consistent assurance across cloud projects by aligning ONS Cloud Security Principles with CIS (v8) Critical Security Controls, safeguards, and Cloud Provider Foundational Benchmarks.
• Assisted in the creation of the Cloud Security Model which ONS follows.
• Gave training to Security Operations personnel on how to identify firewall change requests which did not meet security best practice or ONS principles.
Security, Platform, Processes, Framework, Enterprise, Software, Development, Office, Infrastructure, Assessment, Implementation, Statistics, Design, Firewall, Management, Cloud, Mentor, Risk Management, Training, VMware, Agile, AWS, Operations
2019 - 2020
freelance
Security Architect
QinetiQ/MoD.
Outline
Main responsibility is to carry out the function of the Security Architect for a new Tactical WAN Environment. This includes supporting the project Engineering team and providing Security Engineering support.
Key Responsibilities
• Provide the following capabilities as required by the project or determined by the workload alignment:
◦ Security Architecture
◦ Security Engineering and Design
◦ Security Consultancy
• Work with the engineering lead and project architect to deliver a security solutions.
• Analyse security risk within each design as appropriate to the scope and ensure that all interested stakeholders are informed or consulted where necessary.
• Design security controls in compliance with group-wide security standards and configuration workbooks.
• Where necessary support the project in articulating waivers related to security design decisions taken.
• Take the lead on security architecture decisions and issues where the problem scenario is not covered by a pattern or standard. Seek guidance from Security Specialists where appropriate.
• Collaborate with alternative technical resources with the goal of supporting projects in the production of design documentation e.g., Technical Solution Designs (TSD's) or security documentation where necessary.
• Ensure that the drivers of Cost, Pace and Quality are maintained during production of or contribution to design artefacts.
• Provide security design engineering effort that leads to the creation of high-quality solutions that comply with all relevant group-wide policies and Security Standards.
Main responsibility is to carry out the function of the Security Architect for a new Tactical WAN Environment. This includes supporting the project Engineering team and providing Security Engineering support.
Key Responsibilities
• Provide the following capabilities as required by the project or determined by the workload alignment:
◦ Security Architecture
◦ Security Engineering and Design
◦ Security Consultancy
• Work with the engineering lead and project architect to deliver a security solutions.
• Analyse security risk within each design as appropriate to the scope and ensure that all interested stakeholders are informed or consulted where necessary.
• Design security controls in compliance with group-wide security standards and configuration workbooks.
• Where necessary support the project in articulating waivers related to security design decisions taken.
• Take the lead on security architecture decisions and issues where the problem scenario is not covered by a pattern or standard. Seek guidance from Security Specialists where appropriate.
• Collaborate with alternative technical resources with the goal of supporting projects in the production of design documentation e.g., Technical Solution Designs (TSD's) or security documentation where necessary.
• Ensure that the drivers of Cost, Pace and Quality are maintained during production of or contribution to design artefacts.
• Provide security design engineering effort that leads to the creation of high-quality solutions that comply with all relevant group-wide policies and Security Standards.
Design, Architecture, Security, Compliance, Engineering, Support, Production, WAN
2018 - 2019
freelance
IT Security Officer
Office for Students.
Outline
Contracted to the Office for Students (OfS) who are a Non-Departmental Public Body for the regulation of Higher Education in England & Wales. My role as the IT Security Officer was to assist with developing a cyber security framework and ISMS which they could essentially administer themselves.
Key Responsibilities
• Manage and perform Security design and architecture assessments for internal projects and 3rd party assurance, especially regarding the transformation to an Azure Cloud environment.
• Plan and perform internal audits and gap analysis to ensure continued policy compliance to support the development of the ISMS.
• Manage third party security testing organisations, testing scope and reporting, and arrange remediation for any issues found.
• Support the Security Awareness project manager with technical security knowledge.
• Perform risk assessment and treatment planning.
• Manage the cyber security risk register including risk assessment, periodic review of risks etc.
• Pro-active monitoring of current threats and security trends.
• Determine upcoming compliance requirements and desires (Cyber Essentials Plus, ISO27001 etc.)
• Provide assurance to ISSG (Information Security Steering Group) and other senior stakeholders through management reporting; participate in the ISSG group to provide security expertise and advice.
• Carry out protective monitoring of the AlienVault SIEM solution, perform incident response and investigation where required.
• Assist and advise OfS Governance in matters pertaining to GDPR.
Key Achievements
• Successfully guided the end client in attaining Cyber Essentials Plus
• Initiated a risk management programme.
• Initiated security review of third-party suppliers into procurement process.
• Assisted and guided the end client in a security awareness programme.
• Took the Business Cyber Security approach from an INITIAL CMM level to DEFINED.
Contracted to the Office for Students (OfS) who are a Non-Departmental Public Body for the regulation of Higher Education in England & Wales. My role as the IT Security Officer was to assist with developing a cyber security framework and ISMS which they could essentially administer themselves.
Key Responsibilities
• Manage and perform Security design and architecture assessments for internal projects and 3rd party assurance, especially regarding the transformation to an Azure Cloud environment.
• Plan and perform internal audits and gap analysis to ensure continued policy compliance to support the development of the ISMS.
• Manage third party security testing organisations, testing scope and reporting, and arrange remediation for any issues found.
• Support the Security Awareness project manager with technical security knowledge.
• Perform risk assessment and treatment planning.
• Manage the cyber security risk register including risk assessment, periodic review of risks etc.
• Pro-active monitoring of current threats and security trends.
• Determine upcoming compliance requirements and desires (Cyber Essentials Plus, ISO27001 etc.)
• Provide assurance to ISSG (Information Security Steering Group) and other senior stakeholders through management reporting; participate in the ISSG group to provide security expertise and advice.
• Carry out protective monitoring of the AlienVault SIEM solution, perform incident response and investigation where required.
• Assist and advise OfS Governance in matters pertaining to GDPR.
Key Achievements
• Successfully guided the end client in attaining Cyber Essentials Plus
• Initiated a risk management programme.
• Initiated security review of third-party suppliers into procurement process.
• Assisted and guided the end client in a security awareness programme.
• Took the Business Cyber Security approach from an INITIAL CMM level to DEFINED.
Compliance, Manager, Framework, Development, Office, Testing, Monitoring, Assessment, Support, Management Reporting, Transformation, It, ISO27001, Design, Security, Architecture, Governance, GDpr, Management, Cloud, Risk Management, Information Security, Procurement, Azure, Project Manager
2018 - 2018
freelance
Security Consultant & Platform Systems Integrator SME
General Dynamics MS.
Outline
Contracted to General Dynamics who had developed a new innovative military communications platform which would allow STRIKE force ground troops access to high-speed data for situational awareness and intelligence gathering. My main responsibility was to oversee, initiate and advise on the security aspects of this system.
Key Responsibilities
• High Level Designs for the Security Architecture of the new system
• Identify appropriate security control solutions and define the system accreditation scope.
• Authoring the Security Management Plan
• Information Security Risk Analysis in line with HMG IA Standards 1 & 2
• Liaise with partner companies.
Key Achievements
• Presented secure solution HLD to Army Warfare Experimentation stakeholders to allow communications from ground troops to higher echelons.
• Presented the communication platform to UK 2 & 3 Star Generals.
Contracted to General Dynamics who had developed a new innovative military communications platform which would allow STRIKE force ground troops access to high-speed data for situational awareness and intelligence gathering. My main responsibility was to oversee, initiate and advise on the security aspects of this system.
Key Responsibilities
• High Level Designs for the Security Architecture of the new system
• Identify appropriate security control solutions and define the system accreditation scope.
• Authoring the Security Management Plan
• Information Security Risk Analysis in line with HMG IA Standards 1 & 2
• Liaise with partner companies.
Key Achievements
• Presented secure solution HLD to Army Warfare Experimentation stakeholders to allow communications from ground troops to higher echelons.
• Presented the communication platform to UK 2 & 3 Star Generals.
Information Security, Management, Architecture, Security, Risk analysis, Platform
2013 - 2017
freelance
Security & Network Consultant
Sensus.
Outline
Sensus supply products for the smart metering programme. My main responsibility was to advise on all information security matters pertaining to their new UK business environment and developing solutions.
Key Responsibilities
• Security Architecture implementation (Inc. access controls, cryptography, network segmentation, secure protocols, monitoring systems, remote access and information classification.)
• Integration of current and new corporate systems
• Compliance & implementation of ISO27001
• Network Changes and implementations
• Successfully ensured that Sensus has been contractually compliant with regards to ISO27001
• Small-scoped penetration testing and vulnerability assessments
• Liaised with 3rd party Penetration testing companies and scoped penetration tests.
• Reviewed Security Management Plans and authored supporting policies.
• Carried out social engineering exercises.
• Liaised with 3rd parties to arrange Security Awareness training
• Presented solutions for secure access to primary contractor Data Centres.
Key Achievements
• Designed, implemented, and tested clients' network and security in line with business requirements and contractual obligations.
• Reduced penetration testing costs by £8000.
• Successfully guided the UK business in passing a security audit from the primary contractor.
Sensus supply products for the smart metering programme. My main responsibility was to advise on all information security matters pertaining to their new UK business environment and developing solutions.
Key Responsibilities
• Security Architecture implementation (Inc. access controls, cryptography, network segmentation, secure protocols, monitoring systems, remote access and information classification.)
• Integration of current and new corporate systems
• Compliance & implementation of ISO27001
• Network Changes and implementations
• Successfully ensured that Sensus has been contractually compliant with regards to ISO27001
• Small-scoped penetration testing and vulnerability assessments
• Liaised with 3rd party Penetration testing companies and scoped penetration tests.
• Reviewed Security Management Plans and authored supporting policies.
• Carried out social engineering exercises.
• Liaised with 3rd parties to arrange Security Awareness training
• Presented solutions for secure access to primary contractor Data Centres.
Key Achievements
• Designed, implemented, and tested clients' network and security in line with business requirements and contractual obligations.
• Reduced penetration testing costs by £8000.
• Successfully guided the UK business in passing a security audit from the primary contractor.
Engineering, Audit, Social, Testing, Monitoring, Implementation, Network, Penetration testing, ISO27001, Audit, Compliance, Security, Architecture, Integration, Management, Information Security, Training
2011 - 2013
job
Network Implementation Engineer
Fujitsu.
Network, Implementation
2011 - 2011
job
Network Test & Verification Engineer
Cassidian.
Test, Network
2001 - 2004
job
Network Engineer
Nortel Network.
Network
1992 - 2001
job
Sergeant Armed Forces - Radar Technician
REME.
Kenny's reviews
Kenny has not received any reviews on Worksome.
Contact Kenny McLean
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Kenny directly in Worksome.
38000+ qualified freelancers
are ready to help you
Tell us what you need help with
and get specific bids from skilled talent in Denmark