$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Senior
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Cyber Security Consultant | GCIH | GCCC | BSc
Ashley Woodhall
,
Sheffield, United Kingdom
Experience
Other titles
Skills
I'm offering
I offer practical and pragmatic consultancy with:
- Threat/risk/control assessments
- Strategy, framework and policy development
- Cyber essentials certification
- Security training, coaching and awareness
- Risk assessments
I am a pragmatic, down-to-earth Cyber Security professional who translates technical jargon into understandable business terms. I have worked in technical roles, risk management and strategy roles in both large enterprises and smaller organisations, giving me a balanced mix of experience when it comes to projects and job duties.
The vast majority of my experience is in the financial services sector, the most heavily regulated and mature industry when it comes to cyber security. However, I've also worked in a consultancy services role, working directly with customers in identifying breaches and recommending how they can improve their security posture.
With cyber security, a business can't focus on improving everything, so it is important to focus on those few areas which give the greatest return on investment.
My speciality is explaining cyber related businesses risk in a simple way, and advising on solutions in a rational, quantified manner to maximise ROI, both in effort and cost.
- Threat/risk/control assessments
- Strategy, framework and policy development
- Cyber essentials certification
- Security training, coaching and awareness
- Risk assessments
I am a pragmatic, down-to-earth Cyber Security professional who translates technical jargon into understandable business terms. I have worked in technical roles, risk management and strategy roles in both large enterprises and smaller organisations, giving me a balanced mix of experience when it comes to projects and job duties.
The vast majority of my experience is in the financial services sector, the most heavily regulated and mature industry when it comes to cyber security. However, I've also worked in a consultancy services role, working directly with customers in identifying breaches and recommending how they can improve their security posture.
With cyber security, a business can't focus on improving everything, so it is important to focus on those few areas which give the greatest return on investment.
My speciality is explaining cyber related businesses risk in a simple way, and advising on solutions in a rational, quantified manner to maximise ROI, both in effort and cost.
Markets
United States
(Remote
only)
United Kingdom
France
Germany
Lithuania
Denmark
Norway
Sweden
Finland
Links for more
Once you have created a company account and a job, you can access the profiles links.
Industries
Language
English
Fluently
Spanish
Good
Ready for
Larger project
Ongoing relation / part-time
Available
My experience
2019 - 2019
job
Cyber security strategy specialist
Banco Santander.
Main responsibilities:
- Contributing to the creation of and continuous development of the global group's cyber security strategy
- Collaborating with other cyber functions within the group to better understand their activities, problems and how we can help
- Researching the development of emerging technologies, threat actor activities, best practice etc. to understand how the group can best prepare for the future from a cyber perspective
- Understanding and helping steer how cyber security can directly impact the bank's ability to digitally transform and achieve growth in line with appetite
- Analysing risk data, metrics and other outputs to prioritise control improvements in a practical manner
- Contributing to the creation of and continuous development of the global group's cyber security strategy
- Collaborating with other cyber functions within the group to better understand their activities, problems and how we can help
- Researching the development of emerging technologies, threat actor activities, best practice etc. to understand how the group can best prepare for the future from a cyber perspective
- Understanding and helping steer how cyber security can directly impact the bank's ability to digitally transform and achieve growth in line with appetite
- Analysing risk data, metrics and other outputs to prioritise control improvements in a practical manner
Security, Digital Strategy, Risk Management, Governance Risk and Compliance, Information Security, Cyber Security
2018 - 2019
freelance
SOC Analyst
Proficio.
At Proficio I quickly became an autonomous and confident security operations center analyst - testing and developing myself in the detailed level of technical security analysis.
Main responsibilities:
- Interviewing and assessing potential employees
- Thoroughly analysing security alerts for a variety of technologies, companies and sectors
- Providing accurate, actionable information on incidents and recommendations on how to respond
- Making suggestions to create and improve SIEM content rules
- Understanding real-world attacker techniques, tools and procedures
- Making recommendations to customers to improve their security posture against their specific threat actors
- Designing SOC metrics to improve the effectiveness and efficiency of processes which helped identify issues such as lost time, false positives
Main responsibilities:
- Interviewing and assessing potential employees
- Thoroughly analysing security alerts for a variety of technologies, companies and sectors
- Providing accurate, actionable information on incidents and recommendations on how to respond
- Making suggestions to create and improve SIEM content rules
- Understanding real-world attacker techniques, tools and procedures
- Making recommendations to customers to improve their security posture against their specific threat actors
- Designing SOC metrics to improve the effectiveness and efficiency of processes which helped identify issues such as lost time, false positives
Operations, Content, Security, Analyst, Testing, Processes
2013 - 2017
job
Non Executive Director at YBS Insulation
YBS Insulation.
I was appointed to the board of directors as a NED for a number of reasons:
1. YBS is a family run business, being on a board maximises the opportunity for a steep learning curve in how to run a multi-million pound company - especially during a tough financial period.
2. I ask questions others are afraid to ask. At the time of my appointment, the business was facing a challenging period of turnaround or bust. My ability to ask both simple and difficult questions was seen as an asset in the board room.
3. I have technical knowledge and understanding that was lacking in the board room - I was able to see how technology could provide solutions for some of it's problems and could be an enabler rather than just another business function.
1. YBS is a family run business, being on a board maximises the opportunity for a steep learning curve in how to run a multi-million pound company - especially during a tough financial period.
2. I ask questions others are afraid to ask. At the time of my appointment, the business was facing a challenging period of turnaround or bust. My ability to ask both simple and difficult questions was seen as an asset in the board room.
3. I have technical knowledge and understanding that was lacking in the board room - I was able to see how technology could provide solutions for some of it's problems and could be an enabler rather than just another business function.
2015 - 2017
job
Technical Information Security Officer
Leeds Building Society.
I believe this role really helped me grow as a person as well as an Information Security professional.
I had a very niche and specialist role in the second line of defence. I was solely responsible for the oversight, assurance and challenge of the first line operational IT Security team. My responsibilities and expertise grew wider and deeper each year.
Main responsibilities:
• Using the FAIR risk assessment methodology to identify key threat scenarios and use the output to test and shape security posture
• Designing regular board papers on risk reporting and risk appetite breaches
• Scoping, managing and reporting on regular red team exercises (likely the most crucial and valuable assurance activity our function was responsible for)
• Designing requirements for and providing second line oversight, challenge and recommendations on projects such as Privileged Access Management, network segregation and baseline system hardening
• Establishing and chairing vulnerability management, security monitoring and configuration management improvement groups with security operations & IT infrastructure
• Proving internal consultancy for wider organisational, digital transformation and IT resilience projects
• Developing and carrying out a tailored threat intelligence procedure to identify vulnerabilities, threat actor TTP's and exploits
• Running, analysing, reporting and making prioritised recommendations on regular organisational vulnerability scans
• Running maturity reviews against the Information Security framework
• Reviewing the Information security framework and policies and designing guidance documents
• Designing tailored employee training and awareness based on the threat landscape
• Performing security due diligence against new and existing third parties
• Performing PCI DSS compliance reviews against the latest standard
• Regularly deputising for the Head of Information Security
I had a very niche and specialist role in the second line of defence. I was solely responsible for the oversight, assurance and challenge of the first line operational IT Security team. My responsibilities and expertise grew wider and deeper each year.
Main responsibilities:
• Using the FAIR risk assessment methodology to identify key threat scenarios and use the output to test and shape security posture
• Designing regular board papers on risk reporting and risk appetite breaches
• Scoping, managing and reporting on regular red team exercises (likely the most crucial and valuable assurance activity our function was responsible for)
• Designing requirements for and providing second line oversight, challenge and recommendations on projects such as Privileged Access Management, network segregation and baseline system hardening
• Establishing and chairing vulnerability management, security monitoring and configuration management improvement groups with security operations & IT infrastructure
• Proving internal consultancy for wider organisational, digital transformation and IT resilience projects
• Developing and carrying out a tailored threat intelligence procedure to identify vulnerabilities, threat actor TTP's and exploits
• Running, analysing, reporting and making prioritised recommendations on regular organisational vulnerability scans
• Running maturity reviews against the Information Security framework
• Reviewing the Information security framework and policies and designing guidance documents
• Designing tailored employee training and awareness based on the threat landscape
• Performing security due diligence against new and existing third parties
• Performing PCI DSS compliance reviews against the latest standard
• Regularly deputising for the Head of Information Security
Network, ME, Access management, Framework, Performing, Configuration Management, Assessment, Monitoring, Infrastructure, Transformation, It, Operations, Security, Compliance, Test, Due Diligence, Management, Information Security, It infrastructure, Training, Digital transformation
My education
2010
-
2014
Sheffield Hallam University
First class honours BSc, Computer Security And Forensics Technologies
First class honours BSc, Computer Security And Forensics Technologies
improve their security posture.
Ashley's reviews
Ashley has not received any reviews on Worksome.
Contact Ashley Woodhall
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Ashley directly in Worksome.
are ready to help you
and get specific bids from skilled talent in Denmark