$$$$
{{ $t($store.state.user.experience_value_in_dollars) }}
Expert
{{ $t($store.state.user.experience_search_name) }}
0
jobs
Seasoned IT Security Professional with strong VBA/excel development skills
Stuart Nash
,
Cambridge, United Kingdom
Experience
Other titles
Skills
I'm offering
Over 25 years of experience working as an information technology and security professional. Strong security consulting background, specialising in providing pragmatic advice in relation to securing network/cloud infrastructure, management of security controls, cryptography and secure application development.
Highly motivated and excellent communicator with demonstrable experience working with a wide range of organisations internationally. Advocate of embedding security into business culture and processes by working with stakeholders to gain their trust and understanding.
Highly motivated and excellent communicator with demonstrable experience working with a wide range of organisations internationally. Advocate of embedding security into business culture and processes by working with stakeholders to gain their trust and understanding.
Markets
United States
(Remote
only)
Canada
(Remote
only)
United Kingdom
France
(Remote
only)
Germany
(Remote
only)
Lithuania
(Remote
only)
Denmark
(Remote
only)
Norway
(Remote
only)
Sweden
(Remote
only)
Finland
(Remote
only)
Links for more
Once you have created a company account and a job, you can access the profiles links.
Industries
Language
English
Fluently
Ready for
Ongoing relation / part-time
Available
My experience
2020 - ?
freelance
Enterprise Security Architect
HSBC.
Architecting a global system to report on business and security metrics.
Cyber Security, Enterprise architecture, Solution architecture, Tableau, Microsoft SQL Server, Excel and VBA programming
2016 - 2020
freelance
Secure Design Architect
easyJet.
(Contract - 4x renewals)
Managing a team of consultants in the Information Security department, I am a trusted advisor involving close liaison with
solution architecture and project teams to ensure practical secure design principles are understood and reflected in solutions. Architected secure designs for several AWS based solutions including:
• easyJet Holidays - greenfield project to design/implement a package holidays website
• Data Hub - Cloudera based data storage/analytics solution
• Linux based solution to perform data anonymisation to support GDPR compliance
Responsibilities also include:
• Breach containment and post-breach remediation activities (Feb 2020 - current)
• Implementation of a tool to analyse security control coverage and effectiveness using MS SQL Server / Tableau
• Development of a tool/process to perform effective firewall rule reviews/changes
1 of 3
• Marketing/GDPR - tag/pixel management with a focus on data leakage and monitoring for change (Risk-IQ)
• Scoping and review of penetration tests and prioritisation of remediation activities
• Working with stakeholders to embed security into the project lifecycle and business as usual processes
• On-going technical support to teams managing the PCI environment
• Presenting at lunch/learn events on security topics (Tags/Pixels, Forensics)
Managing a team of consultants in the Information Security department, I am a trusted advisor involving close liaison with
solution architecture and project teams to ensure practical secure design principles are understood and reflected in solutions. Architected secure designs for several AWS based solutions including:
• easyJet Holidays - greenfield project to design/implement a package holidays website
• Data Hub - Cloudera based data storage/analytics solution
• Linux based solution to perform data anonymisation to support GDPR compliance
Responsibilities also include:
• Breach containment and post-breach remediation activities (Feb 2020 - current)
• Implementation of a tool to analyse security control coverage and effectiveness using MS SQL Server / Tableau
• Development of a tool/process to perform effective firewall rule reviews/changes
1 of 3
• Marketing/GDPR - tag/pixel management with a focus on data leakage and monitoring for change (Risk-IQ)
• Scoping and review of penetration tests and prioritisation of remediation activities
• Working with stakeholders to embed security into the project lifecycle and business as usual processes
• On-going technical support to teams managing the PCI environment
• Presenting at lunch/learn events on security topics (Tags/Pixels, Forensics)
Firewall, Processes, Trusted Advisor, Server, Data Storage, Storage, Development, Monitoring, Support, Presenting, Implementation, Website, Security, Compliance, Marketing, Architecture, Analytics, Management, GDPR Compliance, GDpr, Solution architecture, Tableau, Information Security, SQL Server, AWS, Linux, Sql, Design
2015 - 2016
freelance
Cyber Security Specialist
Deutsche Bank.
(Contract - 3x renewals)
Working within CISO, Cyber Vendor Assurance is responsible for providing second line support to the teams that assess the security posture of vendors providing services to the bank. This includes the definition/review of the security controls
applicable to vendors, and assurance that the vendor assessment process is both thorough and effective through review of assessment activities/evidence. My activities included:
• Working with technical architecture teams to assess designs to identify security weaknesses. Technologies included
Docker and Kubernetes on a RHEL Container Host
• Working with engineering teams to ensure relevant security tools were deployed to meet the required Security
Capabilities across all target infrastructure
• Specification and implementation of a system to analyse security control effectiveness using MS SQL Server / SAP
Business Objects which provided coverage and compliance indicators of key technical controls
• Definition of evidence requirements for vendor control assessments to ensure effectiveness and consistency
• Production of 'Cyber Operating Models' and 'Run-Book' to instruct vendors about critical security processes
Working within CISO, Cyber Vendor Assurance is responsible for providing second line support to the teams that assess the security posture of vendors providing services to the bank. This includes the definition/review of the security controls
applicable to vendors, and assurance that the vendor assessment process is both thorough and effective through review of assessment activities/evidence. My activities included:
• Working with technical architecture teams to assess designs to identify security weaknesses. Technologies included
Docker and Kubernetes on a RHEL Container Host
• Working with engineering teams to ensure relevant security tools were deployed to meet the required Security
Capabilities across all target infrastructure
• Specification and implementation of a system to analyse security control effectiveness using MS SQL Server / SAP
Business Objects which provided coverage and compliance indicators of key technical controls
• Definition of evidence requirements for vendor control assessments to ensure effectiveness and consistency
• Production of 'Cyber Operating Models' and 'Run-Book' to instruct vendors about critical security processes
Sql, Docker, SQL Server, SAP, Kubernetes, Architecture, Compliance, Security, Engineering, Implementation, Support, Infrastructure, Assessment, Server, Production, Processes
2009 - 2015
job
Director of Consulting
Foregenix Ltd.
Managing the consulting team my role was focused on providing technical security advice both to clients and our internal
team of professional security consultants, to ensure successful and consistent provision of services. Considered to be a
trusted and intuitive technical adviser.
Extensive experience testing and analysing payment applications, ranging from hardware payment terminals to back office
acquirer/issuer systems running on mainframes. Actively worked with clients (including leading vendors Verifone and Ingenico) to achieve compliance with P2PE standard and placed Foregenix as a market leader in the field of P2PE.
Other highlights of my role included:
• Performed eight of the listed P2PE application assessments, and three of the listed P2PE solution assessments, and initiated a further three solution engagements
2 of 3
• Completed numerous PCI DSS assessments, typically on behalf of payment processors, but also including issuing
banks and two large online gaming companies
• Evaluating the effectiveness of operational security procedures and controls, and assessing the risk these pose to the security posture of an organisation
• Maintaining a high level of awareness of current security issues and emerging attack vectors
• Performing detailed analysis of software applications, including source code reviews, application penetration testing
and ensuring secure implementation
• Delivering gap analysis and assessments against industry standards, including P2PE, PA-DSS, PCI DSS and PCI PIN
• Reviewing and refining consultant working methodologies to ensure a high quality of client deliverable.
• Attending post-breach forensic investigations of companies suspected of having an account data compromise
• Pre-sales project scoping, proposal preparation and presentation to clients
team of professional security consultants, to ensure successful and consistent provision of services. Considered to be a
trusted and intuitive technical adviser.
Extensive experience testing and analysing payment applications, ranging from hardware payment terminals to back office
acquirer/issuer systems running on mainframes. Actively worked with clients (including leading vendors Verifone and Ingenico) to achieve compliance with P2PE standard and placed Foregenix as a market leader in the field of P2PE.
Other highlights of my role included:
• Performed eight of the listed P2PE application assessments, and three of the listed P2PE solution assessments, and initiated a further three solution engagements
2 of 3
• Completed numerous PCI DSS assessments, typically on behalf of payment processors, but also including issuing
banks and two large online gaming companies
• Evaluating the effectiveness of operational security procedures and controls, and assessing the risk these pose to the security posture of an organisation
• Maintaining a high level of awareness of current security issues and emerging attack vectors
• Performing detailed analysis of software applications, including source code reviews, application penetration testing
and ensuring secure implementation
• Delivering gap analysis and assessments against industry standards, including P2PE, PA-DSS, PCI DSS and PCI PIN
• Reviewing and refining consultant working methodologies to ensure a high quality of client deliverable.
• Attending post-breach forensic investigations of companies suspected of having an account data compromise
• Pre-sales project scoping, proposal preparation and presentation to clients
Consulting, Sales, Compliance, Security, Implementation, Penetration testing, Hardware, Testing, Office, Software, Online
2008 - 2009
job
Managing Consultant - Spiderlabs
Trustwave Ltd.
Managing the UK team of consultants as part of Spiderlabs (the advanced security team within Trustwave focused on forensics, ethical hacking, and application security testing), I was responsible for delivery of application security
assessments in the EMEA region and managing post-breach forensic investigations. Highlights included:
• Managing entire project lifecycle (pre-sales, scoping, gap-analysis, remediation and final testing)
• Developed a data collection, analysis and reporting tool which was used for the majority of engagements
• Source code reviews and use of forensic tools to analyse the operation of applications
• Specialised in embedded software on hardware payment terminals
assessments in the EMEA region and managing post-breach forensic investigations. Highlights included:
• Managing entire project lifecycle (pre-sales, scoping, gap-analysis, remediation and final testing)
• Developed a data collection, analysis and reporting tool which was used for the majority of engagements
• Source code reviews and use of forensic tools to analyse the operation of applications
• Specialised in embedded software on hardware payment terminals
Embedded software, Sales, Security, Embedded, Hacking, Hardware, Data collection, Testing, Software
2000 - 2008
freelance
IT / Security Consultant
Ede and Ravenscroft Group.
Overall responsibility for network security, infrastructure and software development across the eleven sites, retail outlets and e-commerce websites. Maintained PCI DSS Level 1 Payment Service Provider accreditation for three years.
Retail, Websites, Software development, E-commerce, Service, Security, Network, It, Infrastructure, Development, Software
1992 - 2000
freelance
IT Consultant / Director
PDF Consultants Ltd.
Managed a team of consultants delivering a wide range of IT services, including network installation/management,
server/desktop support, development and training.
server/desktop support, development and training.
Training, Management, IT Consultant, Network, It, Support, Development, Server
1992 - 1992
job
System Analyst / Developer
Choice Business Systems Ltd.
Working as part of a development team, my role encompassed requirements analysis and development.
Developer, Analyst, Development
1987 - 1991
job
Sponsored Student & Graduate Systems Engineer
Marconi Underwater Systems.
Development of software modelling tools to reproduce the characteristics of autonomous underwater vehicles.
Development, Software
My education
2007
ISC2
CISSP, Certified Information Systems Security Professional
CISSP, Certified Information Systems Security Professional
1987
-
1991
Portsmouth Polytechnic
1st Class Hons, Engineering and Engineering Systems
1st Class Hons, Engineering and Engineering Systems
Stuart's reviews
Stuart has not received any reviews on Worksome.
Contact Stuart Nash
Worksome removes the expensive intermediaries and gives you direct contact with relevant talent.
Create a login and get the opportunity to write to Stuart directly in Worksome.
are ready to help you
and get specific bids from skilled talent in Denmark