Geraint Williams

CV - March 2015

I am an experienced Information Security Consultant and a Payment Card Industry Qualified Security Assessor with extensive knowledge of information security, governance, vulnerability analysis and computer forensics. I have operated as the Head of Technical Services Consultancy leading a team of specialist with a proven track record of providing exemplary levels of service and solutions.

I have excellent communication skills (verbal and written) and client relationship management skills having worked with a diverse and complex range of public and private sector clients including working with multi-discipline teams. This is on top of a very strong technical background with an appropriate range of industry certifications, including CISSP, CISM and CISA; my skills, knowledge and certifications are kept up to date by undertaking continuous professional development and research into security issues.

I have undertaken QSA audits, scoping and gap analysis exercises and supporting remediation for a diverse range of clients involve e-commerce merchants, multi-outlet retail channels, pharmaceutical companies and service providers. I have undertaken penetration testing for a range of clients across a diverse field including finance, legal and retail and public. The testing included network infrastructure, both internal and external and web application testing as well as testing specialist requirements such as Wireless and Social Engineering.

I am self-motivated, adaptable, resilient and able to think on my feet with an excellent communication (verbal and written) and client relationship management skills having worked with a diverse and complex range of public sector clients and multi-discipline teams.

Additionally I have experience as a trainer, delivering course in information security, governance, vulnerability analysis, and computer forensics. I have experience of developing and delivering bespoke in-house training for clients as well as delivering a range of publicly available courses covering the CISSP certification and the PCI Data Security Standard. I am also a visiting fellow at the University of Bedfordshire where I provide subject matter experience into BSc and MSc courses in computer security and forensics. As part of continuous professional development I undertake research into security problems, present at conferences and give talks to branches of professional organisations such as the BCS and IET.

• Knowledge of information security standards including Cyber Essentials, ISO27001 & PCI-DSS.
• Penetration testing methodologies including OSSTMM and OWASP
• Penetration testing tools including Backtrack, Metasploit, NMAP, N-Stalker and Nessus.
• Digital forensic methodologies and tools EnCase, FTK, ProDiscover, Helix Incident Response.
• Computer hardware, high performance computing and server and workstation operating systems.
• Design and implementation of secure network infrastructure including wireless networks.
• Knowledge on laws relating to computer usage i.e. Computer Misuse Act, Data Protection Act etc.
• Computer programming including python, java, visual studio.

Education

MSc Internet Technology - Distinction (2004)

University of Luton, Luton, Bedfordshire
Thesis “The Implementation and Management of a Beowulf Cluster”

BSc Mechanical Engineering – 2.2 Hons. (1985)

Hatfield Polytechnic, Hatfield, Hertfordshire
Final Year Project "Computer Model of a cross flow heat exchanger"

Qualifications

CREST

CREST Registered Tester
Gained Mar 2013

Sophos

Sophos Certified Sales Consultant
Gained Jan 2013

PCI QSA

PCI Qualified Security Assessor
Passed exam Nov 2012, waiting for company to gain QSA status

CISM

ISACA Certified Information Security Manager
Passed exam June 2012, applying for creditation

EXIN Cloud Foundation

EXIN Cloud Foundation
Passed January 2012

CISA

ISACA Certified Information Systems Auditor
Passed exam December 2011, applying for creditation

CCNA

Cisco Certified Network Associate (CCNA, Jan 2009) (Expired)

Prince 2

Prince2 Foundation & Practitioner (Nov 2008) (Expired)

CISSP

(ISC)2 Certified Information Systems Security Professional (CISSP, Feb 2007)

CEH

EC-Council Certified Ethical Hacker (CEH, Aug 2006)

CHFI

EC-Council Certified Hacking Forensic Investigator (CHFI, Aug 2006)

CompTIA

CompTIA Security+, Network+ & A+

MCP

Microsoft Certified Professional (MCP) Windows 2000 Professional & Windows 2000 Server

• Chartered IT Professional and Member of the BCS
• Member of the Institute of Engineering and Technology
• Member of the Information Systems Security Certification Consortium (ISC2)
• Member of the Information Systems Security Association (ISSA)

• Multiple PCI DSS projects delivered to IT Governance clients since February 2013
• Multiple penetration testing, security assessment and network security projects delivered to IT Governance clients since October 2011
• Security testing of Network Infrastructure and Web Application, Feb 2011.
• East of England Development Agency Innovation Voucher ‘Detection of unsafe driving conditions from a single point sensor’ for Truescene, Nov 2010.
• East of England Development Agency Innovation Voucher ‘Investigative report into the feasibility of High Speed HTTP modification’ for PluginSEO, May 2009.
• East of England Development Agency Innovation Voucher, PKI Implementation, Cranfield, 2008.

Books

• Alan Calder & Geraint Williams, PCI DSS A Pocket Guide, third edition, IT Governance Publishing, ISBN13: 9781849285544

Journal & Conference Articles

• Geraint Williams,'PCI DSS and Secure Applications', OWASP AppSec EU 2014 Conference, 25-26th June 2014, Cambridge, England
• Geraint Williams,'Cost Effective Assessment of the Infrastructure Security Posture', The 7th International IET System Safety Conference, incorporating the Cyber Security Conference 2012, 16th-17th Oct, Edinburgh, Scotland
• Geraint Williams, Carsten Maple. 'Development of a facility to aid the teaching of Computer Security and Digital Forensics at the University of Bedfordshire', 3rd International Conference on Cybercrime Forensics Education & Training 2009, 1st-2nd September, Canterbury, UK. Conference Proceedings ISBN 978-1-899253-44-9
• Carsten Maple, Geraint Williams, Yong Yue, 'Reliability, Availability and Security of Wireless Networks in the Community', Informatica Journal, Volume 31, Number 2, 2007 pg 201-208
• Geraint Williams, Carsten Maple, Yong Yue 'Reliability, Availability and Security of Wireless Networks in the Community' IADIS International Conference e-Society 2006, 13-16th July, Dublin, Ireland

Presentations

2015

• "Demystifying Phone Hacking", Bedford BCS, 7th Oct 2015
• "Hacking the Internet of Things", Hertfordshire BCS, 13th May 2015
• "Ethical hacking and Computer Security", UoB student chapter BCS, 25th Feb 2015

  2014

• "Ethical Hacking Webinar", IT Governance Free Webinar series, 9th July 2014
• "PCI DSS and Secure Applications", OWASP AppSec EU 2014, 25-26th June 2014
• "Hacking the Internet of Things", Bedford BCS, 13th May 2014
• Speaker at ISO 27001:2013 and PCI DSS V3: New Standards in the Global Cyber War, 8th May 2014
• Penetration Testing Webinar, IT Governance Webinar, Thursday 3rd April, 2014
• "Web Application Security", Bedford College Evening Students, 21st Jan 2014

  2013

• "Ethical Hacking", University of Bedfordshire, Dept of Computing & Information Systems, 25th Nov 2013
• "Ethical Hacking and Security", University of Bedfordshire, Research Institute for Media, Arts and Performance, 13th Nov 2013
• "Pentesting", University of Bedfordshire, Dept of Computing & Information Systems, 9th May 2013
• "How the internet hacks you", Lea & Ouse Valley Safety Association, 20th Oct 2013
• "Ethical Hacking", Bedford College Day Students, 26th Mar 2013
• "WiFi Networks: The practicalities of Implementation", Essex Branch IET, Chelmsford, 26th Feb 2013
• "WiFi Networks: The practicalities of Implementation", Bedford Branch BCS, 25th Feb 2013
• "Web Application Security", Bedford College Evening Students, 25th Jan 2013

  2012

• "Hollywood Forensics", Bedford Branch BCS, 28th June 2012
• "Hollywood Forensics", Herts Branch BCS, 24th April 2012
• "WiFi Networks: The practicalities of Implementation", Herts Branch INSTMC, 18th April 2012
• "Ethical Hacking", Bedford College Day Students, 6th Mar 2012
• "Hack the Server",Herts Branch BCST, 22nd Feb 2012
• "Computer Security: Protecting Yourself", Essex Branch IET, Chelmsford, 8th Feb 2012
• "Computer Security – Securing Web Applications", Bedford College January 25, 2012

  2011

• "Ethical Hacking", Bedford College May 3, 2011
• "Wireless Security", UoB Student Branch of the IEEE, Apr 2011.
• "Computer Security: Protecting Yourself", Herts Branch INSTMC & IET, Luton, 30th Mar 2011
• "Hollywood Forensics", Essex Branch IET, Chelmsford, 9th Feb 2011

  2010

• "Computer Security: Protecting Yourself", The Knowledge Network, University of Bedfordshire, 24th Mar 2010
• "Hollywood Forensics", Herts Branch INSTMC & IET, Luton, 27th Jan 2010

  2008

• "Biometrics: Physical Identification", Herts BCS Branch Meeting, Hemel Hempstead, 30th Sept 2008

• Development of an online eLearning system to deliver courses for IT Governance.
• Development of the IT Governance Accelerated CISSP Course
• Development of postgraduate and undergraduate courses for the University of Bedfordshire in computer security and forensics including a joint pathway with 7Safe, a leading computer security & forensics company.
• Recognised within the University of Bedfordshire as an expert on IT and best practices’ expert for capital project bidding process within the Creative Arts, Technology and Science faculty.
• Have successfully project managed several large facilities programmes for the University of Bedfordshire including the development and commissioning of a £1,000,000 suite of state of the art engineering and teaching labs including latest developments in AV and electronic signage, growth of the teaching computer labs from 5 labs with 140 PC’s to 20 labs, with almost 500 PCs and a number of dedicated departmental servers including a 9TB NAS system and a HPC and grid facility.