Home Page

Geraint Williams


Contact Details
Bio: about.me
Blogs: GeraintW Wireless MSc Research
email: geraint@geraintw.co.uk
Linkedin: View Geraint Williams's profile on LinkedIn
Employer: IT Governance Ltd.

CV - March 2015

Contact Details
Address: Hertfordshire
Phone: details are available on request
Mobile: details are available on request
Email: geraint@geraintw.co.uk
Personal Statement

I am an experienced Information Security Consultant and a Payment Card Industry Qualified Security Assessor with extensive knowledge of information security, governance, vulnerability analysis and computer forensics. I have operated as the Head of Technical Services Consultancy leading a team of specialist with a proven track record of providing exemplary levels of service and solutions.

I have excellent communication skills (verbal and written) and client relationship management skills having worked with a diverse and complex range of public and private sector clients including working with multi-discipline teams. This is on top of a very strong technical background with an appropriate range of industry certifications, including CISSP, CISM and CISA; my skills, knowledge and certifications are kept up to date by undertaking continuous professional development and research into security issues.

I have undertaken QSA audits, scoping and gap analysis exercises and supporting remediation for a diverse range of clients involve e-commerce merchants, multi-outlet retail channels, pharmaceutical companies and service providers. I have undertaken penetration testing for a range of clients across a diverse field including finance, legal and retail and public. The testing included network infrastructure, both internal and external and web application testing as well as testing specialist requirements such as Wireless and Social Engineering.

I am self-motivated, adaptable, resilient and able to think on my feet with an excellent communication (verbal and written) and client relationship management skills having worked with a diverse and complex range of public sector clients and multi-discipline teams.

Additionally I have experience as a trainer, delivering course in information security, governance, vulnerability analysis, and computer forensics. I have experience of developing and delivering bespoke in-house training for clients as well as delivering a range of publicly available courses covering the CISSP certification and the PCI Data Security Standard. I am also a visiting fellow at the University of Bedfordshire where I provide subject matter experience into BSc and MSc courses in computer security and forensics. As part of continuous professional development I undertake research into security problems, present at conferences and give talks to branches of professional organisations such as the BCS and IET.

Technical skills
  • Knowledge of information security standards including Cyber Essentials, ISO27001 & PCI-DSS.
  • Penetration testing methodologies including OSSTMM and OWASP
  • Penetration testing tools including Backtrack, Metasploit, NMAP, N-Stalker and Nessus.
  • Digital forensic methodologies and tools EnCase, FTK, ProDiscover, Helix Incident Response.
  • Computer hardware, high performance computing and server and workstation operating systems.
  • Design and implementation of secure network infrastructure including wireless networks.
  • Knowledge on laws relating to computer usage i.e. Computer Misuse Act, Data Protection Act etc.
  • Computer programming including python, java, visual studio.
Education and Qualifications


MSc Internet Technology - Distinction (2004)
University of Luton, Luton, Bedfordshire
Thesis “The Implementation and Management of a Beowulf Cluster”
BSc Mechanical Engineering – 2.2 Hons. (1985)
Hatfield Polytechnic, Hatfield, Hertfordshire
Final Year Project "Computer Model of a cross flow heat exchanger"


CREST Registered Tester
Gained Mar 2013
Sophos Certified Sales Consultant
Gained Jan 2013
PCI Qualified Security Assessor
Passed exam Nov 2012, waiting for company to gain QSA status
ISACA Certified Information Security Manager
Passed exam June 2012, applying for creditation
EXIN Cloud Foundation
EXIN Cloud Foundation
Passed January 2012
ISACA Certified Information Systems Auditor
Passed exam December 2011, applying for creditation
Cisco Certified Network Associate (CCNA, Jan 2009) (Expired)
Prince 2
Prince2 Foundation & Practitioner (Nov 2008) (Expired)
(ISC)2 Certified Information Systems Security Professional (CISSP, Feb 2007)
EC-Council Certified Ethical Hacker (CEH, Aug 2006)
EC-Council Certified Hacking Forensic Investigator (CHFI, Aug 2006)
CompTIA Security+, Network+ & A+
Microsoft Certified Professional (MCP) Windows 2000 Professional & Windows 2000 Server
Professional Memberships
  • Chartered IT Professional and Member of the BCS
  • Member of the Institute of Engineering and Technology
  • Member of the Information Systems Security Certification Consortium (ISC2)
  • Member of the Information Systems Security Association (ISSA)
  • Multiple PCI DSS projects delivered to IT Governance clients since February 2013
  • Multiple penetration testing, security assessment and network security projects delivered to IT Governance clients since October 2011
  • Security testing of Network Infrastructure and Web Application, Feb 2011.
  • East of England Development Agency Innovation Voucher ‘Detection of unsafe driving conditions from a single point sensor’ for Truescene, Nov 2010.
  • East of England Development Agency Innovation Voucher ‘Investigative report into the feasibility of High Speed HTTP modification’ for PluginSEO, May 2009.
  • East of England Development Agency Innovation Voucher, PKI Implementation, Cranfield, 2008.
Publications and Presentations


  • Alan Calder & Geraint Williams, PCI DSS A Pocket Guide, third edition, IT Governance Publishing, ISBN13: 9781849285544

Journal & Conference Articles

  • Geraint Williams,'PCI DSS and Secure Applications', OWASP AppSec EU 2014 Conference, 25-26th June 2014, Cambridge, England
  • Geraint Williams,'Cost Effective Assessment of the Infrastructure Security Posture', The 7th International IET System Safety Conference, incorporating the Cyber Security Conference 2012, 16th-17th Oct, Edinburgh, Scotland
  • Geraint Williams, Carsten Maple. 'Development of a facility to aid the teaching of Computer Security and Digital Forensics at the University of Bedfordshire', 3rd International Conference on Cybercrime Forensics Education & Training 2009, 1st-2nd September, Canterbury, UK. Conference Proceedings ISBN 978-1-899253-44-9
  • Carsten Maple, Geraint Williams, Yong Yue, 'Reliability, Availability and Security of Wireless Networks in the Community', Informatica Journal, Volume 31, Number 2, 2007 pg 201-208
  • Geraint Williams, Carsten Maple, Yong Yue 'Reliability, Availability and Security of Wireless Networks in the Community' IADIS International Conference e-Society 2006, 13-16th July, Dublin, Ireland



  • "Demystifying Phone Hacking", Bedford BCS, 7th Oct 2015
  • "Hacking the Internet of Things", Hertfordshire BCS, 13th May 2015
  • "Ethical hacking and Computer Security", UoB student chapter BCS, 25th Feb 2015


  • "Ethical Hacking Webinar", IT Governance Free Webinar series, 9th July 2014
  • "PCI DSS and Secure Applications", OWASP AppSec EU 2014, 25-26th June 2014
  • "Hacking the Internet of Things", Bedford BCS, 13th May 2014
  • Speaker at ISO 27001:2013 and PCI DSS V3: New Standards in the Global Cyber War, 8th May 2014
  • Penetration Testing Webinar, IT Governance Webinar, Thursday 3rd April, 2014
  • "Web Application Security", Bedford College Evening Students, 21st Jan 2014


  • "Ethical Hacking", University of Bedfordshire, Dept of Computing & Information Systems, 25th Nov 2013
  • "Ethical Hacking and Security", University of Bedfordshire, Research Institute for Media, Arts and Performance, 13th Nov 2013
  • "Pentesting", University of Bedfordshire, Dept of Computing & Information Systems, 9th May 2013
  • "How the internet hacks you", Lea & Ouse Valley Safety Association, 20th Oct 2013
  • "Ethical Hacking", Bedford College Day Students, 26th Mar 2013
  • "WiFi Networks: The practicalities of Implementation", Essex Branch IET, Chelmsford, 26th Feb 2013
  • "WiFi Networks: The practicalities of Implementation", Bedford Branch BCS, 25th Feb 2013
  • "Web Application Security", Bedford College Evening Students, 25th Jan 2013


  • "Hollywood Forensics", Bedford Branch BCS, 28th June 2012
  • "Hollywood Forensics", Herts Branch BCS, 24th April 2012
  • "WiFi Networks: The practicalities of Implementation", Herts Branch INSTMC, 18th April 2012
  • "Ethical Hacking", Bedford College Day Students, 6th Mar 2012
  • "Hack the Server",Herts Branch BCST, 22nd Feb 2012
  • "Computer Security: Protecting Yourself", Essex Branch IET, Chelmsford, 8th Feb 2012
  • "Computer Security – Securing Web Applications", Bedford College January 25, 2012


  • "Ethical Hacking", Bedford College May 3, 2011
  • "Wireless Security", UoB Student Branch of the IEEE, Apr 2011.
  • "Computer Security: Protecting Yourself", Herts Branch INSTMC & IET, Luton, 30th Mar 2011
  • "Hollywood Forensics", Essex Branch IET, Chelmsford, 9th Feb 2011


  • "Computer Security: Protecting Yourself", The Knowledge Network, University of Bedfordshire, 24th Mar 2010
  • "Hollywood Forensics", Herts Branch INSTMC & IET, Luton, 27th Jan 2010


  • "Biometrics: Physical Identification", Herts BCS Branch Meeting, Hemel Hempstead, 30th Sept 2008
Major achievements
  • Development of an online eLearning system to deliver courses for IT Governance.
  • Development of the IT Governance Accelerated CISSP Course
  • Development of postgraduate and undergraduate courses for the University of Bedfordshire in computer security and forensics including a joint pathway with 7Safe, a leading computer security & forensics company.
  • Recognised within the University of Bedfordshire as an expert on IT and best practices’ expert for capital project bidding process within the Creative Arts, Technology and Science faculty.
  • Have successfully project managed several large facilities programmes for the University of Bedfordshire including the development and commissioning of a £1,000,000 suite of state of the art engineering and teaching labs including latest developments in AV and electronic signage, growth of the teaching computer labs from 5 labs with 140 PC’s to 20 labs, with almost 500 PCs and a number of dedicated departmental servers including a 9TB NAS system and a HPC and grid facility.
Career History
Jan 2015 to current Head of Technical Services
IT Governance Ltd.
Oct 2011 to Dec 2014 Information Risk Consultant & Trainer
IT Governance Ltd.
Mar 2012 to current Visiting Fellow (Honourary)
Computer & Information Systems, University of Bedfordshire
Oct 2006 to Sept 2011 Infrastructure Manager
Computer & Information Systems, University of Bedfordshire
Mar 2000 to Oct 2006 Technical Support Manager
Computer & Information Systems, University of Luton
The University of Luton become the University of Bedfordshire in Sept 2006
Sept 1999 to June 2004 Visting Lecturer
Barnfield College (1999-2004)
Sept 1993 to Mar 2000 Senior Engineer
Safety Test Dept, Millbrook Proving Ground Ltd
Mar 1993 to Jun 1993 Design Change Manager
Production, Belling Ltd (Enfield)
Mar 1990 to Mar 1993 Production Engineer
Microwave Test Equipment, Maconi Instruments Ltd (Stevenage)
Sept 1989 to Mar 1990 Design Engineer
Floor Care, Electrolux Ltd (Luton)
Sept 1988 to Sept 1989 Design Engineer
Motemtronic Ltd (Waltham Abbey)
Sept 1985 to Sept 1988 Design Engineer, Rapier Laserfire
Army Weapons Div, British Aerospace PLC (Stevenage)
Contact Details
Date of birth: Born in 1963, full date on request
Nationaility: British
Driving Licence: Full/clean
Health: Excellent non-smoker
Interests: Computing, reading, current affairs, theatre & dining out
Maritial Status: Living with partner, one child


Content © 2015 Geraint Williams | Last updated 15th March 2015
Disclaimer: all opinions expressed here are my own personal views, and do not represent the views of any company or organisation with which I may be affiliated with. I offer no guarantee that any information published here is accurate, either at the time of publishing or at any time in the future, if you spot a mistake – let me know!