I am a Security Operations Leader with a decade of experience engineering Detection & Response programmes in highly regulated, cloud-native environments. My career is defined by a "build what you operate" philosophy—transitioning from a background in offensive security to architecting 24 x 7 defenses that prioritise automation, resilience, and scale.
I’m proficient with a broad range of security tooling, from deep-diving into SIEM, EDR, and NDR platforms to managing full-stack SecOps programmes and leading response for major incidents. I love the engineering too — I write a lot of Python and Rust to build things like LLM-powered triage tools and high-throughput data pipelines. I back all that up with a solid DevOps foundation in CI/CD, Docker, K8s, and cloud infrastructure.
Staff-Level Direction: 10 years of experience building and leading green-field SOC/IR capabilities and mentoring high-performing technical teams. I have served as Incident Commander for 30+ major incidents, ranging from ransomware to national-scale cloud compromises, providing clear direction during high-pressure crises.
Automation as a Force Multiplier: Proficient in Rust, Python, and JS, I build production-grade tools that simplify the complex. From releasing distributable CLI tools via Homebrew/Crates.io to migrating and managing custom SOAR platforms that saved £82,000 p/a, I focus on building systems that scale without adding overhead.
Translating Technical Risk: Skilled at distilling complex architectural vulnerabilities and incident post-mortems for C-suite, Board-level, and Government stakeholders. I have a proven track record of partnering with legal and regulatory teams to ensure security operations align with GDPR, ISO 27001, and NCSC requirements.