Description

Are you concerned about ransomware but don’t know what to do?

Are you unsure if your business is safe from hackers?

Are you worried about data security but don’t know where to start?

I have over 25 years cybersecurity experience and have helped business both large and small to understand and manage their cybersecurity vulnerabilities and weaknesses.

Core to my approach is bridging the gap between technology and business priorities. What this means is:

✅ I will give you a clear picture of your cyber weaknesses

✅ I will suggest cost effective and pragmatic solutions

✅ I work across all technologies and products, such as AWS and Azure

✅ I can help you to implement solutions as well as advise

To give you an idea of the range of businesses I have worked with, here are some example projects:

Security design (Azure) for green energy startup with 5 staff
Strategic cyber health check for Ed Tech business (AWS) with 20,000 clients
Cyber security operating model design for UK high street bank
Security design of trading system for UK investment bank
Preparation of a small agricultural business for Cyber Essentials

My approach is always pragmatic, straight forward, and based upon 25 years of experience.

The types of services I can help with are:

- vCISO services

- Building cyber capabilities and teams

- Cybersecurity healthcheck

- Cloud security design (AWS, Azure)

- Product or system security review incl. SAST

- Compliance - PCI DSS, GDPR, NIS

- ISO 27001 & Cyber Essentials

If you would like to know how I can help you, please Propose a Project (above) to start the conversation.

Industry field of expertise

Languages

English
Native or bilingual
French
Conversational

Workplace preferences

Remote only

Primarily works remotely

Nicolson Bray
Founder & Lead Information Security Consultant
January 2014 - December 2024 (10 years and 11 months)
Providing cybersecurity consultancy to UK small and medium sized businesses

Developed and managed a Cybersecurity consultancy offering for UK small and medium sized businesses, bringing Financial Services IT Security risk management capabilities to mid-market & SME sector
Presented to Senior Management Teams and Boards enabling them make risk based strategic IT Security investment decisions - Senior Stakeholder Engagement
Carried out IT Security Audits and Assessments of mid-sized UK businesses
Developed and implemented an IT risk and control framework based on NIST 800, CIS Critical Security Controls (CSC), ISO 27001 & Cloud Security Alliance Cloud Controls Matrix (CCM)
Lloyds Banking Group
IT Security Operating Model Business Change Manager
January 2013 - December 2013 (11 months)
London, UK
Developed IT Security Target Operating Model (TOM) covering Security Operations, Security Engineering, Security Architecture, Network Security, Security Risk and Security Governance processes
Included service & team organisational structures, headcount, and roles & responsibilities
Project managed and led successful TOM implementation over 12 months impacting five Directorates & 400 staff – enacted process and cultural change
Defined and implemented IT Security Maturity Framework to measure TOM implementation progress – KPIs providing core MI reporting
Handed over to CISO team on completion
Lloyds Banking Group
Team Lead & Program Security Architect
October 2011 - January 2013 (1 year and 3 months)
London, UK
Supported program business case development securing £120 million of funding over three years
Designed and developed Lloyds global IT Security Risk processes – based on NIST 800-30 & ISO 27001 and RSA Archer implementation
Designed and developed Lloyds Application Security processes - Secure SDLC - Veracode and HP Fortify - SAST & DAST
Oversaw development of IT Security policies and 70 architecture patterns & standards across all security domains