Michael Wilkinson

As a CHECK Team Member and Team Leader, I lead a team of 10 security consultants while delivering complex infrastructure-focused security assessments. Beyond technical execution, I have taken ownership of core CHECK governance functions, including engagement leadership, reporting standardisation, quality control, and NCSC compliance management.

Key Responsibilities & Achievements

• Lead and manage a team of 10 penetration testers, acting as primary escalation point for technical, engagement, and delivery challenges.
• Provide real-time technical and reporting support during engagements to ensure consistent, high-quality service delivery.
• Conduct structured one-to-one development meetings focused on performance, growth, and progression.
• Design and implement targeted training plans to upskill consultants in infrastructure, Active Directory, and advanced attack methodologies.
• Oversee quality assurance across engagements, reviewing scopes, methodologies, and client deliverables to ensure alignment with CHECK standards and regulatory expectations.
• Developed and implemented formal CHECK reporting guidelines, significantly improving report consistency and delivery standards across the function.
• Take ownership of CHECK report governance, performing quality spot-checks and managing timely submission of reports to NCSC, eliminating overdue submissions.
• Lead CHECK engagements end-to-end, including scoping, delivery oversight, reporting review, and client liaison.
• Developed structured scoping guidance and onboarding documentation to strengthen engagement planning and consultant readiness.
• Contribute to strategic business operations including resource planning, process optimisation, and service enhancement initiatives.

Delivered infrastructure penetration testing engagements across diverse environments, supporting both public and private sector clients.

• Conducted internal and external infrastructure penetration tests across complex environments.
• Delivered IT Health Checks (ITHCs), firewall and ruleset reviews, wireless security assessments, and Active Directory security testing.
• Identified privilege escalation paths, lateral movement vectors, and systemic infrastructure weaknesses.
• Scoped engagements in support of new business proposals, ensuring clarity of objectives and alignment with client requirements.
• Authored comprehensive technical reports and presented findings to both technical and non-technical stakeholders.
• Contributed to internal methodology development and tooling improvements.
• Supported junior consultant development through mentoring and knowledge sharing.

Reported directly to the CTO, supporting 50+ users and managing infrastructure and security controls aligned with ISO 27001.

• Designed and deployed Microsoft Endpoint Manager (MDM) securing 100+ devices.
• Contributed to successful ISO 27001 certification and audit readiness.
• Managed identity, access control, incident response, and security monitoring across Azure AD, Office 365, Carbon Black, and Meraki.

• Held full accountability for business operations, project delivery, financial performance, and stakeholder management.
• Secured major contracts, improved profitability, and consistently exceeded revenue targets.

• Promoted within six months for exceeding performance targets; led day-to-day operations and team performance management.
• Optimised resource allocation, reduced operational waste, and delivered structured staff training and cross-department coordination.