Robbie Dickson

• Manage a team of 8 skilled professionals comprising Security Analysts and Engineers. Conduct bi-weekly 1-2-1 meetings, ad-hoc catch-ups, and annual performance and remuneration reviews.
• Foster the development and growth of talent within the team, including experienced hires, graduates, apprentices, and seconded personnel.
• Manage the firm's 24x7 OnCall coverage to security incidents whilst maintaining a low MTTR.
• Design and track key performance indicators to measure the effectiveness of the SOC
• Advocate for resource allocation and budget planning to support SOC operations.
• Serve as the technical lead and escalation point for all cyber incidents within the Cyber Security Incident Response Team (CSIRT), incorporating root cause analysis, hosting lessons learned briefings and participating in simulated tabletop exercises.
• Co-author and maintain the firm's IR plans and playbooks alongside our CISO function.
• Provide expert technical guidance and leadership to broader security and infrastructure teams. Oversee and assist in the development and implementation of security policies, standards, and patterns to ensure proper implementation and maintenance of security controls.
• Determine long and short-term strategic direction for the SecOps team, based on identified gaps, emerging threats, and market trends in line with the firm's vision and our core security strategy.
• Continuously enhance our security controls by deploying, improving, or building state-of-the-art security solutions (XDR, NDR, SIEM, SOAR, VM).
• Act as the Deputy Chair of the Infrastructure Architecture Group (IAG), facilitating discussions and approval of project plans and implementations by technical representatives from relevant teams.
• Developed and implemented the Threat Informed Defence (TID) strategy in alignment with MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures). This serves as the firm's core Threat Intelligence function shared across two security teams.
• Collaborate with new and existing vendors/suppliers for the procurement or renewal of products and services.
• Coordinate internal and external project resources for the team, overseeing the progress of multiple projects simultaneously. Act as a technical lead or supporting resource in security-relevant projects.
• Manage the firm's infrastructure vulnerability management program whilst also currently exploring ways to incorporate application development vulnerabilities (Snyk) into our processes and update policies accordingly.
• Lead or support product proof-of-value engagements for security enhancements. Collaborate closely with Third-Party Oversight and Legal teams for due diligence purposes and contract negotiations.
• Oversee the team's detection engineering and automation creation processes.
• Provide support to the team in troubleshooting infrastructure issues and resolving break-fix incidents.
• Engage as a vital member of multiple strategic working groups within the organization. Active participation in one of these groups involves evaluating cyber risks and threats that may impact the firm's ability to provide essential services to clients. Another group is responsible for comprehensive discussions and approvals of new security initiatives and exceptions, ensuring the establishment of secure and efficient business operations.

• Authored core SOC playbooks and process documentation, underpinning the security operations function.
• Spearheaded the migration of a single instance SIEM solution to a multi-site clustered solution hosted on Azure, enhancing the company's ability to detect and respond to security threats using a resilient and high-performing SIEM solution.
• Implemented the organization's inaugural EDR and SOAR technologies, fostering a proactive stance against cyber threats and streamlining security response capabilities.
• Collaborated with engineering and IT architecture teams to ensure new deployments adhered to stringent security controls and governance frameworks.
• Transformed the organization's vulnerability management practices by establishing comprehensive policies and advocating for a automated, threat led approach.
• Chaired technical discussions and influenced decision-making processes to secure sensitive data and critical applications, contributing to the resilience and reliability of the company’s tech stack.
• Adopted a hands-on (build over buy when possible) engineering approach to problem-solving while ensuring alignment with security strategy and business objectives.

• Ensured the flawless operation of a distributed Splunk infrastructure, vital for integrating new data sources and detecting cyber security threats.
• Administered and updated Splunk Enterprise Security to adhere to consistent data normalization.
• Undertook proactive threat-hunting initiatives, guided by financial services sector threats.
• Coached junior engineers and security analysts within the team.
• Developed threat models using STRIDE framework to drive use case development.
• Created security detections using a defined detection engineering process. (SIEM & EDR)
• Participated in incident response activities when required.

• Respond to security alerts generated via multiple technologies within set SLA’s
• Assist in the creation of use case documentation and SOC playbooks.
• Create and interpret regular and ad hoc security reports.
• Continuous focus on service improvement through automation where possible.
• Liaise with the CISM team to support cyber security incidents.
• Training and onboarding new colleagues to the team.

• Respond to security alerts generated via multiple technologies in a timely manner.
• Escalate and support potential security incidents in line with appropriate processes.
• Participate in the response to potential security incidents by identifying and communicating relevant
supplementary information.
• Proactive threat hunting