Sam Hewson
Warrington,Cheshire
Summary
Highly motivated Cyber, Technology, Risk & Control and Resilience Professional with a 10 year proven track record of delivery whilst working within an organisation with an additional track record of delivery whilst working in a client facing industry. Pragmatic leader eager to contribute to organisational growth and development through using security and a strong risk and control posture as an enabler to support the drive to achieve overall organisational objectives. Applies knowledge of industry best practices and business needs to devise innovative solutions to the resolution complex problems. Willing to always take on challenging new role requirements utilising interpersonal skills, collaboration and problem-solving techniques to achieve organisational goals. Driven to deliver high-quality outputs and consistent results which provide maximum benefit to all stakeholders involved.
Overview
11
11
years of professional experience
1
1
Certification
Work history
Senior Cyber Security & Resilience Consultant
Beyond Blue LTD
Remote, Remote
08.2022 - Current
- Led and supported numerous organisations improve their Operational Resilience posture in line with regulatory requirements for Operational Resilience Regulatory March 2025 deadline through Scenario Testing, Vulnerability Identification and Remediation. This involved working with numerous Big 6 Banks & Insurance Companies to identify, map and complete end to end testing of Important Business Services, develop scenario specific playbooks in line with Scenario Testing outputs and acquire sign off from different levels of seniority up to C-Suite level.
- Supported enhancement and developments of Operational Resilience Frameworks for numerous clients to support in adaptation and embedding of Operational Resilience into BAU processes, including embedding Resilience by Design principles and outcomes into change management lifecycles and delivery models.
- Developed exit strategies and internal workarounds for clients receiving services from critical third parties to help prepare if service providers experience extended outages.
- Delivered development of Customer Treatment Strategies and Market Treatment Strategies for organisations to use in event of materialisation of severe but plausible scenario to ensure vulnerable customers and critical business functions, can still operate to certain extent to mitigate intolerable harm as well as mitigate harm to wider UK financial integrity.
- Supported organisations with immediate response actions to technology and cyber related live incidents. Following provision of support, continued to work with these organisations to understand route cause of incident to embed controls/mitigations to ensure incident wont be repeated.
- Embedded Operational Resilience & Cyber Security capabilities into multiple organisational change management lifecycles through a Resilience By Design Framework to ensure future material change doesn't impact organisational Important Business Service resiliency posture.
- Led and delivered over 20 Crisis Management Exercises for Executive Committee Crisis Management Teams in South East Asia to support their ability and effectiveness to work together when handling cyber crisis'. Additionally delivered training to C-Suite ExCo members on how as individuals within a function can become better at handling crisis situations in event of cyber scenario materialising.
- Delivered wargaming exercises to major maritime insurance company on how key infrastructure and applications SME's would rebuild critical application and infrastructure environment in event of a severe cyber attack. Following wargaming, activities took place to help mitigate, remediate and support their ability to rebuild critical infrastructure and applications into clean environments through service recovery blocks concept.
Army Reservist - Royal Signals
British Army
Liverpool, Merseyside
10.2023 - Current
- Coordinated strategic planning meetings; ensured alignment with mission objectives during exercises.
- Upheld integrity of communication systems by adhering to internal procedures.
- Represented military unit professionally at ceremonial events and occasions.
- Maintained weaponry and equipment to meet combat requirements.
- Acted quickly and effectively in emergency response situations on exercise, providing leadership during Section Attacks in 2IC role when required.
Security Product & Delivery Manager
Barclays Bank PLC
Knutsford, Cheshire East
07.2021 - 08.2022
- Managed portfolio of 6 End Point Security Products, ensuring approach of continuous development and improvement was applied to this product suite to continuously enhance organisations Endpoint Security Posture.
- Built positive partner relationships across organisational business units who would support development and adaptation of new security tooling and capabilities. Worked especially close with SOC teams to ensure provision of tooling and capabilities from CSO team acting as service providers to SOC analysts.
- Understood and balanced security requirements and deliveries of Chief Security Office to align company priorities to achieve overall objectives. Ensured any security initiatives were also enablers to overall organisational objectives, rather than be blockers to innovation and progress.
- Delivered replacement of legacy Endpoint Security Products by utilising M365 Microsoft Defender, driving adoption of cloud whilst also introducing new and advanced security tooling to organisational teams and technology. This increased organisational security posture and also supported alignment to overall organisational objectives with continued adoption of cloud.
Cyber Security Consultant
Barclays Bank PLC
Knutsford, Cheshire East
01.2019 - 07.2021
- Worked with material change programs where delivery would impact critical application and infrastructure to banking operations to assess potential security implications and to find and address vulnerabilities. This involved applications impacting customer facing products such as Online/Retail Banking Services & Investment Banking Platforms.
- Led delivery of Isolated Recovery Environments and Vaulting Solutions for key banking services and underlying infrastructure and application dependencies.
- Analysed security breaches to determine root causes to build in mitigations to prevent future breaches and also supported lesson learn sessions to ensure control frameworks would prevent same root causes being introduced at later date through material change.
- Contributed to design and development of security tooling for monitoring company assets, for example SOC and SIEM enhancements to provide greater visibility and ability to respond to potential security incidents or events.
- Recommended preventive security measures to decrease attack surfaces which could of been introduced as part of potential material change, whilst also ensuring any introductions of security capabilities/activities didn't slow down change or innovation.
- Monitored new threats, vulnerabilities and attacks from organised crime groups and nation state entities so CSO could apply countermeasures and mitigate to prevent intrusion.
Core Networks - Technology Risk Analyst
Barclays Bank PLC
Knutsford, Cheshire East
06.2017 - 01.2019
- Assessed data outputs from security tooling and incidents to better understand and anticipate potential risks, concerns and outcomes to support decision making processes. Additionally learnt how to assess pragmatism of remediation versus value add of remedial efforts impacting business goals and objectives.
- Led critical resiliency initiatives with Core Network SME's to better evidence and improve resiliency in critical network service offerings through isolated Data Centre Failover Testing in effort to support regulatory requests from US FED. (AD/Switching/Routing/DNS etc)
- Gathered and validated risk information from Core Network SME's to ensure wider business had solid understanding of their risk landscape.
- Collated key risk indicator information from businesses to drive and gain funding for remedial programs ensuring accurate risk landscape was presented.
- Supported development of new in house risk and control tooling to better capture, represent and present risk to wider business, using qualitative data and quantitatively gathered data to give accurate and up to date representation of risk landscape.
- Continued to gather risk information and produce standard and ad hoc risk reporting for board, committees and management to inform decision making efforts for remedial efforts.
Core Networks - Apprentice Risk & Control Analyst
Barclays Bank PLC
Knutsford, Cheshire East
06.2015 - 06.2017
- Maintained strong work ethic, displaying enthusiasm for embedding myself into new industry and accelerating career growth from junior role new to financial services.
- Shadowed senior team members to observe established processes, risk and control best practices and also inner processes/landscape of Big 6 Banking operations.
- Helped to prepare and execute remediation projects to identified risks under supervision in collaboration with Core Network SME's, for example large scale legacy technology replacement programs and ZeroDay vulnerability patching initiatives.
- Embraced feedback from supervisors and peers to work towards completing 2 year apprenticeship and being offered full time employment.
- Completed related coursework at university to enhance soft skills in Business Management, earning LVL 4 Foundation Degree in Business Management, whilst balancing responsibilities of employed day to day role at Barclays PLC.
Education
GCSEs - Maths/English/Triple Science/IT
Bridgewater High School
WarringtonA-Levels - Sociology/History/English Language
Appleton College
WarringtonNVQ Level 4 - Business Management
Mid Cheshire College
Hartford, CheshireSkills
Core Skills:
- Cyber & Technology Incident Management
- Cyber Crisis Management Exercising & Facilitation (TTX/Live Exercising)
- Secure By Design & Resilience By Design
- Artificial Intelligence Risk & Incident Management
- Technology & Cyber Security Resilience
- Operational Resilience & Scenario Testing
- Collaborative Third Party Supplier Scenario Testing
- Third Party/Supply Chain Security & Resilience
- Threat Landscape Analysis & Attack Technique's
- Risk Management, Quantification & Mitigation
- Threat Model Creation
- Digital Operational Resilience (DORA)
- ISO27001
Soft Skills:
- Leadership & Management Skills
- Excellent Communication Skills
- Clear & Concise Presentation Skills
- Proficient in Office 365 & MacOS Application Suites
- Conflict Management Experience
- Commercial, Bidding and Business Development Experience
Certification
- ISACA - Certified Information Security Manager (pending exam)
- ALISON - AI Risk Management and Incident Response
- BCS - IT Chartered Institute - AI Fundamentals
- AWS - Cloud Fundamentals
- AWS - Solutions Architect
- AWS Infrastructure As Code
- ISACA AI Fundamentals
- Microsoft Azure Fundamentals
- Security Clearance Held
Affiliations
- Army Reservist (Royal Signals/Electronic Warfare)
- Backpacking & Travelling
- Hiking & Mountaineering
References
References available upon request.
Timeline
Army Reservist - Royal Signals
British Army
10.2023 - Current
Senior Cyber Security & Resilience Consultant
Beyond Blue LTD
08.2022 - Current
Security Product & Delivery Manager
Barclays Bank PLC
07.2021 - 08.2022
Cyber Security Consultant
Barclays Bank PLC
01.2019 - 07.2021
Core Networks - Technology Risk Analyst
Barclays Bank PLC
06.2017 - 01.2019
Core Networks - Apprentice Risk & Control Analyst
Barclays Bank PLC
06.2015 - 06.2017
GCSEs - Maths/English/Triple Science/IT
Bridgewater High School
A-Levels - Sociology/History/English Language
Appleton College
NVQ Level 4 - Business Management
Mid Cheshire College