Creating and integrating risk change programs, including redesigning end-to-end Risk, Control & Self-Assessment (RCSA) frameworks, using ‘Systems Thinking’ to bolster the Risk Management Framework and Group Operational Risk capital position.
Experienced Operational Risk and Compliance SME, skilled in enhancing risk frameworks, policy compliance, governance, automated reporting, and offering regulatory advice to senior stakeholders.
Operational Resilience SME with excellent understanding of the new regulation and the key requirements which are needed prior to the 2025 deadline, including Important Business Services, Self-Assessment etc.
Change / Project work – developing and embedding risk change / embedding programmes – including redesigning the end-to-end Risk, Control & Self-Assessment (RCSA) frameworks – applying ‘Systems Thinking’ logic to enhance the overall Risk Management Framework and Group Operational Risk capital position.
Operational Risk and Compliance SME with extensive knowledge and experience in improving and embedding enhanced risk frameworks, policy compliance, robust governance, automated reporting as well as providing regulatory advice & guidance to senior stakeholders.
Experience in leading the embedding of new compliance requirements for the Senior Managers and Certification Regime(SMCR), GDPR and the new Operational Resilience regulations.
Prior to joining Beyond Blue, Ed made significant contributions in guiding clients through their digital transformation journeys. He played a pivotal role in helping clients comprehend the intricate dynamics of technology and market trends, thereby facilitating the creation of value. Working closely with numerous senior leadership teams, he provided critical insights and modelled robust strategies to navigate their digital transformations successfully. Prior to this, Ed’s deep-seated cybersecurity knowledge was tapped into by governments, assisting them to shape their cyber roadmaps.
Ed brings a wealth of experience from a variety of sectors including technology, media, and acoustics, however, it’s his extensive involvement across various geographical regions for the UK government that truly stands out. Ed has made a significant impact through advising on essential cyber and data-driven technologies, all with the focused objective of protecting and fulfilling UK requirements on a global scale. His remit has encompassed large international areas, including East Asia and the Levant, where he has applied strategic thought and leadership to counter digital threats in some of the most physically and technologically challenging environments.
His advanced skill set covers a broad range of technologies from secure networking and technical security to data management, edge technology, and cloud services, illustrating his multifaceted technical proficiency.
Before stepping into the consulting world, Ed immersed himself in the realm of emerging technologies, earning recognition through numerous innovation awards. And beyond his professional life, he’s chosen to volunteer his time as a head advisor in the fight against cybercrime – a testament to his genuine commitment to the cybersecurity field.
Lewis began his career at IBM, where he worked for approximately 10 years, specializing in supporting clients’ resiliency journeys by implementing enterprise-wide and specific recovery strategies. An award-winning early professional, Lewis has developed multi-award-winning coaches and enjoys working in agile environments, providing thought leadership to improve clients’ IT systems, architecture, and processes.
Principal Consultant: Supported the response to the Prudential Regulatory Authority (PRA) post Periodic Supervisory Memo note, delivering response and recovery action plans across three key scenario themes (Critical IT Failure, Data Corruption, and Cyber Attack) to enhance the organization’s resiliency over a four-year plan.
Delivery Lead: Managed a team of over 12, overseeing the design, testing, and approval of remedial solutions for vulnerabilities identified through scenario testing, including IBS prioritization, critical infrastructure recovery guides, major incident playbooks, and application recovery back-up & restore.
Process Improvement: Mapped the end-to-end process of code progression through environments from development to production, identifying and implementing areas for improvement throughout the development lifecycle.
Consultant: Supported a large financial services client in defining and implementing resiliency principles and outcomes to ensure that change processes delivered resilient change for IBS.
Jodie works across multiple clients and industries, including financial institutions, to support their compliance to Operational Resilience regulations and continues to lead crisis exercises, enabling organisations to practice their response to a disruption in a safe environment. Jodie’s previous experience includes developing and delivering information and cyber security training programmes, focussing on embedding a resilient culture and influence positive secure behaviour in employees. Prior to this she worked for local police forces as Cyber Protect Officer, working proactively with organisations and the public and investigating cyber crime, and as HOLMES Supervisor in the Major Crime Unit investigating homicides, both playing a key role bringing offenders to justice.
Jodie has extensive knowledge around cyber security. She has created and delivered training programmes for organisations and to develop employees’ skills and confidence in dealing with the key threats. She provided support to victims of Cyber Dependent crimes, conducted security assessments and proposed actions to increase resilience and be better prepared to respond to incidents. She was a key player in the start-up of the East Midlands Cyber Resilience Centre; a not-for-profit organisation with Policing, Academia, the private sector and SME’s and was vital in stakeholder engagement and management.
Jodie possesses knowledge of the cyber security and fraud landscape, emerging threats, attack techniques and the potential impacts cyber attacks could have. She holds certifications in CISMP, Neurodiversity, Level 3 Teacher Training (PTTLS) and Springboard (Women’s Business & Persona Development).
With over 20 years of technical experience, Wasim has proven ability in defining strategies for technical challenges and delivering solutions in a secure, on budget and timely fashion. He has a natural aptitude for optimisation activities and risk reduction analysis. Experienced in extracting service metrics to feed continuous improvement and innovation operations.
Wasim is confident executing projects & championing security in challenging business environments that demand high standards of compliance, quality and precision..
Wasim has extensive technical experience leading teams and delivering resilient, secure IT architectures across diverse landscapes and business sectors.
Whilst working for Paradigm Precision he spearheaded the direct operational delivery and vision of IT architecture across the International Sites located in the UK, Poland and Tunisia. He also provided executive system design leadership to a new expansion aerospace facility build. Developed strategic and operational vision and orchestrated the project on time and under budget satisfying stakeholders across the world and ensuring the site was primed for growth. Wasim virtualised the entire environment including the critical legacy infrastructure, applications & services. Deploying HP/Microsoft/VMware & cloud services/products to achieve goals of improving uptime, redundancy, stability and security. He has led on projects involving DoD & MoD data, adhering to security frameworks such as NIST & CAF in secure environments such as AWS GovCloud.
Prior to joining Beyond Blue Sam held the position of Security Product and Delivery Manager for one of the UK’s leading retail banks where he led on several key programs and deliveries in the Chief Security Office.
He successfully delivered against key milestones to enable the utilisation of cloud security products with Microsoft Azure and other offerings. In addition to Sam’s previous experience in the financial sector, Sam has worked with numerous financial institutions on the implementation of Operational Resilience Regulatory Requirements and supported the facilitation of several crisis management exercises with international insurance providers and financial institutions.
Delivery of a Cyber Recovery Vault to meet a key US Federal Government mandate milestone of giving an enterprise level Organisation a completely isolated secure recovery solution in the event of a critical outbreak of malware.
Successful delivery of Microsoft Defender For Endpoint in an enterprise level organisation.
Delivery of numerous cyber crisis management exercises with clients in the insurance and financial sectors across Europe, Southeast Asia and Australasia.
Coordination of disaster recovery scenarios and scenario tests for multiple different environments and business units across enterprise level organisations, identifying and supporting improvements in recovery capabilities and processes.
Delivery of key milestones and currently leading on key workstreams to implement Operational Resilience Regulatory Requirements for multiple UK leading retail banks within their change management lifecycles.
Nicholas draws on his background in academic research to lead delivery of precise, carefully constructed and diligently researched analysis to suit client needs. He has been heavily involved in delivering Operational Resilience programmes for major UK financial institutions.
Nicholas is responsible for Beyond Blue’s in-house tool for generating attack path models based on dependencies between elements of Mitre’s widely used ATT&CK framework. He is also the editor and primary author of Beyond Blue’s newsletters and longer-form thought pieces. Prior to entering the world of consulting, Nicholas completed his fully-funded PhD in Philosophy at University College London.
Nicholas led the development of a new initiative connecting Kant scholars across various London universities and the universities of Oxford and Cambridge through conferences and workshops.
Nicholas excelled as a Graduate Teaching Assistant for the philosophy departments at UCL and Kings College London over a 4-year period and was awarded the KCL Graduate Teaching award in 2020.
Experience with high-profile clients across the public sector and financial services.
Detailed understanding of UK financial services regulations, with a specific focus on scenario-based risk analysis and Operational Resilience.
Developed Beyond Blue’s tool for generating attack path models from Mitre’s ATT&CK framework.
She has a successful track record across multiple sectors including healthcare, manufacturing, financial services, oil and gas, legal and the Third Sector, where she has actively promoted awareness of the value of data and the need to ensure that it is managed in an effective and compliant manner.
Alison is a Board member of Scottish Continuity, a long-established membership organisation who support the continued development of members resilience capabilities through education and subject matter expert support.
Led a programme of work to implement UK General Data Protection Regulations (GDPR) Article 30, Record of Processing Activities (RoPA) for the UK’s largest long-term savings and retirement business, collating details of all processing activities that support Important Business Services and mapping these to provide full visibility of data elements, geographical locations, retention and supply chain processors.
Managed the privacy programme for a multi-national healthcare company, with complex data sets over multiple data privacy regulatory regimes. Applied for and implemented within the business, the use of Binding Corporate Rules as an international transfer mechanism for personal data. Educated and empowered a network of data champions to act as data privacy ambassadors in EMEA and the Rest of the World.
Collaborated with Scottish Government Cyber Resilience Unit and other stakeholders to produce and implement the Third Sector Action Plan, a programme of work designed to support the Strategic Framework for a Cyber Resilient Scotland. The objectives were to raise awareness of cyber threat to the third sector and provide actionable advice to charities and voluntary organisations all over Scotland. Alison was one of the founding members of the CyberScotland Partnership, a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a co-ordinated and coherent way.
Worked in partnership with London’s leading Livery Company to establish a business continuity programme, covering multiple business streams and many valuable physical assets, as well as technology focused resources. Led the scenario testing programme, using scenarios informed by the client’s threat landscape and unique requirements, delivered at executive and operational level.
Alison received the “Shining Light” award in the 2021 Cyber Community Awards as well as winning the Scottish Enterprise Collaboration Competition with Terrier Risk Partners Limited – A Cyber and Business Continuity Collaboration Consortium.
Leah goes beyond surface-level insights, offering a deep understanding of threat groups by exploring motivations, target sectors, and geographical focus. This nuanced approach enables tailored defenses against specific threats.
In practical application, Leah’s expertise shines as she crafts intricate cyber scenarios. Developing a Linux environment and using Python scripts, she ensures precise control over exercises, enhancing participants’ response capabilities.
Her blend of technical proficiency and strategic acumen is evident in navigating complex attack paths, aligning seamlessly with industry frameworks like MITRE ATT&CK. Leah’s insights into threat actors’ software choices provide a dynamic and proactive perspective on cybersecurity challenges.
Excels in Open Source Intelligence (OSINT). Her comprehensive OSINT report is a result of extensive research and the utilization of a variety of tools.
Developed and configured a Linux environment, wrote python scripts that allowed users to send 80+ injects during a scenario exercising project. The scripts allowed the exercise to run smoothly while also maintaining full control over the injects.
Produced an in-depth Threat Intelligence Report that accurately detailed the attack paths, software, techniques and tactics that the selected threat actors would take.
She has crafted an array of sophisticated scenarios utilizing her proprietary internal scenario library. Combining creative ingenuity with technical expertise, she has developed a dynamic repository that authentically simulates complex cyber threats.
Successfully trained on Information Security Management Systems Auditor/Lead Auditor Training Course by BSI and during this process gained many skills that aid in achieving her career goals.
Formerly a senior psychiatric nurse with a first-class honours degree, Nicola recently transitioned over to cyber to follow her passion. Nicola brings a wealth of transferable skills such as risk and crisis management, decision making, and interpersonal skills.
Nicola has achieved industry-recognised certifications: Global Information Assurance Certification – Foundational Cyber Security Technologies (GFACT) and Security Essentials (GSEC) and two SANS training courses, as well as participation in skills development centralised around cyber security.
Delivered internal project ideas to Board and exec level for emotional intelligence and personal resilience awareness workshops within the cyber security industry to improve human responses to crisis.
Assisted with client work, supporting cyber exercising to assess impact, response and remediation activities.
Frequent encounters with elevated risk management scenarios, with additional time pressures requiring responsive action
Excellent communication and interpersonal skills, developing rapports with clients
Maintaining records to a high standard, ensuring data remains confidential and secure
Jennifer also worked as the Resilience Knowledge Coordinator for the Cabinet Office Emergency Planning College. Her comprehensive experience has allowed her to gain a depth of knowledge for crisis management exercising.
During her tenure in the port industry, Jennifer implemented a comprehensive business continuity management framework and management system for 13 sites throughout the UK. This initiative facilitated the attainment of ISO22301 accreditation for the entire corporate group.
Developed and delivered crisis management and business continuity training sessions nation-wide across a large organisation. Tailored these sessions to engage stakeholders at every organisational level, including the board of directors.
Amid the initial lockdowns in 2020, Jennifer spearheaded the implementation of a virtual exercise suite. This innovative technique was utilised to conduct business continuity exercises for the teams of a prominent insurance firm in the UK.
Prior experience at the Cabinet Office Emergency Planning College (EPC), where she provided support to the Civil Contingencies Secretariat. Her responsibilities were particularly focused on assisting with major exercises in for Government departments by acting as an observer and supporting the development of post-exercise reports. Along with this Jennifer also supported the EPC on their thought leadership program and created the Disaster Database, a free interactive tool for research purposes.
Represented a large organisation on the local resilience forum, strategic business continuity group and strategic emergency planning group.
Recently published in the ‘Bridge’ Magazine for an article on the importance of risk management for the port industry.
CIR Awards Shortlisted Newcomer of the Year
2nd Place in the Bill Blake Memorial Award and subsequently had her article published in the Alert Journal regarding ‘Lessons Identified becoming Lessons Learnt’
Rayhaan recently graduated at the top of his cohort with a 1:1 in Cybersecurity, an achievement marked by two awards for excellent performance on the Cybersecurity programme and the esteemed British Computer Society Professional Membership Prize for outstanding final year results.
Prior to joining Beyond Blue, Rayhaan excelled in a dual role during his one-year industrial placement at BAE Systems. Serving as an Operational Assurance Analyst and Security Operations Centre Analyst, Rayhaan honed his skills in protective monitoring and contributed to meaningful projects such as company-wide cybersecurity compliance assessments.
Planned and conducted compliance assessments of internal security controls and processes to identify improvement opportunities and provide recommendations to the relevant stakeholders.
Maintained cyber controls effectiveness by analysing reporting data to determine the effectiveness of security controls using established key performance indicators.
Lead meetings with remediation teams in areas such as hosting and networks to communicate cyber risks to key stakeholders and drive risk remediation.
Investigated security alerts daily using a dedicated SIEM and additional security tools to identify potential incidents, determine their severity and eliminate false positives.
Documented a range of security alert investigations such as malware, malicious emails and web proxy incidents.
Coordinated incident response by engaging with the relevant stakeholders to ensure complete remediation.
Researched cyber threat intelligence to conduct threat hunts by searching for known IOCs on the network and adding them to threat intel lookups.
Ocean is an analytical Statistical Data Science graduate skilled in data analysis, machine learning, and AI, with experience in enhancing performance through data-driven solutions.
Ocean is a Statistical Data Science graduate from Heriot-Watt University with expertise in data analysis, netizen sentiment enhancement, and strategic planning. Prior to tenure at Beyond Blue, Ocean was awarded Intern of the Term at SOCIO Intelligence. His experience includes improving social media sentiment, engagement and contributing to significant projects for Malaysia’s Ministry of Finance, demonstrating strong analytical and adaptive skills.
Conducted data mining and analysis for top Malaysian companies, identifying key trends and insights that led to a 14% increase in overall netizen sentiment ratings.
Utilised analytical skills to propose enhancements to the Malaysia’s Ministry of Finance Yearly Budget Report, collaborating with senior data analysts to forecast netizens’ sentiments.
Crowdfunded around RM7k and organised successful activities for disabled centres and schools, outreaching 400 new users through AIESEC.
Led a group to finals in the Business Challenge 2021 by developing a business revenue model and risk mitigation plans based on market research.
Amy is a highly motivated and critical thinker with a proven track record as an award-winning Lecturer in Criminal Justice. As a published author with excellent communication skills, Amy is an expert in translating and presenting complex, technical knowledge into practical expertise.
Equipped with a fully funded PhD in Criminology, Amy pursued a career in cyber, fuelled by her fascination with the nuances of cyber crime and the intricacies of cyber security. Amy’s commitment to continuous learning and professional growth keeps her at the forefront of advancements in the rapidly evolving cyber landscape we operate in.
Actively contributed to the planning and execution of a Gold Level live exercise for a UK retail bank.
Collaborated in the design of new business and service delivery streams.
Participated, as an observer and scribe, in a Gold Level simulation exercise for a multinational insurer.
Experienced in undertaking primary and secondary research and reporting key findings and practice recommendations to stakeholders to enable them to make informed decisions.
Developed and delivered teaching materials for diverse audiences of different educational and experience backgrounds, tailoring delivery methods to promote and embed learning.
Led a small team integral to organising and delivering educational trips for students, both nationally and internationally, playing a key role in creating enriching educational experiences.
Managed the development and delivery of core teaching modules for large student cohorts, ensuring high-quality and engaging content that aligns to reliable and contemporary sources.
Achieved two industry standard certifications awarded by Global Information Assurance Certification (GIAC): Foundational Cybersecurity Technologies (GFACT) and Security Essentials (GSEC) following the completion of two SANS training courses SEC401 Security Essentials: Network, Endpoint and Cloud and SEC275 Foundations: Computers, Technology and Security.
Member of Global Information Assurance Certification (GIAC) Advisory Board.
Her most recent role was the strategic lead for the effective management of complaints across the local authority as well as the Health & Social Care Partnership. She also has prior experience as an office manager for a graphic design company as well as running her own outside catering business.
