Tim D Williams

Security Architecture,
Engineering and Management

Services

Tim D Williams delivers expert, ethical advice in all aspects of security architecture, security engineering & security management based on over 30 years of real-world experience, backed by extensive relevant qualifications & ongoing cutting-edge research.

Services which Tim is highly competent to deliver include:

  • Security Team Leadership and Interim Management

  • Security Governance, Budgeting and Oversight (referencing ITIL, COBIT, COSO, Sarbanes-Oxley, UK Corporate Governance Code and other relevant authorities)

  • Security Operations and Continuous Service Improvement

  • Security Training

  • Security Threat Modelling

  • Security Risk Assessments

  • Security Requirements Analysis

  • Security Architecture Development (referencing SABSA, TOGAF, NIST, CIS, MODAF and other relevant authorities)

  • Cloud Security Architecture (including AWS, Azure and Google Cloud Platform)

  • Security Due Diligence (both on vendors and responding to customer audits)

  • Security Procurement Support (client-side) and Proposal/Bid Support (vendor-side)

  • Security Engineering Solution Development

  • Security Design Reviews

  • Security Code Reviews (fully manual and partly-automated: static/dynamic/ interactive, referencing OWASP, MITRE, SANS, WebAppSec, SafeCode, SEI-CMM and other relevant authorities)

  • Infrastructure Vulnerability Assessments and Mitigation Plans

  • Web Application Penetration Testing

If you would like to engage Tim as a trusted security advisor, he is open to negotiation about all* aspects of the requested engagement including scope, work location, duration and rates.

* subject to requests not involving any actual or apparent conflicts of interest.

Approach

Tim’s approach to security architecture & engineering is guided by the truth that: 

“Attacks always get better; they never get worse" (1) 

The inescapable implication is that all security solutions absolutely need to be designed for continuous improvement, keeping in mind that when new exploits emerge anywhere in the world they will quickly be automated and become available at low cost to unskilled threat actors.

Simply being able to mitigate today’s known threats is not nearly enough. A sustainable approach to security design is needed - one which allows for continuous, rapid and economical integration and exploitation of new security capabilities. That means constantly maintaining “big picture” awareness of where future flexibility will be needed, whilst never losing focus on the effectiveness and efficiency of current security operations.

A thorough and systematic understanding is needed both of what types of improved security capabilities are needed and when they need to be ready for live operations.

  1. Holz, R., Sheffer, Y. and Saint-Andre, P., 2015. RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Available at: https://tools.ietf.org/html/rfc7457#section-1

Testimonials

Tim is an astute security professional who has a wealth of knowledge and experience in the security domain. He is helpful and always willing to go that extra step to provide results.
— Security and Compliance Director
The team relied not only on his extensive technical skills but also on his “out-of-the-box” thinking that often challenged the team to consider better alternatives
— President
Tim is an exceptional mentor and has the ability to break down issues into the core problems quickly and without complication.
— Head of Integration
You don’t realise it yet, but you want Tim on your team.
— Vice President
Tim goes the extra mile to research areas both directly and indirectly related to the projects he is working on.
— Business Development
Tim is a forward-looking, experienced & talented security thought leader who can effortlessly deep dive from strategy & architecture to implementation in no time
— AWS Consultant
Tim .. is the first person I turn to for peer review, because not only will get a well considered and valuable opinion, but he will always spot the things I had either not considered or felt were of little consequence, but he has identified as critical to a successful outcome
— CEO

Resume

Tim D Williams is a motivated, versatile & well-qualified security consultant with broad business, technical & regulatory compliance skillset who quickly establishes good relationships, inspires trust & supports continuous team learning.

Key Strengths

Business/IT alignment - quickly understanding the context & the required balance of people/process/technical change

Breadth of Experience - spanning architecture, management, finance, training, software, data & infrastructure

Extremely rapid learner - with proven ability to master the critical details of new industries, roles & technologies

Experience

Cyber Security Architect
FCA-regulated e-Commerce client
Feb 2018 to Jul 2018

Lead Security Architect
Government client
Jul 2016 to Sep 2016

Lead Security Architect
Government client
Apr 2016 to May 2016

Head of Information Security
Private healthcare sector client
Mar 2015 to Jul 2015

Lead Penetration Tester
Energy sector client
Oct 2013 to Jun 2014

Solutions Architect
Banking sector client
May 2010 to Jan 2011

Principal Systems Engineer
Government sector supplier
November 2005 to May 2010

Information Architect
Banking sector
Feb 2002 to May 2005

Lead Security Architect
Government client
Aug 2018 to Mar 2019

Enterprise Security Architect
Energy sector client
Sep 2016 to Feb 2018

Security Trainer
Public-sector & private-sector clients
July 2016 to present date

Security Architect
Government client
Jul 2015 to Apr 2016

Security Architect
Government sector supplier
Sep 2014 to Jan 2015

Lead Security Architect
Government sector supplier
Sep 2011 to Oct 2013

Solutions Architect
Banking sector client
May 2010 to Jan 2011

Senior Systems Engineer
Enterprise software vendor
May 2005 to Nov 2005

 

Professional Memberships and Qualifications

BCS

FBCS - Fellow of the British Computer Society
CITP - Chartered IT Professional
CCP (IA Architect) - Certified Cyber Professional


EC-Council

CEH - Certified Ethical Hacker


IET

MIET - Member of the Institution of Engineering & Technology


IISP

M.Inst.ISP - Member of Institute of Information Security Professionals


(ISC)2

CISSP - Certified Information Systems Security Professional
ISSAP - Information Systems Security Architecture Professional
ISSEP - Information Systems Security Engineering Professional
ISSMP - Information Systems Security Management Professional
CSSLP - Certified Secure Software Lifecycle Professional
CCSP - Certified Cloud Security Professional
CAP - Certified Authorization Professional


ISACA

CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CGEIT - Certified in the Governance of Enterprise IT
CRISC - Certified in Risk and Information Systems Control


The Open Group

TOGAF 9.1 Certified

Education

PhD Construction Management
University of Reading
2017 to 2021 (expected)

BSc Biological Sciences
Manchester University
1985 to 1995

MSc Information Security
Royal Holloway University of London
2012 to 2014

Volunteer Experience

Programme Committee Member
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRIC.org)   
Sep 2017 to present date

Committee Member
British Computer Society Information Security Specialists Group (BCS-ISSG)
Sep 2016 to present date

Events Coordinator
(ISC)2 Thames Valley Chapter    
Nov 2014 to Jan 2019

Secretary
(ISC)2 Thames Valley Chapter    
Nov 2016 to Jan 2019

Member
CLAS Policy & Tools Working Group 
Feb 2011 to Sep 2015

color-3.png

Contact

Name *
Name
color-3.png