Tim D Williams

Security Architecture,
Engineering and Management


Tim D Williams delivers expert, ethical advice in all aspects of security architecture, security engineering & security management based on over 30 years of real-world experience, backed by extensive relevant qualifications & ongoing cutting-edge research.

Services which Tim is highly competent to deliver include:

  • Security Team Leadership and Interim Management

  • Security Governance, Budgeting and Oversight (referencing ITIL, COBIT, COSO, Sarbanes-Oxley, UK Corporate Governance Code and other relevant authorities)

  • Security Operations and Continuous Service Improvement

  • Security Training, including Agile Security coaching, DevSecOps and secure CI/CD enablement

  • Security Threat Modelling

  • Security Risk Assessments

  • Security Requirements Analysis

  • Security Architecture Development (referencing SABSA, TOGAF, NIST, CIS, MODAF and other relevant authorities)

  • Cloud Security Architecture (including AWS, Azure and Google Cloud Platform)

  • Security Due Diligence (both on vendors and responding to customer audits)

  • Security Procurement Support (client-side) and Proposal/Bid Support (vendor-side)

  • Security Engineering Solution Development

  • Security Design Reviews

  • Security Code Reviews (fully manual and partly-automated: static/dynamic/ interactive, referencing OWASP, MITRE, SANS, WebAppSec, SafeCode, SEI-CMM and other relevant authorities)

  • Infrastructure Vulnerability Assessments and Mitigation Plans

  • Web Application Penetration Testing

If you would like to engage Tim as a trusted security advisor, he is open to negotiation about all* aspects of the requested engagement including scope, work location, duration and rates.

* subject to requests not involving any actual or apparent conflicts of interest.


Tim’s approach to security architecture & engineering is guided by the truth that: 

“Attacks always get better; they never get worse" (1) 

The inescapable implication is that all security solutions absolutely need to be designed for continuous improvement, keeping in mind that when new exploits emerge anywhere in the world they will quickly be automated and become available at low cost to unskilled threat actors.

Simply being able to mitigate today’s known threats is not nearly enough. A sustainable and agile approach to security design is needed - one which allows for continuous, rapid and economical integration and exploitation of new security capabilities. That means constantly maintaining “big picture” awareness of where future flexibility will be needed, whilst never losing focus on the effectiveness and efficiency of current security operations.

A thorough and systematic understanding is needed both of what types of improved security capabilities are needed and when they need to be ready for live operations.

  1. Holz, R., Sheffer, Y. and Saint-Andre, P., 2015. RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Available at: https://tools.ietf.org/html/rfc7457#section-1


Tim is an astute security professional who has a wealth of knowledge and experience in the security domain. He is helpful and always willing to go that extra step to provide results.
— Security and Compliance Director
The team relied not only on his extensive technical skills but also on his “out-of-the-box” thinking that often challenged the team to consider better alternatives
— President
Tim is an exceptional mentor and has the ability to break down issues into the core problems quickly and without complication.
— Head of Integration
You don’t realise it yet, but you want Tim on your team.
— Vice President
Tim goes the extra mile to research areas both directly and indirectly related to the projects he is working on.
— Business Development
Tim is a forward-looking, experienced & talented security thought leader who can effortlessly deep dive from strategy & architecture to implementation in no time
— AWS Consultant
Tim .. is the first person I turn to for peer review, because not only will get a well considered and valuable opinion, but he will always spot the things I had either not considered or felt were of little consequence, but he has identified as critical to a successful outcome


Tim D Williams is a motivated, versatile & well-qualified security consultant with broad business, technical & regulatory compliance skillset who quickly establishes good relationships, inspires trust & supports continuous, agile team learning.

Key Strengths

Business/IT alignment - quickly understanding the context & the required balance of people/process/technical change

Breadth of Experience - spanning architecture, management, finance, training, software, data & infrastructure

Extremely rapid learner - with proven ability to master the critical details of new industries, roles & technologies


Lead Security Architect
Government client
Aug 2018 to Mar 2019

Enterprise Security Architect
Energy sector client
Sep 2016 to Feb 2018

Security Trainer
Public-sector & private-sector clients
July 2016 to present date

Security Architect
Government client
Jul 2015 to Apr 2016

Security Architect
Government sector supplier
Sep 2014 to Jan 2015

Lead Security Architect
Government sector supplier
Sep 2011 to Oct 2013

Solutions Architect
Banking sector client
May 2010 to Jan 2011

Senior Systems Engineer
Enterprise software vendor
May 2005 to Nov 2005

Software Development Manager
Multinational e-Commerce vendor
Aug 1999 to Aug 2001

Senior Digital Security Specialist
Government client
May 2019 to present date

Cyber Security Architect
FCA-regulated e-Commerce client
Feb 2018 to Jul 2018

Lead Security Architect
Government client
Jul 2016 to Sep 2016

Lead Security Architect
Government client
Apr 2016 to May 2016

Head of Information Security
Private healthcare sector client
Mar 2015 to Jul 2015

Lead Penetration Tester
Energy sector client
Oct 2013 to Jun 2014

Security Architect
Government sector supplier
Feb 2011 to Aug 2011

Principal Systems Engineer
Government sector supplier
November 2005 to May 2010

Information Architect
Banking sector
Feb 2002 to May 2005


Professional Memberships and Qualifications


FBCS - Fellow of the British Computer Society
CITP - Chartered IT Professional
CCP (IA Architect) - Certified Cyber Professional


CEH - Certified Ethical Hacker


MIET - Member of the Institution of Engineering & Technology


M.Inst.ISP - Member of Institute of Information Security Professionals


CISSP - Certified Information Systems Security Professional
ISSAP - Information Systems Security Architecture Professional
ISSEP - Information Systems Security Engineering Professional
ISSMP - Information Systems Security Management Professional
CSSLP - Certified Secure Software Lifecycle Professional
CCSP - Certified Cloud Security Professional
CAP - Certified Authorization Professional


CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CGEIT - Certified in the Governance of Enterprise IT
CRISC - Certified in Risk and Information Systems Control

The Open Group

TOGAF 9.1 Certified


PhD Construction Management
University of Reading
2017 to 2021 (expected)

BSc Biological Sciences
Manchester University
1985 to 1995

MSc Information Security
Royal Holloway University of London
2012 to 2014

Professional Contributions

External Adviser
London Metropolitan University: MSc Artificial Intelligence & BSc Cyber Security & Digital Forensics   
May 2019

Programme Committee Member
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRIC.org)   
Sep 2017 to present date

Committee Member
British Computer Society Information Security Specialists Group (BCS-ISSG)
Sep 2016 to present date

Events Coordinator
(ISC)2 Thames Valley Chapter    
Nov 2014 to Jan 2019

(ISC)2 Thames Valley Chapter    
Nov 2016 to Jan 2019

CLAS Policy & Tools Working Group 
Feb 2011 to Sep 2015



Name *