Services
Tim D Williams delivers expert, ethical advice in all aspects of security architecture, security engineering & security management based on over 30 years of real-world experience, backed by extensive relevant qualifications & ongoing cutting-edge research.
Services which Tim is highly competent to deliver include:
Security Team Leadership and Interim Management
Security Governance, Budgeting and Oversight (referencing ITIL, COBIT, COSO, Sarbanes-Oxley, UK Corporate Governance Code and other relevant authorities)
Security Operations and Continuous Service Improvement
Security Training, including Agile Security coaching, DevSecOps and secure CI/CD enablement
Security Threat Modelling
Security Risk Assessments
Security Requirements Analysis
Security Architecture Development (referencing SABSA, TOGAF, NIST, CIS, MODAF and other relevant authorities)
Cloud Security Architecture (including AWS, Azure and Google Cloud Platform)
Security Due Diligence (both on vendors and responding to customer audits)
Security Procurement Support (client-side) and Proposal/Bid Support (vendor-side)
Security Engineering Solution Development
Security Design Reviews
Security Code Reviews (fully manual and partly-automated: static/dynamic/ interactive, referencing OWASP, MITRE, SANS, WebAppSec, SafeCode, SEI-CMM and other relevant authorities)
Infrastructure Vulnerability Assessments and Mitigation Plans
Web Application Penetration Testing
If you would like to engage Tim as a trusted security advisor, he is open to negotiation about all* aspects of the requested engagement including scope, work location, duration and rates.
* subject to requests not involving any actual or apparent conflicts of interest.
Approach
Tim’s approach to security architecture & engineering is guided by the truth that:
“Attacks always get better; they never get worse" (1)
The inescapable implication is that all security solutions absolutely need to be designed for continuous improvement, keeping in mind that when new exploits emerge anywhere in the world they will quickly be automated and become available at low cost to unskilled threat actors.
Simply being able to mitigate today’s known threats is not nearly enough. A sustainable and agile approach to security design is needed - one which allows for continuous, rapid and economical integration and exploitation of new security capabilities. That means constantly maintaining “big picture” awareness of where future flexibility will be needed, whilst never losing focus on the effectiveness and efficiency of current security operations.
A thorough and systematic understanding is needed both of what types of improved security capabilities are needed and when they need to be ready for live operations.
Holz, R., Sheffer, Y. and Saint-Andre, P., 2015. RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Available at: https://tools.ietf.org/html/rfc7457#section-1
Testimonials
Tim is an astute security professional who has a wealth of knowledge and experience in the security domain. He is helpful and always willing to go that extra step to provide results.
The team relied not only on his extensive technical skills but also on his “out-of-the-box” thinking that often challenged the team to consider better alternatives
Tim is an exceptional mentor and has the ability to break down issues into the core problems quickly and without complication.
You don’t realise it yet, but you want Tim on your team.
Tim goes the extra mile to research areas both directly and indirectly related to the projects he is working on.
Tim is a forward-looking, experienced & talented security thought leader who can effortlessly deep dive from strategy & architecture to implementation in no time
Tim .. is the first person I turn to for peer review, because not only will get a well considered and valuable opinion, but he will always spot the things I had either not considered or felt were of little consequence, but he has identified as critical to a successful outcome
Resume
Tim D Williams is a motivated, versatile & well-qualified security consultant with broad business, technical & regulatory compliance skillset who quickly establishes good relationships, inspires trust & supports continuous, agile team learning.
Key Strengths
Business/IT alignment - quickly understanding the context & the required balance of people/process/technical change
Breadth of Experience - spanning architecture, management, finance, training, software, data & infrastructure
Extremely rapid learner - with proven ability to master the critical details of new industries, roles & technologies
Experience
Lead Security Architect
Government client
Aug 2018 to Mar 2019
Enterprise Security Architect
Energy sector client
Sep 2016 to Feb 2018
Security Trainer
Public-sector & private-sector clients
July 2016 to present date
Security Architect
Government client
Jul 2015 to Apr 2016
Security Architect
Government sector supplier
Sep 2014 to Jan 2015
Lead Security Architect
Government sector supplier
Sep 2011 to Oct 2013
Solutions Architect
Banking sector client
May 2010 to Jan 2011
Senior Systems Engineer
Enterprise software vendor
May 2005 to Nov 2005
Software Development Manager
Multinational e-Commerce vendor
Aug 1999 to Aug 2001
Senior Digital Security Specialist
Government client
May 2019 to present date
Cyber Security Architect
FCA-regulated e-Commerce client
Feb 2018 to Jul 2018
Lead Security Architect
Government client
Jul 2016 to Sep 2016
Lead Security Architect
Government client
Apr 2016 to May 2016
Head of Information Security
Private healthcare sector client
Mar 2015 to Jul 2015
Lead Penetration Tester
Energy sector client
Oct 2013 to Jun 2014
Security Architect
Government sector supplier
Feb 2011 to Aug 2011
Principal Systems Engineer
Government sector supplier
November 2005 to May 2010
Information Architect
Banking sector
Feb 2002 to May 2005
Professional Memberships and Qualifications
BCS
FBCS - Fellow of the British Computer Society
CITP - Chartered IT Professional
CCP (IA Architect) - Certified Cyber Professional
EC-Council
CEH - Certified Ethical Hacker
IET
MIET - Member of the Institution of Engineering & Technology
IISP
M.Inst.ISP - Member of Institute of Information Security Professionals
(ISC)2
CISSP - Certified Information Systems Security Professional
ISSAP - Information Systems Security Architecture Professional
ISSEP - Information Systems Security Engineering Professional
ISSMP - Information Systems Security Management Professional
CSSLP - Certified Secure Software Lifecycle Professional
CCSP - Certified Cloud Security Professional
CAP - Certified Authorization Professional
ISACA
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CGEIT - Certified in the Governance of Enterprise IT
CRISC - Certified in Risk and Information Systems Control
The Open Group
TOGAF 9.1 Certified
Education
PhD Construction Management
University of Reading
2017 to 2021 (expected)
BSc Biological Sciences
Manchester University
1985 to 1995
MSc Information Security
Royal Holloway University of London
2012 to 2014
Professional Contributions
External Adviser
London Metropolitan University: MSc Artificial Intelligence & BSc Cyber Security & Digital Forensics
May 2019
Programme Committee Member
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRIC.org)
Sep 2017 to present date
Committee Member
British Computer Society Information Security Specialists Group (BCS-ISSG)
Sep 2016 to present date
Events Coordinator
(ISC)2 Thames Valley Chapter
Nov 2014 to Jan 2019
Secretary
(ISC)2 Thames Valley Chapter
Nov 2016 to Jan 2019
Member
CLAS Policy & Tools Working Group
Feb 2011 to Sep 2015
Contact