Services
Tim D Williams delivers expert, ethical advice in all aspects of security architecture, security engineering & security management based on over 30 years of real-world experience, backed by extensive relevant qualifications & ongoing cutting-edge research.
Services which Tim is highly competent to deliver include:
Security Team Leadership and Interim Management
Security Governance, Budgeting and Oversight (referencing ITIL, COBIT, COSO, Sarbanes-Oxley, UK Corporate Governance Code and other relevant authorities)
Security Operations and Continuous Service Improvement
Security Training, including Agile Security coaching, DevSecOps, Cloud Security Auditing and secure CI/CD enablement
Data Protection Training, including GDPR, UK Data Protection Act (DPA), US Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA)
Security Threat Modelling
Security Risk Assessments
Security Requirements Analysis
Security Architecture Development (referencing SABSA, TOGAF, NIST, CIS, MODAF and other relevant authorities)
Cloud Security Architecture (including AWS, Azure and Google Cloud Platform)
Security Due Diligence (both on vendors and responding to customer audits)
Security Procurement Support (client-side) and Proposal/Bid Support (vendor-side)
Security Engineering Solution Development
Security Design Reviews
Security Code Reviews (fully manual and partly-automated: static/dynamic/ interactive, referencing OWASP, MITRE, SANS, WebAppSec, SafeCode, SEI-CMM and other relevant authorities)
Infrastructure Vulnerability Assessments and Mitigation Plans
Web Application Penetration Testing
Applied Cryptography spanning:
- Asymmetric Cryptography: Algorithms (RSA, Diffie-Helman, ECC etc.), PKI, Web of Trust, Digital Certificates & Signatures, Key Lifecycle Management, HSMs, Encryption at Rest & In Transit including IPSEC, SSL/TLS & threats & mitigations.
- Symmetric Cryptography: Algorithms (AES, DES, 3DES etc.), Assured Hardware Sources of Entropy, Key Encryption Key (KEK), Data Encryption Key (DEK) & Key Rotation methods.
- Keyless Cryptography & primitives: Hash Functions, Pseudo Random Number Generators & One Time Pads.
- Human & Social aspects of Cryptography: Certificate Authorities, Registration Authorities & crypto custodian duties.
- Assurance Schemes: Common Criteria, FIPS, eIDAS, PCI-DSS etc.
If you would like to engage Tim as a trusted security advisor, he is open to negotiation about all* aspects of the requested engagement including scope, work location, duration and rates.
* subject to requests not involving any actual or apparent conflicts of interest.
Approach
Tim’s approach to security architecture & engineering is guided by the truth that:
“Attacks always get better; they never get worse" (1)
The inescapable implication is that all security solutions absolutely need to be designed for continuous improvement, keeping in mind that when new exploits emerge anywhere in the world they will quickly be automated and become available at low cost to unskilled threat actors.
Simply being able to mitigate today’s known threats is not nearly enough. A sustainable and agile approach to security design is needed - one which allows for continuous, rapid and economical integration and exploitation of new security capabilities. That means constantly maintaining “big picture” awareness of where future flexibility will be needed, whilst never losing focus on the effectiveness and efficiency of current security operations.
A thorough and systematic understanding is needed both of what types of improved security capabilities are needed and when they need to be ready for live operations.
Holz, R., Sheffer, Y. and Saint-Andre, P., 2015. RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Available at: https://tools.ietf.org/html/rfc7457#section-1
Testimonials
Resume
Tim D Williams is a motivated, versatile & well-qualified security consultant with broad business, technical & regulatory compliance skillset who quickly establishes good relationships, inspires trust & supports continuous, agile team learning.
Key Strengths
Business/IT alignment - quickly understanding the context & the required balance of people/process/technical change
Breadth of Experience - spanning architecture, management, finance, training, software, data & infrastructure
Extremely rapid learner - with proven ability to master the critical details of new industries, roles & technologies
Experience
Encryption Consultant
Global Law Firm
Jan 2020 to present date
Senior Digital Security Specialist
Government client
May 2019 to Aug 2019
Cyber Security Architect
Retail e-Commerce client
Feb 2018 to Jul 2018
Lead Security Architect
Government client
Jul 2016 to Sep 2016
Lead Security Architect
Government client
Apr 2016 to May 2016
Head of Information Security
Private healthcare sector client
Mar 2015 to Jul 2015
Lead Penetration Tester
Energy Sector client
Oct 2013 to Jun 2014
Security Architect
Government sector supplier
Feb 2011 to Aug 2011
Principal Systems Engineer
Government sector supplier
Nov 2005 to May 2010
Enterprise Information Architect
Banking group
May 2002 to May 2005
Data Warehouse Manager
Chemicals manufacture & logistics
Aug 1997 to Aug 1999
Lead Security Architect
International Bank
Nov 2021 to present date
Security Consultant
Transport Sector Engineering client
Sep 2019 to present date
Lead Security Architect
Government client
Aug 2018 to Mar 2019
Enterprise Security Architect
Energy sector client
Sep 2016 to Feb 2018
Security Trainer
Public-sector & private sector clients
Jul 2016 to present date
Security Architect
Government client
Jul 2015 to Apr 2016
Security Architect
Government sector supplier
Sep 2014 to Jan 2015
Lead Security Architect
Government sector supplier
Sep 2011 to Oct 2013
Solutions Architect
International Bank
May 2010 to Jan 2011
Senior Systems Engineer
Enterprise Software Vendor
May 2005 to Nov 2005
Software Development Manager
Multinational e-Commerce vendor
Aug 1999 to Aug 2001
Professional Memberships and Qualifications
BCS
FBCS - Fellow of the British Computer Society
CITP - Chartered IT Professional
MBPsS - Graduate Member of the British Psychological Society
BPsS
MCIIS - Full Member of the Chartered Institute of Information Security
CIISec
EC-Council
CEH - Certified Ethical Hacker
GDPR (F) - General Data Protection Regulation Foundation
GDPR (P) - General Data Protection Regulation Practitioner
GASQ
IET
MIET - Member of the Institution of Engineering & Technology
(ISC)2
CISSP - Certified Information Systems Security Professional
ISSAP - Information Systems Security Architecture Professional
ISSEP - Information Systems Security Engineering Professional
ISSMP - Information Systems Security Management Professional
CSSLP - Certified Secure Software Lifecycle Professional
CCSP - Certified Cloud Security Professional
CAP - Certified Authorization Professional
ISACA
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CGEIT - Certified in the Governance of Enterprise IT
CRISC - Certified in Risk and Information Systems Control
The Open Group
TOGAF 9.1 Certified
Education
Cambridge English Language Teaching Assessment (CELTA)
Cambridge Assessment
2021 to 2022
MSc Information Security Testing
Royal Holloway University of London
2012 to 2014
Postgraduate Certificate in Higher Education (PGCHE)
Falmouth University
2020 to 2021
BSc (Joint Honours) Psychology & Pharmacology
University of Manchester
1985 to 1995
Professional Contributions
External Adviser
London Metropolitan University: MSc Artificial Intelligence & BSc Cyber Security & Digital Forensics
May 2019
Programme Committee Member
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRIC.org)
Sep 2017 to present date
Committee Member
British Computer Society Information Security Specialists Group (BCS-ISSG)
Sep 2016 to present date
Events Coordinator
(ISC)2 Thames Valley Chapter
Nov 2014 to Jan 2019
Secretary
(ISC)2 Thames Valley Chapter
Nov 2016 to Jan 2019
Member
CESG Listed Advisers Scheme (CLAS) Policy & Tools Working Group
Feb 2011 to Sep 2015