Matt Adams

Cyber Security Consultant

Hi, I'm Matt Adams, an experienced cyber security consultant with a strong track record of delivering a broad variety of security projects across a range of industry sectors. If you'd like to know more about me and my work then please scroll down for details of my experience, skills and education. If you would like to contact me about a potential role then either please use the web form at the bottom of this page, email me direct, or else get in touch via my profile on LinkedIn.

Download / print a copy of my CV

ABOUT

I’ve been working as an information security specialist for 12 years, and have been an independent consultant since 2014, primarily as a key member of two enterprise-wide security transformation projects.

Prior to becoming an independent consultant I was a Senior Manager in Deloitte's market leading Security & Resilience practice, responsible for leading complex security engagements for clients in the financial services, energy and resources and central government sectors, as well as delivering key strategic projects for FTSE100 telecommunications and technology organisations. Whilst at Deloitte I led the firm’s Information Protection services in the UK; developing and implementing data loss prevention, mobile device management and data classification technology solutions for leading organisations.

I currently hold CISSP and ISO 27001 Lead Auditor certifications. I've previously been CISM certified and was a member of the CESG Listed Adviser Scheme (CLAS) from 2010 until 2014.

Location: Buckingham, UK
Available from January 2019

SKILLS

Security Risk Assessment

Data Classification

Phishing/Social Engineering

General Data Protection Regulation (GDPR)

Security Transformation

Third Party Security Assurance

Mobile Device/Application Management

Data Loss Prevention

Project Management

Security Governance

EXPERIENCE

2014-2016

London Metal Exchange

Information Security Consultant

Currently delivering a number of key projects as part of a comprehensive Information Security Improvement Programme.

2013

Deloitte

Senior Manager, Security & Resilience

Led the development of the Target Operating Model for a global insurance provider. The key deliverables for this project were a refreshed organisation design, governance model and security activity catalogue, all of which were aligned to the business’ goals for the new security organisation.

Managed Deloitte’s involvement in a multidisciplinary team of information security specialists tasked by the CIO of a global insurance provider to identify and remediate significant security weaknesses in business critical applications and network infrastructure.

Provided detailed guidance to the executive board of a FTSE 100 technology company on the potential security and operational risks of implementing a Bring-Your-Own-Device (BYOD) scheme for mobile devices.

Responsible for leading Deloitte's Information Protection services, including the design and development of a Managed Data Loss Prevention service.

2011-2012

Deloitte

Manager, Security & Resilience

Responsible for defining the security assurance strategy used by a government smart metering programme to ensure the security of organisations and equipment involved in meeting the programme’s objectives. A highlight of this work was leading the development of a new regulatory licence condition, including developing the initial policy principles, completing a public consultation and government response, and submitting the new licence condition to Parliament.

Completed a six-month secondment as the Information Security Manager for a global provider of employability services. During the secondment I worked closely with the business’ CIO to develop and embed a refreshed set of information security policies and procedures, ensuring compliance with UK Government security requirements.

Responsible for leading Deloitte's Information Protection services, including the development and implementation of data loss prevention, mobile device management and data classification technology solutions for leading organisations.

Led a review of the structure and responsibilities of teams performing anti-malware functions within a financial services company to gauge their effectiveness. This work involved producing a current state assessment of malware management responsibilities across the organisation, then using knowledge of industry good practice to make recommendations for improving the alignment of the client’s organisational structure to the types of malware threats that they face.

2009-2010

Deloitte

Senior Consultant, Security & Resilience

Responsible for coordinating and completing multiple third-party information security assessments for a large UK banking group. This work used the ISF Security Healthcheck methodology and required a broad knowledge of information security good practice in order to identify threats to the confidentiality of customer data, and raise appropriate recommendations to address them.

Seconded to a large UK banking group to provide support and subject matter expertise to the group’s information security and risk management function. Throughout this secondment I used my experience of working with other financial services clients to provide valuable insights on their performance in relation to industry good practice.

Led the development and roll-out of an application tool set used by a government agency to capture and process profiling information for more than 700 information systems within their estate. The tool set used an algorithm to score each system based upon a number of factors (e.g. sensitivity of data, use of storage encryption, etc.); these scores were then discussed with management to prioritise key systems for further assessment.

2006-2008

Deloitte

Consultant, Technology Assurance & Advisory

Responsible for testing the design and implementation of information technology controls to provide assurance over their effectiveness. These assessments were typically delivered either in an outsourced advisory capacity for public sector clients, or as part of a larger team providing systems assurance to support statutory audits of FTSE100 companies. The variety of clients covered by these engagements required a working knowledge of a broad range of systems and technologies.

EDUCATION

2011

Certified Information Security Manager

ISACA

Certification number: 685826

2011

ISO 27001 Lead Auditor

British Standards Institute

Certification number: ENR-00032042

2010

Certified Information Systems Security Professional

(ISC)2

Certification number: 366220

2006

BSc (Hons) Business Management

University of Surrey

Awarded first-class honours.

CONTACT

YOUR NAME:

EMAIL:

MESSAGE:

If you would any further details about my experience and skills, or would like to approach me to discuss a specific role then please get in touch using the web form on this page, or via one of the links below.