Paul is a founding Director of Stratia Cyber. He is a highly respected Risk Management and Security Architect, with over 25 years of experience working with Government and Commercial systems and customers.

Paul specializes in leading cybersecurity engagements in complex environments, including:

• Lead Security Architect (Ministry of Defence (MOD) service provider – pay and pension systems)
• Business Services Operational and Computer Network Defence Manager for MOD DII systems
• Lead Security Architect at HM Coastguard
• Desktop Accreditor for Top Secret systems to the Security Assurance Manager for GCHQ.

Paul’s deep technical skills are underpinned by his certifications:

• Certified Cyber Security Consultancy (CCSC) Head Consultant
• Lead CESG Certified Professional Security and Information Risk Advisor
• Certified IT Professional member of the British Computer Society
• Certified Information Systems Auditor
• ISC2 Certified Cloud Security Professional CCSP
• Member of the Institute of System Engineers.

Paul was formerly a Sensors engineer in the Royal Navy.

Paul is an information security professional with over 15 years of experience. He is one of the few UK security consultants to be certified at the highest Lead Practitioner level under the CESG Certified Professional (CCP) scheme (Security and Information Risk Advisor (SIRA) role). Paul specialises in managing information risk at the corporate level, advising SIROs/CIOs and corporate boards on proportionate and cost-effective risk management solutions. He is also one of the first Head Consultants appointed under the CESG Certified Cyber Security Consultancy scheme.

Paul’s deep expertise is supported by his certifications and qualifications:

• Founder full member of the Institute of Information Security Professionals (IISP).
• Full member of the Institute of Engineering of Technology
• Chartered Engineer
• Assessor for the Cyber Essentials and IASME standards
• Certified Lead Implementer for the ISO 27000 series of standards (recently requalified against the 2013 update of ISO 27001).

Paul has a particular interest in managing information and financial risk with equal rigour. He has non-executive director experience in audit, risk management and governance roles. For six years, Paul was Chairman of Cheltenham Borough Council’s Audit Committee (annual budget GBP35m). In this role, Paul had responsibility for supervising internal and external audit functions, overseeing the council’s risk management procedures, and approving the annual accounts and statement of internal control. He has also served on the Local Government Association’s audit committee (annual budget GBP23m).

Peter has over 25 years of experience providing security architecture and information assurance advice and has also worked within the intelligence agency community.

Peter is a Lead SIRA and Senior IA Architect CCP and was appointed as a Head Consultant under the NCSC Certified Cyber Security Consultancy (CCSP) scheme.

Peter has deep technical skills and particular expertise in threat and risk assessment, with previous engagements including:

• Intellectual Property Office, UK – Security Architect defining cyber security policy, threat and risk assessment methodology and providing guidance on moving to cloud-based architectures
• Department for Education, UK – Lead Assurance Consultant defining the threat and risk assessment and cloud services security architecture approach
• Ministry of Justice (MOJ) developing their Information Assurance approach
• Rural Payments Agency (RPA), UK on the replacement Common Agricultural Policy (CAP) system, one of the Cabinet Office’s exemplar projects, providing input for the security architecture pattern and accreditation documentation
• PSNSP Cloud supplier FCO Services enabling them to achieve accreditation of their HMG service offerings
• National Archives – risk assessment and security architecture advice

Lou has an extensive and rich business, public service and security background. He has worked as a firefighter, soldier, consultant, businessman and team leader for over 40 years. Lou’s military service began at Sandhurst and culminated in command of a regiment.

After retiring from active service in 1999, Lou’s focus is now the aerospace, defence and security industries.

At Ernst & Young and Cap Gemini, Lou contributed to significant growth in the defence, eCommerce and oil and gas consultancy practices. Lou was part of Serco’s successful drive into the defence consultancy and advisory space.

At CSC, Lou was CSC’s Director for Intelligence within the cyber area of the business. The role involved strategic and operational control of its intelligence business in the UK including responsibility for a joint CSC/Logica team of 350 vetted specialists who provided high security managed storage, infrastructure and related services to government agencies. Lou has also consulted to BAE Systems, Mercer, Fujitsu, Landmark and the UK government.

Jason has over 25 years of experience in business assurance, information risk management, security architecture and technical security assessments across government agencies, defence and critical infrastructure utilities. He has a particular expertise in threat intelligence and cybersecurity incident response.

Jason’s deep technical experience is underpinned by his certifications including:

• Lead CCP Security and Information Risk Advisor (SIRA)
• Lead CCP Information Architect (IAA).
• Lead ISO27001 Lead Implementer
• Former CREST Registered Specialist (CRT/CCIAS/CCTRA)
• Chartered IT Professional (CITP)
• Member of the British Computer Society (MBCS)
• Member of the Institution of Engineering and Technology (MIET)
• Full and Founder Member of the Institute of Information Security Professionals (MinstISP).

Jason is also a Certified SCADA Security Architect (CSSA) with a working knowledge of IEC61850, IEC62443 and the NERC CIP standards applied in multinational, multi-utility organisations, to prepare and respond to cyber security incidents across UK and North American energy networks. Jason has coordinated and conducted vulnerability and penetration security assessments against process and industrial control systems(ICS/SCADA), helping organisations identify and address security weaknesses.

Jason’s engagements have included UK Ministry of Defence, National Grid, EDF and British Energy, the Metropolitan Police Service, Cisco Systems, France Telecom, the BBC and Deutsche Bank.