Lead Cyber Security Engineer

Lead Cyber Security Engineer responsible for technical consultancy, solution architecture, and security engineering across diverse client environments. I work directly with customers in sectors including technology and transport, human intelligence and finance, designing and implementing secure, scalable systems. I drive innovation within Nova Blue Technologies to strengthen our managed security service delivery and operational maturity. Key Achievements/Projects: Designed and deployed a fully automated M365 security configuration management platform, enabling consistent, baseline-driven deployment of ~200 security configurations per tenant within hours instead of weeks/months. Fully developed in-house to avoid third-party risks, the solution removed the manual engineer deployment bottleneck so customer change approvals become the only limiting factor. The system ensures secure, repeatable configuration, baseline compliance checking, and drift detection with proactive alerting, delivering rapid, reliable and risk-conscious security standardisation. Architected and implemented an automated import/export system enabling secure, seamless data transfer between low and high-security domains. The solution eliminated the need for a dedicated manual process (previously budgeted at ~£21,000 per year) and reduced ongoing operational costs to ~£3,000 annually, delivering a more efficient, compliant, and cost-effective capability. Designed and implemented CI/CD pipelines and code versioning frameworks to create a single, auditable source of truth for system permission configuration. This eliminated hours of manual monthly permission reviews caused by the customers highlight dynamic operating environment. Led detection engineering initiatives that delivered unified visibility and threat detection capabilities across customer: cloud services, SASE solution, on-prem network security platforms (inc. Palo Alto, Sophos, Thor APT), Linux and Windows servers, virtualisation environments (Proxmox, VMware), OT infrastructure and end-user workstations. Enhanced detection of insider data exfiltration and identity compromise risks, addressing key business threats in a highly sensitive environment. Overhauled daily analyst workflows by developing data visualisation dashboards within the SIEM, consolidating customer environment security data into a single-pane view. Standardised proactive daily security oversight across the MSSP and reduced analyst time to complete all customer checks from four hours to one. Developed automated KPI collection systems to track customer security posture improvements over time, eliminating manual reporting effort. Enabled expansion of tracked metrics while ensuring consistent, error-free data collection and accurate trend analysis with no missed or mistyped inputs. Actively contributed to internal process improvement and scalability, developing fully documented workflows with visual flow diagrams to support workforce expansion and business efficiency improvements. Streamlined operations by identifying and removing process choke points, enabling consistent, high-quality MSSP service delivery at scale. Received multiple internal performance citations in recognition of continuous innovation and dedication to advancing the company’s cyber security service offerings.

Technology Blog Author

I run a technical blog where I share insights, lessons learned, and innovative ideas from both professional and personal IT projects, aiming to communicate complex technical concepts in a clear, accessible way and contribute to the wider cybersecurity and IT community.

Development Lead

Development Lead for an in-house developed, multi-classification secure communications system that transformed the RAF’s approach to capability delivery. Responsible for securely integrating data centre technologies within deployed networking environments to deliver a fully service-managed platform with comprehensive network and cyber monitoring. Lead and mentored a team of eight engineers, guiding technical delivery and fostering professional development to meet operational requirements. Oversee and innovate system operation across two UK hub sites and ~86 customer sites, ensuring resilience, security and continuous improvement in mission critical environments. Key Achievements/Projects: Named on the King’s Birthday Honours List 2024 and awarded a three-star commendation (one of RAF/UK Defence’s highest active ranks) for scaling secure remote access to high-security MoD infrastructure. Took my original prototype designed and delivered within 1-month, recognised as a feat achieved by only one professional in the field, and enhanced it into a production-ready dual-hub redundant solution, delivering 8 additional nodes on end-user demand including a dedicated system for the UK Chief Joint Operations (Britain’s top military operational commander overseeing all global Defence missions), and all nodes are now live across active operations. Played a key role in ensuring the Raven system delivered resilient, secure communications on live military operations with a total spend of ~£15 million over five years, providing greater capability at a fraction of the ~£80 million projected cost just to scope/architect a lower-capability alternative, maximising operational effect and value for UK Defence. Technical lead for a £2M dual-site data centre and redundant NOC/SOC hubs, fully configuring the core infrastructure and coordinating Defence and industry partners to complete installation. This architecture now delivers 99.3% critical service availability at each hub site and increased remote-site mission-critical service availability from 92% to 100%, a net uplift of 8%. Architected the system to Secure by Design and Zero Trust principles in compliance with NIST SP 800 series, JSP 440, and JSP 604, ensuring robust protection and interoperability for multi-classification environments. Re-engineered the network architecture to align with service provider standards, significantly improving performance, resilience, and security across all system nodes. Managed a total infrastructure estate inclusive of 151 physical servers, 348 virtual machines, 300+ network devices, and 201 security appliances, ensuring operational reliability and compliance. Transitioned from existing IDS and PCAP tools to Corelight, streamlining workflows for SOC engineers, improving visibility, and enhancing real-time threat detection. Implemented CI/CD pipelines with enhanced Git version control, introducing structured code validation and ensuring secure, traceable deployments across the system. Overhauled backup and disaster recovery processes for MSSQL, VMware, Windows, and Linux, automating tasks and providing visualised insights for first-line operators to improve reliability and speed of recovery. Led technical discussions with VMware to scope and design migration from legacy architecture to VMware Cloud Foundation (VCF) using NSX, vSphere, and vSAN. Defined capabilities, benefits, and migration paths to improve scalability, performance, and security posture of deployed environments. Implemented a dual-site, single-cluster Splunk SIEM infrastructure, now recognised as the strategic analytics platform for Air Command’s deployed networks, funded for ongoing long-term adoption. Led technical engagement with Palo Alto Networks, Cisco, and VMware to test next-generation firewall, SD‑WAN, and SD‑routing solutions and design candidate architectures for the deployed communications stack. Conducted hands‑on evaluation and produced documented architecture options for secure, scalable, and robust remote site connectivity, informing the next evolution of the system’s technology roadmap. Led a 14-member remote recovery team during live operations, restoring CIS services following major equipment failure and ensuring NATO operations could continued without interruption. Enhanced automated system build tooling, enabling parallel environment provisioning, eliminating technical constraints and allowing the programme to scale effectively. Directed the design and rollout of Project ACHERON, a Multi-Domain Operating Area solution adopted by 50+ tri-service users, demonstrating advanced leadership and technical management. Developed a single-pane data fusion solution linking low-cost sensors with high-end air platforms, providing decision-makers with real-time situational awareness and mission agility. Served on the Cyberspace Profession Advisory Team (CPAT) and 90SU Shadow Board, mentoring junior personnel and contributing to the strategic growth of the RAF’s cyber profession.

System Development Engineer

System Development Engineer for the Raven secure deployable communications system, responsible for architecting, and implementing enhancements across the platform to improve capability, reliability, and security for UK Defence users. Combined broad technical expertise with hands-on delivery to develop and integrate new features, streamline operations, and continually evolve the system in line with emerging operational and cyber requirements. Key Achievements/Projects: Developed and implemented a full automation system for deployed site build/configuration, reducing manual deployment time from 3 months to 5 days. Enabled junior engineers to independently manage the process, optimising senior personnel for high-value tasks and directly supported delivery of customer sites across 7 operations and 5 testing exercises all delivered within a condensed timeframe. Awarded the RAF Innovation Award for designing, prototyping, and deploying (within 1 month) a first-of-type clandestine expeditionary UK MoD SECRET solution for non-technical personnel, overcoming bearer-agnostic connectivity challenges on a system not designed for field use. Outperformed industry timelines and remains UK Defence’s sole low-SWaP SECRET capability 2+ years later. Implemented Windows and Linux server automation for reliable scaling and de-scaling of UK hub infrastructure, reducing manual effort and improving operational flexibility. Led a 6-person team to architect and deploy the communications backbone for the UK’s Air Policing mission, ensuring timely delivery of mission-critical digital infrastructure to meet NATO commitments. Applied ITIL principles to introduce enhanced service management processes, improving fault reporting and rectification, critical to the systems success on its first live operations. Trained junior team members on complex fault-finding techniques and Raven system operations, building team capability that directly contributed to successful delivery across multiple operations, exercises, and new feature development.

Solutions Architect

Solutions Architect within the RAF’s RAID Flight, responsible for scoping, designing, and delivering innovative solutions to complex Defence IT problems. Produced formal scoping papers outlining technical options, risks, costs, and recommendations, then led technical delivery, rigorous testing, and documentation. Regularly translated highly technical solutions into clear language for non-technical stakeholders, senior officers, and industry partners, ensuring shared understanding and informed decision-making. Key Achievements/Projects: Provided expert technical support for the interoperability and delivery of advanced communications and information systems, ensuring seamless integration and reliable operation across multiple Defence capabilities. Produced detailed technical documentation, configuration guides, test reports, and implementation runbooks, enabling repeatable delivery and clear communication to both technical and non-technical stakeholders. Independently scoped, designed, and delivered a low-cost solution to remotely control ground-to-air radios for Ex COBRA WARRIOR, engaging with industry partners and authoring a widely circulated report that led to adoption of a new air combat communications capability. Appointed technical lead for interoperability between 90SU’s RAVEN CIS and in-service radar systems, resolving critical faults during Prj GUARDIAN acceptance testing and enabling radar feed sharing to meet timelines for the UK Control and Reporting Centre upgrade. Acted as a mentor and technical guide to junior and senior personnel, providing advanced support on fault-finding, configuration management, and scripting, significantly enhancing the team’s capability and operational readiness. Selected as Subject Matter Expert for the Falcon Early Entry Capability (FEEC), routinely consulted by senior engineers and wider unit support for complex network design and troubleshooting, and mentoring Cpls and SACs on enterprise-grade networking concepts. Led and supported delivery of innovative communications solutions on key exercises and operations, including Ex RAVEN STAG and Op AGORA, contributing to a 4-star Multi-Domain Integration demonstration that influenced future capabilities later deployed on operations, including support to Police Scotland during COP26. Worked closely with industry partners to assess and prove tactical communication system solutions, shaping the implementation of cutting-edge CIS technologies for RAF operations and ensuring cost-effective, mission-aligned outcomes.

Network Engineer

Deployed network engineer responsible for designing, implementing, and operating secure communications infrastructure in austere environments, typically supporting 50–250 end users per site. Provided the backbone connectivity that enabled air operations to function, ensuring networks were robust, resilient, and secure through proactive monitoring, fault-finding, and close coordination with UK-based data centre teams and operational leads. Rapidly progressed to lead network engineer on an overseas operational tour after only one overseas exercise, reflecting strong technical ability, reliability, and leadership under pressure. Key Achievements/Projects: Ranked in the top 2% of 189 engineers within TCW and recognised as a go-to technical lead, demonstrating performance at a level expected of more senior ranks. Designed and deployed secure network infrastructures for multiple exercises and operations, establishing IPsec VPN links over varied underlay networks to provide reliable, protected reach-back to UK infrastructure. Implemented secure distributed access for users via RSA SecurID physical tokens, strengthening authentication and overall network security posture. Led resolution of complex network incidents in live operational environments, minimising downtime and maintaining continuity of mission-critical communications. Conducted proactive monitoring and preventative engineering to identify and address issues before they impacted operations, enhancing resilience for deployed sites. Acted as primary liaison between deployed sites and UK-based stakeholders, providing clear, timely updates during both routine operations and critical faults to ensure informed decision-making. Mentored and trained junior engineers, including newly posted personnel, accelerating their readiness and increasing the unit’s overall technical capacity. Utilised advanced troubleshooting techniques and tooling to diagnose and fix connectivity and performance issues, ensuring high availability for operational networks. Applied cybersecurity best practices across deployed environments to safeguard sensitive information and maintain the integrity of communication channels.