Profile : Dave Marsh, CLAS M.Inst.ISP CISSP*
Dave is an internationally recognised technical IT security consultant, auditor and implementer with over 19 year's experience in the information security industry, his key skills are:
- High security systems architecture, design and development including PKI and PKO infrastructures, cryptography, high value data asset protection and key management.
- ISO27001 consultancy – audits, workshops, training and compliance reviews.
- PCI DSS compliance – gap analysis, tailored training and awareness programmes.
- Security audit and compliance consultancy – audits and risk assessments conducted to ISO27001/PCI DSS or any internally adopted standards as required.
- Vulnerability assessments, penetration tests and fraud investigations.
- Security policy formulation in line with a companies selected compliance strategy, and the subsequent derivation of appropriate standards and procedures.
Audit and Compliance Assignments for: Mitsubishi UFJ Securities, Sainsbury's, London Stock Exchange, HSBC, Marks and Spencer, Euroclear, Friends Provident, Trinity Mirror plc, Kuwait Finance House
- Major audits of entire Windows and UNIX estate and network infrastructure for Mitsubishi. All systems were audited against local security policies, which were based on ISO 17799.
- Many audits performed for Euroclear Brussels on systems and network infrastructure to a number of international and banking standards.
- Security audits and risk assessments performed for HSBC, Marks and Spencer, Friends Provident and Trinity Mirror plc.
- Penetration testing and vulnerability assessments performed for Mitsubishi, London Stock Exchange, Friends Provident, Kuwait Finance House.
- Complete new set of Security Policies developed for Sainsbury’s to help achieve their goal of being both ISO 27001 and PCI compliant.
Security Systems Architected and Implemented for: HSBC, BP, ABN-AMRO
- Architected, designed and implemented "HSBC Connect" for HSBC's largest 300 global customers. Live since 2002, this system is licensed to HSBC on an on-going basis to provide HSBC's highest-value payment transfer system.
- Designed and implemented the BIPS payment protection system for BP which currently protects over £3 Billion/day in international transfers. The system, using military-grade cryptography, guarantees outgoing payments can only be made to valid beneficiaries.
- Architected, designed and implemented the Digital Cryptographic Security Agent (DCSA), which provided the underlying security services for ABN-AMRO's home banking system.
Security Consultancy and Training for: Central Bank of Oman, nCipher, Nationwide Building Society, Norwegian Lottery Systems, BP, HSBC
- Wrote a one-day Information Security Seminar for the Central Bank of Oman and delivered the seminar to the CEO's and CFO's of all the banks operating in Oman.
- Wrote and delivered all nCipher's Hardware Security Module (HSM) training from 2003-2008, training customer operations, key management and programming staff.
- Wrote and delivered a custom PCI DSS training course to 60 of Nationwide's key staff.
- Provided Norwegian Lottery Systems with Security Policies and Procedures to ensure compliance with ISO 27001 across their infrastructure.
- Custom security training courses written and delivered for HSBC and BP.
*CLAS – CESG Listed Advisor, cleared for access up to, and including, SECRET
M.Inst.ISP – Member of the Institute of Information Security Professionals (Id: A11361)
CISSP – Certified Information Systems Security Professional (Id: 96583)