Jonathan Crawford
Enterprise / Solutions / Security Architect
07815 813841 / jonathan@securICT.net
Profile
A driven, motivated, results-focused Enterprise / Solutions / Security Architect with SC Security Clearance and extensive experience within the Public Sector, Telecoms, Utilities and Financial sectors. Vast experience in Enterprise / Solutions / Security Architecture, cost reduction, solutions design, IT infrastructure, business process planning, IT strategy, service delivery, troubleshooting, systems implementation, security models and requirements gathering.
Skills Matrix
Enterprise architecture | security architecture | security consultancy | solutions architecture | IT solutions | solutions integration | IT infrastructure | infrastructure management | infrastructure services | solutions design | solutions implementation | implementation management | cost savings | cost reduction | financial control | budget management | bid management | business process planning | process management | process engineering | relationship management | team management | IT systems | systems design | systems implementation | IT strategy | strategy delivery | strategy implementation | strategy management | IT services | service delivery | troubleshooting | technical assurance | business requirements | IS security | IS strategy | ISO27000 | cloud architecture | cloud security | cloud solution design | cloud implementation | cloud adoption | hybrid cloud | AWS | Azure
IT Skills
Enterprise & Data Centre Infrastructure – Windows Server, Active Directory, VMware; IP networking and protocols – DNS, DHCP, PXE, VPN, LDAP, RDS, ICA; Desktop virtualisation – Citrix XenApp, XenDesktop, AppSense, App-V,VDI; Mobility – BlackBerry, Juniper VPN, RSA SecurID, ActivSync; HMG Security Solutions – X-Kryptor, AEP, Becrypt, Bit Locker, PKI, GAP OS hardening, IDS/IPS; HMG ICT strategy – PSN, G-Cloud, EUD, OSS, Open Standards, GSC, MS Office365, Amazon Web Services (AWS), Microsoft Azure, Azure Stack, UKCloud, Navisite.
Personal Attributes
- Ambitious Enterprise / Solutions / Security Architect with outstanding strategic vision and professional application
- Hardworking, trustworthy and results orientated with clear focus and direction
- A strong team leader who isn’t afraid of hands on involvement and responsibility
- Talented and able to add value whilst enhancing creative vision
- Confidently interfaces with clients to maintain and increase customer satisfaction
- Utilises initiative and drive to instil passion and intelligence into every task undertaken
- Positive thinker with the capability to motivate teams at all levels
- Understands the importance of achieving targets and surpassing client expectations
Career History
6point6 – Cloud Security Architect Feb 2022– Current
Senior security architect working on the largest AWS account in Europe for a major government client. Reporting directly to the Head of Cyber Security, and working with multiple delivery partners I was responsible for ensuring delivery cadence was not negatively impacted by cyber assurance. Ensuring good security posture was maintained in a rapidly evolving, primarily microservices-based cloud environment. Entrusted with ensuring delivery of a number of high profile, PM priority initiatives, remained within departmental risk appetite in challenging situations. Provided solution design services for sensitive projects. Guided the security design of the client’s digital forensics environment, ensuring compliance with new regulation. Provided technical security design assurance for global customer contact centres in 143 countries, ensuring design compliance with data residency regulation in overseas jurisdictions. Challenged existing ways of working through promoting enterprise security architecture practices. Driving standardisation through security architecture pattern development and reaching out across client portfolio’s to ensure broad strategic alignment and where possible reuse. Driving forward the organisational standards for authentication and authorisation enabling better business outcomes through adoption of new technologies. Responsible for the design and deployment of the first workload onto the client’s new AWS platform. Working closely with the platform team to identify, and resolve the challenges associated with being the first on-board. Active member of portfolio governance boards. Informally guiding and mentoring of the wider cyber security team.
Methods – Cloud Security Architect Mar 2021– Dec 2021
Security lead for a DevSecOps engagement delivering an appstack platform underpinning a data mesh architecture in AWS for a major Government Client. Responsible for all security aspects of the delivery including; derivation of security & privacy requirements, alignment with client / HMG policies and standards, authoring solution options papers for security enforcing functions, review of design governance artifacts, risk assessment and client risk presentation. Guided the establishment of a secure software development lifecycle facilitating continuous integration / continuous delivery of Teraform IaC through security enforcing pipelines. Designed security control sets aligned to NIST 800-53 and ISO27k with centralised logging, audit and forensic readiness capabilities and a roadmap for integration with emerging client SOC capabilities and services.
Developed and owned the relationship with the client’s Enterprise Risk, and Security Architecture teams, driving the formal information assurance of the tenant architectures and securing SIRO sign-off for all environments in advance of project timelines. This was achieved through integrating the security “shift-left” paradigm into the client’s existing Enterprise Security Risk Management process, creating a streamlined, iterative assurance process supporting continual development, iteration and solution maturity levels.
Championed the adoption of policy as code, to enforce security and compliance standards across all phases of the development lifecyle, with automated remediation in the runtime environment.
UK Home Office – Cyber Security Architect Feb 2019 – Dec 2020
Responsible for establishing and maintaining all aspects of a security architecture facilitating the migration of National Policing systems into the AWS cloud. This included developing the architectural design patterns, assurance wrap and operational procedures, that have allowed programs across Home Office to utilise AWS CloudHSM, delivering cost savings and enabling continuity of crypto services throughout COVID BCP. Managed the assurance of AWS services with National Policing Information Risk Team. Developed policy, standards, procedures and guidelines for the cloud paradigm. Designed architectural patterns, and reviewed partner designs. Introduced cloud enabled security enforcing functions such as automated remediation of security incidents. Developed robust protective monitoring usecase testing procedures. Conducted risk assessment of products and services to be integrated into the platform. Supported the operational security team and fulfilled a security incident response escalation role. Developed a model providing tracibility of risks to mitigating controls within the client’s EA tooling. Promoted the adoption of quality controls and processes to streamline assurance and minimise vulnerabilities. Developed stake holder relationships in support of continual assurance of the solutions being delivered. Designed and executed high assurance processes and procedures for the commissioning / decommissioning of crypto-services and secure sanitisation of National Policing data from cloud environments to a standard accepted by the National Police Auditors.
BAE Systems Applied Intelligence – Cyber Security Consultant Aug 2018 – Dec 2018
Engaged on a short term contract reporting directly to the CSO, conducting an independent, internal, Enterprise Cyber Security review. Given full autonomy of approach, the review was delivered through a series of interviews with key business, technical, and information focussed stakeholders. The report and recommendations were delivered on schedule and within budget, for board briefing in December.
Developed outline project plan to to deliver the recommendations made within the Enterprise Cyber Security review.
Co-authored AI’s 2019 Cyber Security Strategy and produced supporting presentation for board briefing.
Developed guidance for the practical application of the new BAE Group Security Incident Response capabilities with Applied Intelligence.
Dept for the Environment, Food and Rural Affairs (DEFRA) – Lead Security Architect Jan 2018 – June 2018
As part of the Senior Management Team, formed and led a small team of security architects responsible for driving the security assurance activities for the Defra’s £1.67B UnITy ICT consolidation programme, a key enabler for Defra’s 2020 strategy.
Streamlined and standardised the assurance process across multiple vendors through the procurement, and into the implementation phases of the programme. Developed and refined standard information assurance artifacts and governance processes that were adopted and reused Defra Group-wide.
Guided suppliers ensuring their alignment with ISO 27001/2, NCSC’s Cloud Security Principles, Defra and other applicable policies and standards, across End User Compute, Hosting, Cloud, Office 365 and Network domains.
Managed stakeholder relations within the programme and with the wider Security Operations and Accreditation team, Data Protection and other BAU functions, through challenging times with aggressive programme delivery timescales.
Represented the team and wider security community in various programme governance forums, at various levels, from senior management team through to technical systems integration working groups.
Managed the delivery of security architecture capabilities, ensuring deliverables were aligned with business maturity and needs.
Metropolitan Police Service – Technical Assurance Manager May 2017 – Jan 2018
Responsible for technical assurance live service change, whilst supporting continued systems development for a suite of private community cloud applications providing comms data acquisition services in support of UK counter terrorism activities, serving the UK-wide law enforcement, intelligence and other HMG user communities.
Providing technical support and guidance for the ITIL change, incident and problem management functions. Managing technical incident resolution across multiple suppliers and consumers in a complex end-to-end environment.
Redesigned the operational patching procedures for application and O/S, minimising systems maintenance windows and ensuring rapid remediation of any vulnerabilities. Established platform on-boarding and off-boarding processes to ensure consistency in the introduction of new functionality in rapidly evolving platform.
National Crime Agency – Assurance Lead / Enterprise Architect Aug 2013 – Mar 2017
Assurance lead of a multi-discipline team responsible for assuring the work of the Agency’s Systems Integrator through a complete ICT tech refresh and modernisation program. Responsible for technical assurance of the design and delivery of key infrastructure elements including networks & gateways, VMware ESX / Oracle OVM apps hosting platform, centralised XenApp based published desktops and a distributed, fully managed, Windows 7 desktop in a multi-impact level (OFFICIAL / SECRET) environment. Developed technical and service designs for MS Office “User developed content migration” service to ensure business continuity through MS Office upgrade.
Guided and assured the delivery of the Agency’s first widely available mobile remote access solution in support of the strategic mobilisation goals, whilst working with the business to identify and restrict access to information assets and systems deemed not for consumption outside of the Agency’s controlled physical environment.
Guided and assured the development of a Protective monitoring capability to meet the requirements of GPG13 within the “Detect and Resist” space of the segmentation model that incorporated long term accounting store to evidential standards, event feeds to an outsourced Security Operations Centre for real-time monitoring, an Investigation Management capability, including machine data analytics and reporting as well as endpoint covert live monitoring capability and Intrusion Detection and Prevention in both the network and on the endpoints.
Actively participated in the development of the Authority’s 5-year ICT strategy as part of a team, building an in-house architecture function from the ground-up within a newly formed CIO office; defining terms of reference and building upon that to deliver an enterprise architecture function to support the business desire to strongly embrace technology as an enabler for the disruption and reduction of serious and organised crime.
Provided support, advice and guidance to business led workstreams enabling them to on-board new capabilities whilst ensuring they remain within the constraints of the Agency’s risk appetite and fully integrated with enterprise-wide services. Ensuring that, where supplier boundaries were crossed, the solutions functioned, technically and contractually to as to appear “as one” from a service and user perspective.
Fivium – G-Cloud Consultancy Services May 2013 – June 2013
Short-term contract to help Fivium, a software development house, develop their “on-premises” workflow platform into a G-Cloud Platform as a Service (PaaS) product offering. Responsible for working with PGA accredited IaaS providers and Fivium to help them select their strategic partner for this venture and for assisting them develop their first SaaS offering to be hosted on this platform. Suppliers were assessed against a capability framework developed around the technical, service and commercial requirements for the platform.
Department of Trade and Industry / BERR / BIS – Security / Technical Architect Nov 2004 – Mar 2013
Security Architect / Technical Architect acting as a trusted advisor to C-level executives. Technically responsible for the delivery of the IT strategy and it’s alignment with the HMG strategy. Identified products and services that enabled BIS to transition to an information-centric security model allowing greater business agility through Cloud adoption, lowering the costs of the IT service. Worked with GCloud providers, Open Source vendors and Cabinet Office to develop a new GCloud Electronic Document & Records Management product offering saving BIS £9.5M p.a. when compared against their existing SI delivered solution, whilst breaking the integrator lock-in and providing pan-PSN and “public” document collaboration services. Technical Lead for the programme responsible for the replacement of entire IT estate. Co-developed a PoC environment for Statistician’s delivering result sets up to 100 times faster than their existing solution, through consolidation and single instancing of data, optimised data processing with SAN and thin client architecture. Managed the troubleshooting of problematic systems for a number of BIS delivery partners, where they did not have an internal robust technical assurance capability to challenge their suppliers.
Additional responsibilities and achievements as Security Architect / Technical Architect included:
- Introduced a managed PKI solution and S/MIME into BIS to support the user need for securing e-mail with business partners. The solution was also taken up by our sister department, DECC
- Developed a Smartphone based solution that would enable use of captive portal (a.k.a. challenge broadband) Wi-Fi with X-Kryptor protected laptops. Productionised by FJ and is currently in use by DECC
- Technical management of a project that added synchronous DR capability to the UK’s Export Control Licensing system
- Responsible for the technical assurance of the department’s infrastructure, including the creation and hosting of two new government departments, DIUS and DECC. Responsible for the integration DIUS and BERR into BIS in a later Machinery of Government change
- Responsible for the development and design of a 1500 seat, secure thin client remote computing environment, offering core application access from personally owned devices, anywhere within the UK – a first within HMG
- Further developed this solution to deliver a fully hosted virtual desktop infrastructure (VDI) to a bootable, USB thin clients and XenClient Enterprise trusted end-points. Solution available to authorised users globally
- Responsible for the solution design and security architecture for the first BlackBerry implementation in UK government accredited to handle up to and including RESTRICTED information
- Designed, developed and prototyped a 750 seat Memo 35 compliant mobile computing solution for securely accessing RESTRICTED systems from anywhere using 3G, GPRS and Wi-Fi
Centrix Networking – Technical Architect Apr 2004 – Oct 2004
Technical Architect responsible for the definition, development and implementation of a security engagement methodology and product set for new security practice within Centrix. Managed the technical relationship with Norwich Union Life in support of their business process off-shoring. Other Technical Architect duties:
- Pre-qualification of applications suitability for SBC delivery, assessing performance, security, and integration
- Re-engineered and optimised customer applications to run within the Citrix SBC environment
- Developed design proposal for MS PKI solution to facilitate code signing of VBA based applications to reduce platform vulnerabilities
- Acted as Solution and Platform Design Reviewer
Internet Designers Limited Sep 2000 – Apr 2004
BT Global Services – Solutions Designer Apr 2003 – Apr 2004
Conducted pre-sales SBC technology demonstrations for potential customers as well as executing TCO savings analysis and presenting to the BT Group strategy. Designed, integrated and implemented a multi-site, pan-European Citrix Metaframe farm delivering applications services to a global user base scheduled to scale to in excess of 10,000 users. This included the design, management and delivery of the integration with BT’s Corporate AD and BT Security Evaluation and Certification Scheme (BTSECS), their data centres’ existing OSS stack, their web portal development, and compliance with group design strategy.
BT OpenWorld – Security Architect Aug 2002 – Apr 2003
Security Architect responsible for the development of all security policies and the compliance model for a “carrier” network (circa 300k concurrent users) supporting IP dial and broadband for BT and its tier-two ISP’s. Developed and implemented proposals for infrastructure security evaluations. Other Security Architect duties included:
- Conducted vulnerability assessments and penetration tests, presenting findings to customers
- Formulated remedial action plans, and the “get safe, stay safe” policy
PSNI – Bid Leader / Delivery Manager Jan 2002 – Aug 2002
Conducted pre-sales technical meetings with BTNI and PSNI, and developed solutions. Managed post-bid technical enquiries and implemented accepted proposals, including a multi-site distributed Citrix Metaframe solution.
BT Ignite Content Hosting – ASP Solutions Designer Sep 2000 – Dec 2001
Designed, developed and deployed Metaframe and Active Directory infrastructure services. Responsible for the ASP License management and design of real-time session logging to support the ICH billing process.
TXU Europe – Technical Design Authority 1997 – 2000
Held full people management responsibility for a team directly responsible for the technical infrastructure supporting in excess of 8000 desktops and 300 servers, for a multi-national energy utility. Team duties included NT4 work station and server environment / builds, I*Net technologies, IP networking, product / solution development, IS security, formulating IS strategy to enable business objectives to be met, remote access, and anti-virus.
- Negotiated £40K savings in software licensing Eastern’s anti-virus software through product consolidation
- Sourced, designed and implemented an on-demand Internet VPN remote access solution that gave ROI in less than 2 months and afforded £96K pa coat savings thereafter
- Introduced “Network Appliances” into Eastern’s product portfolio
- Designed a secure Treasury IS system that is responsible for overnight investments of circa £1Bn with individual transactions in excess of £10 million
- Designed, planned and delivered a VPN solution to link US, Australian, and European internal networks to facilitate, single internal e-mail system, international hot-desking, and intranet consolidation
Qualifications
- TOGAF 9.1 Certified
- SABSA Chartered Security Architect (SCF)
- Certified Information Systems Security Professional (CISSP)
- Certified Cloud Security Professional (CCSP)
- Certified Secure Software Lifecycle Professional (CSSLP)
- DevSecOps Foundation (DSOF)℠ Certification
- AWS Security Specialty
- AWS Certified Solutions Architect – Professional
- AWS Certified Solutions Architect – Associate
- AWS Certified Developer – Associate
- AWS Certified SysOps Administrator – Associate
- Microsoft Certified: Azure Solutions Architect Expert
- Microsoft Certified Solutions Expert: Cloud Platform and Infrastructure (MCSE)
- Cloud Industry Forum Certified Professional – Advanced (Level 2)
- Citrix Certified Enterprise Administrator (CCEA)
- Microsoft Certified Professional (MCP)
- Microsoft Certified Systems Administrator (MCSA)
- Microsoft Certified Systems Engineer (MCSE)
- Softricity Certified Professional (SCP)
Education
Anglia Ruskin University – HNC Electrical and Electronic Engineering
Professional Associations
The Chartered Institute of Information Security – Founder and Associate Member (ACIIS)
The Institution of Engineering and Technology – Member / Incorporated Engineer (MIET, IEng)
Hobbies and Interests
Away from my career as a Enterprise Architect / Security Architect I enjoy spending time with my family, skiing, playing squash and mountain biking. I also have a keen interest in home cinema and multimedia.
Download résumé in Word format here Jonathan Crawford-CV-Sep 2024