Then …

Security Work

An opportune phone call from a very insistent Recruitment Consultant – “I can definitely get you an interview tomorrow if you’ll allow me to send your CV in – you’re a perfect fit for the role they have”; as an IT contractor I had heard it all before and had had hopes dashed previously – Gary was insistent and I relented.

At the time I was teaching “Santa Cruz Organisation” UNIX 5 day courses to the public – not rivetting, but I met some lovely people and learnt a great deal about human nature and computer operating systems! Based in Norfolk with a young daughter and working two weeks in London just about kept our heads above water with time to enjoy life.

Interview the following week – accepted the contract on the spot – bought Gary supper and celebrated with a few beers

An Opportunity

Life has a habit of throwing curved balls occasionally, and, in 1999, I took what I thought was a six month “technical lead” contract with the Foreign and Commonwealth office based out of a location in Buckinghamshire as a technical lead on SCO Unix and a UNIX based Office product “Uniplex”.

The contract was part of a massive world-wide infrastructure upgrade to the UK communications and IT systems they had planned, designed and tested; the very nature and locations of the work called for small teams of high security cleared people to travel with all equipment and supplies while maintaining the highest level of security.

As part of a fifteen person UK based team, I spent the next eight years involved in the project, circumnavigated the world on at least three separate variants working in some of the most highly sensitive and challenging UK government offices across the globe; working alongside different people, different politicians and diplomats; locally employed people and UK based ‘staff’ – it was a challenging and stressful time critical job.

During the ‘local’ weekend, we had to physically remove all of the IT equipment, wiring and data – replace or rebuild every piece of kit, migrate and clean all the old data, install new servers, new software, new security devices – and have everything up and running for the first working day – stressful and pressurised work.

All redundant equipment was securely destroyed, all redundant data was electronically shredded – all UK returning items were re-bagged for the Diplomatic mail system.

All of our work was carried out under strict security requirements and watching eyes.

Towards the end of the contract period, I moved to managing some of the installation projects for the next wave of upgrades – based in the UK and liaising between designers, client requirements, overseas office constraints, airlines – ensuring that the required equipment (down to the last Cat5 cable) and correct team members were on-site on the correct date; all equipment travelled via Diplomatic bag mail, sometimes we had to charter an entire aircraft to take everything to certain countries.

Alongside the usual Diplomatic work requirements we were often sub-contracted to other UK offices overseas on similar projects and occasionally we worked with ‘close protection teams’ for our security.

During the project life span, I went around the world at least three times and I can count the countries I didn’t visit on two hands – rich, exhausting, rewarding with fascinating people and endless hard work.

Due to the very nature of the work, I cannot supply details of what work we did, where we did the work, who the clients were, neither can I detail who I travelled with – suffice to say I dealt with some wonderfully funny, intelligent and generous people – happy times.

More Security Work

After all the travel, I decided enough was enough and returned to the Norfolk countryside with the intention of offering my wealth of security expertise to local companies and subsequently found an eager market in London and the Midlands

To ensure credibility with clients and the security industry I sat and passed the Certified Information System Security Professional (CISSP) exam factored by (ISC)2 followed by the Certified Ethical Hacker (CEH) course and exam factored by EC-Council

Whether it was configuring security equipment, working with other consultants on specialist work packages, writing specific security policy documentation, presenting Security Awareness programs to company employees or to the Management teams, training security staff, running email ‘phishing campaigns’, helping with vulnerability analysis and accreditation for the company (Cyber Essentials, Cyber Essentials Plus or Penetration testing) – all were roles I found stimulating and enjoyable.

As a consultant I’m happy to work alone, or as part of a small group of specialist consultants, on specific areas of data security – currently I am working alongside a very specialised ‘web site security’ consultant on a couple of large company projects.

My Current Availability

Always happy to discuss security issues, requirements and solutions with SME companies – those companies that are thriving within their sector and are fully engaged but have little time or budget left to ensure the stability and safety of their business data and systems.

Available for interesting projects – contact in the first instance – Chatham House Rule

Qualified CISSP (Certified Information System Security Professional) and fully insured for the nature of my work

David Higgins, CISSP   –   +44 1603 673787   –   Autumn 2019