About
Versatile, personable, analytical, senior Business, IT & Security consultant…
Articles by Tim D
-
Celebrating 800 years of Information Security!
Celebrating 800 years of Information Security!
By Tim D Williams
Contributions
-
Here's how you can navigate complex cyber attacks like network security experts.
It's well known that cyber "Attacks always get better; they never get worse" (1). This means that continuous improvements are needed in cyber protection, detection, response and recovery measures. Furthermore, the EU DORA regulations (2) require regular testing of response and recovery. Even IT companies outside Financial Services are affected. References: 1. Holz, R., Sheffer, Y. and Saint-Andre, P., 2015. RFC 7457 Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). Available at: https://tools.ietf.org/html/rfc7457#section-1 2. European Union. The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32022R2554
-
Here's how you can navigate complex cyber attacks like network security experts.
Arguably the most important consideration when a complex cyber attack incident is detected or suspected is human communications. It is critical to nominate competent and well-trained people to act as the points of contact for external and internal communications because miscommunication can increase the adverse technical and business impacts; while effective communications can mitigate the severity and duration of adverse technical and business impacts. While during any cyber attack there will always be uncertainties about the cause(s), the extent and the implications, keeping cyber incident communications specialists fully briefed will ensure accurate, balanced, trustworthy and timely updates are provided and PR disasters avoided.
-
Here's how you can navigate criticism and feedback in an information architecture interview.
Before responding to criticism and feedback in an IA interview, it is important to buy yourself enough time to reflect thoughtfully, bearing in mind that almost everything said has potential to be ambiguous or have unstated contextual connotations. Even the term "Information Architecture" means different things in various contexts: from people-centric User Experience (UX) design; through corporate-centric structural and strategy/policy concerns; to technical matters of data encoding/decoding/processing. To create thinking time, first ask clarifying questions demonstrating your awareness of potential ambiguities. This will not only help you to answer well but should also help interviewers to recognize your deep IA knowledge and skills.
-
What are the top conferences to attend when starting a career in Systems Engineering?
I'd people early in their Systems Engineering careers first to attend conferences close to home to establish in-person professional networks before attempting international travel. I'd also recommend sampling different specialist conferences (rather than generalist ones) to find out what communities stimulate most personal motivations. While in the long run, most Systems Engineers are likely to want to get involved with INCOSE and the IEEE, particularly local chapters, other professional organizations including ACM run relevant conferences. A great site for locating relevant conferences is http://www.wikicfp.com/cfp/ e.g. ASE 2024 in Sacramento, CAiSE 2024 in Cyprus, ECMFA 2023 in the UK, MODELS 2024 in Austria, TACAS 2024 in Luxembourg etc
Activity
-
Hosting BCS, The Chartered Institute for IT Information Security Specialist Group Secure by Design and Offensive Security Consultancy with Dean…
Hosting BCS, The Chartered Institute for IT Information Security Specialist Group Secure by Design and Offensive Security Consultancy with Dean…
Liked by Tim D Williams
-
Twilio says hackers identified cell phone numbers of two-factor app Authy users Last week, a hacker claimed to have stolen 33 million phone numbers…
Twilio says hackers identified cell phone numbers of two-factor app Authy users Last week, a hacker claimed to have stolen 33 million phone numbers…
Liked by Tim D Williams
-
IT’S ALL GREEK TO ME: The Six Patents That Laid The Foundations of Cybersecurity. All of our cybersecurity spin-outs have had patents associated…
IT’S ALL GREEK TO ME: The Six Patents That Laid The Foundations of Cybersecurity. All of our cybersecurity spin-outs have had patents associated…
Liked by Tim D Williams
Experience
Education
Licenses & Certifications
-
-
-
-
-
-
MBPsS - Member of The British Psychological Society
The British Psychological Society
IssuedCredential ID 498445 -
FBCS - Fellow of the British Computer Society
BCS, The Chartered Institute for IT
IssuedCredential ID 990312586 -
-
-
-
-
MIET - Member of the Institution of Engineering and Technology
Institution of Engineering and Technology (IET)
IssuedCredential ID 1100188982 -
-
ITIL® Foundation Certificate in IT Service Management, 2011 Edition.
BCS, The Chartered Institute for IT
IssuedCredential ID 00205568 -
-
CISMP - Certificate of Information Security Management Principles (Distinction)
BCS, The Chartered Institute for IT
IssuedCredential ID 00201418 -
Introduction to Threat Assessment
ETAGGUS
Issued -
-
-
-
-
-
-
-
-
-
-
-
-
-
CESG Certified Professional (CCP) Security & Information Risk Adviser (SIRA) Senior Practitioner
BCS, The Chartered Institute for IT
Issued ExpiresCredential ID CS100000497/SIRA/SP -
-
-
-
-
-
-
CLAS - CESG Listed Advisers Scheme
CESG
Issued Expires -
Volunteer Experience
-
Examination board member
(ISC)2
- Present 12 years 11 months
Science and Technology
Examination board member for the CISSP, ISSAP (Security Architecture), ISSEP (Security Engineering), ISSMP (Security Management), HCISPP (Healthcare Information Security & Privacy) and CCSP (Cloud Security) certifications. By virtue of being involved in examination setting, excluded from involvement in training related to these certifications.
-
Working Group Member
CLAS Policy & Tools Working Group
- 4 years 8 months
Science and Technology
Contributor to continuous review and improvement of UK government information security policies.
-
Events Coordinator
(ISC)² Thames Valley Chapter
- 4 years 7 months
Science and Technology
The Thames Valley Chapter of (ISC)2 promotes information security understanding throughout Oxfordshire, Berkshire, Buckinghamshire, Surrey & North Hampshire. Anyone interested in learning about information security or supporting others is welcome to join as a member or simply attend our free sponsored public events. As the Chapter's Events Coordinator & Webmaster (http://isc2chapter-thamesvalley.co.uk/pages/events.html) I collaborate with others to put on 4 public events per year. Please…
The Thames Valley Chapter of (ISC)2 promotes information security understanding throughout Oxfordshire, Berkshire, Buckinghamshire, Surrey & North Hampshire. Anyone interested in learning about information security or supporting others is welcome to join as a member or simply attend our free sponsored public events. As the Chapter's Events Coordinator & Webmaster (http://isc2chapter-thamesvalley.co.uk/pages/events.html) I collaborate with others to put on 4 public events per year. Please contact me with event content ideas, recommendations, speaker recommendations, speaker self-nominations and offers of support/sponsorship.
http://isc2chapter-thamesvalley.co.uk/pages/officers.html
http://isc2chapter-thamesvalley.co.uk/pages/events.html -
Information Security Specialists Group (ISSG) Committee Member
BCS, The Chartered Institute for IT
- Present 8 years 11 months
Science and Technology
Supporting the important work that BCS-ISSG does in promoting information security knowledge, professionalism and awareness.
-
Secretary
(ISC)2 Thames Valley Chapter
- 2 years 5 months
Science and Technology
Initially elected by fellow members of the Chapter leadership team to act as Interim Secretary to ensure that this role was covered in the lead up to the election of new Officers at the Annual General Meeting (AGM) in October 2016. Subsequently elected as Secretary by the Chapter's members who attended and voted at the AGM.
http://isc2chapter-thamesvalley.co.uk/pages/officers.html -
Manchester Gold Mentor
The University of Manchester
- Present 8 years
Education
Providing personal coaching and advice to undergraduate and postgraduate students through a small number of individual introductions facilitated by the Manchester Gold programme.
-
Cyber Security 2017 Programme Committee Member and joint Industry Chair
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC.ORG)
- 10 months
Education
Member of Programme Committee and Industry Chair for the Cyber Security 2017 Conference held in the Connaught Rooms, London, UK on June 19-20, 2017.
http://c-mric.org/index.php/cs-committee -
Cyber Security 2018 Programme Committee Member and joint Industry Chair
Centre for Multidisciplinary Research, Innovation and Collaboration (C-MRiC.ORG)
- Present 7 years 2 months
Education
Member of Programme Committee and Industry Chair for the Cyber Security 2018 Conference to be held on June 11-12, 2018 in Glasgow, Scotland, UK
http://c-mric.org/index.php/cs-committee-2018
Publications
-
Making Cybersecurity Sustainable
Whitehall Media
This presentation made the case for the importance of sustainability in cybersecurity planning, asking far-reaching questions including:
• How balanced is cybersecurity growth?
• Are we satisfying genuine human needs?
• Do we have the right balance between ”radical inventions” and “conservative inventions” ?
• Are we supporting the right technology transfers?
• Do we adapt the technology style to emerging opportunities?
• Have we built up too much momentum in particular…This presentation made the case for the importance of sustainability in cybersecurity planning, asking far-reaching questions including:
• How balanced is cybersecurity growth?
• Are we satisfying genuine human needs?
• Do we have the right balance between ”radical inventions” and “conservative inventions” ?
• Are we supporting the right technology transfers?
• Do we adapt the technology style to emerging opportunities?
• Have we built up too much momentum in particular technologies, constraining agility and resilience?
This presentation was influenced by the 1987 paper by Thomas P. Hughes titled "The evolution of large technological systems. The social construction of technological systems: New directions in the sociology and history of technology. -
The Value of Threat Modelling
Royal Holloway, University of London (RHUL)
Original text of summary article explaining the value of threat modelling which is due to be published by Computer Weekly and which was derived from MSc thesis on "The Value of Threat Models in Enterprise Security Testing of Database Systems & Services".
Other authorsSee publication -
The Value of Threat Models in Enterprise Security Testing of Database Systems & Services
Royal Holloway, University of London (RHUL)
Thesis submitted as part of the requirements for the award of the MSc in Information Security at
Royal Holloway, University of London which explores the value of threat models in organisation-wide security testing of database systems and services.Other authorsSee publication -
Consumer-Technologien im Gesundheitssektor: Wo liegen die Herausforderungen für die IT-Sicherheit?
All-About-Security.de
German professional translation of "Consumer technologies in healthcare - what are the security challenges?" originally published by Computer World UK.
-
Consumer technologies in healthcare - what are the security challenges?
Computer World UK - (ISC)2's Infosecurity Voice blog / IDG Inc.
Consumer-oriented technologies and services have already established a foothold in healthcare. Consumer technologies can improve patient care, reduce costs and allow healthcare organisations to offer new services. However use of consumer technologies presents healthcare with three main challenges:
1. Clinical safety;
2. Privacy and personal data protection;
3. Information security and privacy education. -
IT-Sicherheit und Datenschutz im Gesundheitswesen
All-About-Security.de
German professional translation of English original document making the business case for wider adoption of (ISC)2's new Healthcare Information Security and Privacy Professional (HCISPP) certification as an international baseline personnel standard qualification for Healthcare sector workers whose job roles include Security and Privacy responsibilities.
-
Healthy scepticism
SC Magazine
Informative 3 page online article written by Tony Morbin, SC Magazine's Editor-in-Chief containing quotes from a number of commentators on the NHS Care.data project including: Dr Tony Calland of the BMA, John Taylor of NHS Wales, Phil Robins, Brendan Rizzo, Sarb Sembhi, Steve Armstrong, Chris Philips and Graeme Orsborn.
On page 2 of 3, I am quoted by Tony Morbin on security, privacy and public trust issues related to the NHS Care.data project.Other authors -
-
IT Security and Privacy in Healthcare
Health Management (ISSN 1377-7629) Volume 14 Issue 2/MindBYTE Communications Ltd
Foundational credentials for healthcare IT professionals are being introduced which aim to improve care, safety and workflows and reduce risks of institutional liabilities.
http://www.imagegently.org/Portals/6/GlobalResources/Health%20Management%202014%20Article.pdf -
Why healthcare urgently needs certified security professionals
Computer World UK - (ISC)2's Infosecurity Voice blog / IDG Inc.
Information security risks in healthcare are growing as ever greater use is made of information technology to improve care outcomes. While there are undoubtedly medical benefits to increased sharing of medical information, given the number and diversity of healthcare organisations, it is becoming increasingly difficult to sustain trust. There is a strong business case for assigning Information Governance duties to people who have proven through their knowledge, experience and personal…
Information security risks in healthcare are growing as ever greater use is made of information technology to improve care outcomes. While there are undoubtedly medical benefits to increased sharing of medical information, given the number and diversity of healthcare organisations, it is becoming increasingly difficult to sustain trust. There is a strong business case for assigning Information Governance duties to people who have proven through their knowledge, experience and personal commitment to relevant learning that they have the necessary competence.
Honors & Awards
-
ISACA London Chapter 2014 Roll of Honour
ISACA London Chapter
Awarded by ISACA London Chapter for Top 3 score in certification examination.
-
Search Security MSc Thesis Award
Search Security and Royal Holloway University of London (RHUL) Information Security Group (ISG)
Search Security and RHUL ISG jointly award this honour each year to a number of RHUL MSc graduates, if it is considered that the graduate's MSc thesis is of outstanding quality and of potential wider interest to businesses.
https://www.royalholloway.ac.uk/isg/informationforcurrentstudents/mscproject/thesisprizes.aspx -
First British Citizen to obtain the ISSEP certification
(ISC)2
The prestigious Information Systems Security Engineering (ISSEP) certification (https://www.isc2.org/issep.aspx) can only be obtained by existing holders of the Certified Information Systems Security Professional (CISSP) certification. The ISSEP was launched in 2003 and was developed with support and expertise from the NSA (https://www.acsac.org/2003/case/thu-c-1530-Oren.pdf). Out of over 100,000 holders of the CISSP globally, less than 1,500 have obtained the ISSEP certification, mostly in the…
The prestigious Information Systems Security Engineering (ISSEP) certification (https://www.isc2.org/issep.aspx) can only be obtained by existing holders of the Certified Information Systems Security Professional (CISSP) certification. The ISSEP was launched in 2003 and was developed with support and expertise from the NSA (https://www.acsac.org/2003/case/thu-c-1530-Oren.pdf). Out of over 100,000 holders of the CISSP globally, less than 1,500 have obtained the ISSEP certification, mostly in the USA. The number of holders of each (ISC)2 certification can be viewed online (https://www.isc2.org/member-counts.aspx) as can confirmation of the (ISC)2 certifications held by Tim D Williams (https://webportal.isc2.org/Custom/CertificationVerificationResults.aspx?FN=&LN=Williams&CN=378776).
Organizations
-
Association of Enterprise Architects (AEA)
Member
- Present -
Association for Computing Machinery (http://www.ACM.org)
-
- Present -
UK Shorinji Kempo Federation (http://www.ukskf.org)
剣士
- Present -
International Information Systems Security Certification Consortium, Inc (http://www.ISC2.org)
-
- Present -
British Computer Society (http://www.bcs.org)
Member of the British Computer Society (MBCS)
- Present -
Institute of Information Security Professionals (http://www.IISP.org)
-
- Present -
Information Systems Audit & Control Association (http://www.ISACA.org)
-
- PresentThe organisation behind COBIT and the certifications CISA, CISM, CGEIT & CRISC
-
Professional Risk Managers International Association (http://www.PRMIA.org)
-
- Present
Recommendations received
20 people have recommended Tim D
Join now to viewMore activity by Tim D
-
𝐃𝐨𝐧'𝐭 𝐅𝐨𝐫𝐠𝐞𝐭 𝐭𝐡𝐞 𝐇𝐮𝐦𝐚𝐧 𝐂𝐨𝐬𝐭 𝐨𝐟 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 Cybersecurity professionals know all too well the…
𝐃𝐨𝐧'𝐭 𝐅𝐨𝐫𝐠𝐞𝐭 𝐭𝐡𝐞 𝐇𝐮𝐦𝐚𝐧 𝐂𝐨𝐬𝐭 𝐨𝐟 𝐑𝐚𝐧𝐬𝐨𝐦𝐰𝐚𝐫𝐞 𝐀𝐭𝐭𝐚𝐜𝐤𝐬 Cybersecurity professionals know all too well the…
Liked by Tim D Williams
-
I've had an interesting day. I've had a PhD in risk management unsuccessfully argue a point with me regarding risk assessments; so badly that they…
I've had an interesting day. I've had a PhD in risk management unsuccessfully argue a point with me regarding risk assessments; so badly that they…
Liked by Tim D Williams
-
In a week where the fragility of democracy was starkly illuminated, the toxic trio of ego, arrogance, and ignorance is driving cybercrime, enabling…
In a week where the fragility of democracy was starkly illuminated, the toxic trio of ego, arrogance, and ignorance is driving cybercrime, enabling…
Liked by Tim D Williams
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More