Her Majesty UK Courts & Tribunal Services

Oversaw the Future Hearings Programme and responsible for the security of services modernizing the Courts and Tribunal services. We was responsible for 5 large projects including Scheduling and Listing, Fully video hearings, Publishing and information, Resource management and Hearings management interface. We was central to thesuccessful transition from delivery to ‘business as usual’ for new digital platforms and services so that the organization’s benefits and objectives can be fully realized. We was responsible for ensuring that solutions are assessed against agreed security policies and strategies, that cross-programme security collaboration & cyber risk mitigation is effective, and that high impact technology decisions or exceptions are made under proper scrutiny from a cyber-security perspective. We was an integral part of the Digital Architecture & Cyber Security leadership team, with responsibility for leading and managing the enterprise security strategy, information assurance and processes to maintain information security risk at an acceptable level. Part of this programme we reviewed High Level and Low Level solution designs (including but not limited to Azure, GCP, AWS, API Security, Container Security, SaaS solutions) to identify security risks and recommended security controls that support HMCTS security policies and standards. We performed threat assessments creating threat modelling diagrams to identify vulnerabilities in the solution design and developed countermeasures to prevent/mitigate the effects of an attack against the system. 

We was part of the Technical Design Authority and Programme Design group where he was leading technical solution designs and approved/rejected solutions that did not meet HMCTS technical guidance library, policies and standards. We contributed to Data Privacy Impact Assessments where analyzed and minimized data protection risks of the future hearing programme. We was responsible to scoping and executing large penetration test engagements for the future hearing programme on multiple technologies and environments e.g. Azure Kubernetes Services environment. We managed and directed remediation efforts on vulnerabilities identified from penetration test engagements and Nessus. We worked very closely with 1st & 2nd line risk, to identify cybersecurity risks in relation to the future hearings projects. We articulated technical risks into a non-technical format for the risk teams to consume. We was also responsible for onboarding the future hearings projects onto the SIEM solution (Splunk). As Lead Security Arcthiect we assessed supplier assurance documents including Security Management Plans, IT Health Check reports. We provided other government departments (Home Office) assurance for the Video Hearing Solution using NCSC 14 Cloud Security Principles. He contributed to the Authority to Operate and ensured all risks were accepted and mitigated before go-live. On a strategic level we produced a baseline of cloud security controls and an application security standard for HMCTS. We reviewed solution designs for the Security Operations Centre and provided ad hoc consultancy for project related security issues.