Dave Marsh, QSA, M.Inst.ISP, CISSP
Relevant Business Experience:
A highly experienced and recognized technical IT security consultant, auditor and implementer with over twenty years’ experience in the security industry. He has a thorough understanding of information security from both a theoretical and practical perspective. He possesses in-depth technical knowledge and wide experience of security standards and policies and procedures. Dave has performed risk and cyber security assessments and security implementations across a variety of different market sectors.
For a number of international banks and a major European stock exchange, performed penetration testing and vulnerability assessments.
Designed and implemented the BIPS payment protection system, which currently protects in excess of £3 Billion/day in international transfers. The system, using military-grade cryptography, guarantees outgoing payments can only be made to valid beneficiaries.
For a FTSE 100 retailer conducted Cyber Security Assessment across all business lines and retail channels (to obtain cyber insurance).
For a major global insurance firm, lead an audit of systems procedures, deployment and usage and delivered risk assessment.
Conducted Cyber Security Assessment of new Telematics based infrastructure (hardware, software and communications) of a new product for a major insurance company.
For a global bank, architected, designed and implemented a connection system for their 300 largest global customers. The system, which has been live since 2002, is licensed on an on-going basis to provide highest-value payment transfer system.
For another global bank, architected, designed and implemented a Digital Cryptographic Security Agent (DCSA), which provided the underlying security services for their home banking.
For a variety of major banking and financial services clients, conducted audits of entire Windows and UNIX estate and network infrastructure against local security policies, which were based on ISO 17799. Led a number of audits for systems and network infrastructure against a number of international and banking standards. Performed security audits and risk assessments to validate inter-bank connectivity.
For FMCG client, developed a new set of Security Policies for a major UK supermarket chain to help achieve their goal of being both ISO 27001 and PCI compliant. Scoped and led a comprehensive security audit and risk analysis of all systems, policies and processes involved in a new credit card launch. Performed a detailed security audit and analysis of all systems, processes and procedures throughout the company.
Relevant Career Experience:
2013 – present Resources Global Professionals, Consultant
1993 – 2013 Various Clients including HSBC, Marks and Spencer, BP and London Stock Exchange
IT Security Consultant
1984 – 1993 Digital Equipment
Principal Software Engineer
High Street Retail
Oil and Gas
IT Audit – External and Internal
Audit – External and Internal
PCI-DSS V2 and V3
Enterprise Risk Management
Risk Assessments and Analysis
High security systems architecture (design and development)
Policies, Procedures & Controls
Training & Awareness
PKI and PKO
B.S. Computer Science, University of Portsmouth