Professional Activities

Expert witness in information systems security

  • 2008: R. v. M. Sealy and Others (Defense Expert, UK)

Industrial Experience

  • 1999-2001: Security Consultant, Cambridge Technology Partners (Novell, Inc).
    Indicative projects undertaken:
    • Holderbank (Switzerland): Security and network management of the company's Intranet. Involved in setting up a VPN between the management network which is located in Zurich and the production site which is located in Virginia.
    • Organisation in the Transportation Industry (Germany): Security assessment. Involved in assessing the security of the corporate network of the Organisation, developing a security classification scheme and designing a network to reflect the multiple levels of security according to that scheme. Due to the success of the project, Cambridge was engaged with the same client on two more security projects:
    • Organisation in the Transportation Industry (Germany): Risk assessment of the site. Performed a structured penetration testing using public and custom hacking tools.
    • Organisation in the Transportation Industry (Germany): Security classification tool. Developed a tool to automatically classify applications based on business requirements. More specifically, the input consisted of business requirements and the result produced a list of security services, matching specific technical requirements.
    • Secure Internet infrastructure for a (business to business) telecommunications company (Netherlands): Involved in setting up the network and taking the site from development to production. A user administration tool through the portal was also developed.
    • Evaluation of security solutions for developing a site for a large Bank (Netherlands): Security consulting during the design phase.
    • Organisation in the Financial Industry (Netherlands): Security consulting during the business requirements workshop. Investigated the business requirements for security services.
    • Organisation in the Financial Industry (Netherlands): Architecture workshop. The aim of the workshop was to determine the requirements for an architecture in a way that common services can be used to support business objects (capabilities). My role was to focus on the security services, which involved investigation on the company's current policies and procedures related to security, identification of the ongoing security related efforts in the Bank and determination of security standards to be adopted by the architecture.
    • Security and network architecture for a DOT COM company in the financial industry ( The tasks include assessment of the business risk, development of security classification profiles, design the network infrastructure to reflect the security levels. Technologies involved: Directory services (LDAP), firewall layers, load balancing and scalability (IBM's eNetwork dispatcher), trust model based on WebSphere and Oracle security models, compliance to ISO17799 criteria.
    • Network and Security architecture for YourNews are a content syndicator, linking content providers (originators) with content distributors. Assessed the current network infrastructure from a scalability, availability and performance perspective.