Rob Mason

Current

• Director ~ CLAS Consultant at Acasta Ltd.

Past

• Security Architect & Risk Management Consultant at Capgemini UK
• Information Security Consultant at Capita
• Technical Security Architect at Fujitsu Services

• NHSnet/N3 Infrastructure Security Manager at NHS Information Authority
• Head of ICT at Barnsley District General Hospital

see less...

2 more...

Recommended

1 person has recommended Rob

Connections

48 connections

Industry

Computer & Network Security

Websites

• My Company

Rob Mason’s Summary

Rob is a security cleared and CESG listed Information Security Architect with advanced academic qualifications and industry certifications. He has over 16 years of valuable technical and business consulting skills acquired in demanding senior roles within UK Government, NHS and FTSE 100 organisations. Excellent customer facing skills and expert abilities in: security policies; architecture; compliance auditing; testing; incident response; and, risk management.

Rob Mason’s Specialties:

Security Skills: ISO/IEC 27001 Lead Auditor qualified, HMG Infosec standards IS1/3, Risk Management frameworks (CRAMM), policy and standards development, compliance auditing (PCI & ISO/IEC 27001).

Technical Skills: TCP/IP, Infrastructure Design, Penetration Testing (OSSTMM & OWASP), UNIX (various flavours), Perl, MUMPS, Visual Basic, SQL (various flavours), Forensic Computing.

Rob Mason’s Experience

• Director ~ CLAS Consultant

  Acasta Ltd.

  (Information Technology and Services industry)

  July 2008 — Present (4 months)

  Independent Information Security Consultant specialising in UK Government Information Assurance. Extensive experience across many industry sectors:
  
  ~ Law Enforcement
  ~ Health (NHS)
  ~ Utilities
  ~ Local & Central Government
  ~ Financial
  
  Expert skills in:
  
  ~ RMADS Authoring
  ~ IS1 & CRAMM Technical Risk Assessment
  ~ Technical Security Architecture (Infrastructure)
  ~ Compliance (ISO 27001 & PCI-DSS)
  ~ Procurement & bid team support

• Security Architect & Risk Management Consultant

  Capgemini UK

  (Public Company; 10,001 or more employees; CAP; Information Technology and Services industry)

  June 2007 — July 2008 (1 year 2 months)

  • Provided information governance and technical security consultancy services to capability units within Capgemini, and to clients, in bid and delivery situations.
  • Established governance structures to ensure that technical and business security standards were deployed consistently throughout programme lifecycles.
  • Coordinated and collaborated with clients and other Capgemini business units to ensure that business strategy was enabled and augmented through effective information governance.
  • Undertook governance compliance audits, typically against ISO/IEC 27001 and HMG Infosec security management standards.
  • Performed threat and risk analysis in order to accurately define and focus protective controls.
  • Participated in the selection and deployment process of the infrastructure technology components required within client projects.

• Information Security Consultant

  Capita

  (Public Company; 10,001 or more employees; Information Technology and Services industry)

  August 2005 — June 2007 (1 year 11 months)

  • Designed and implemented BS7799/ISO27001 compliant security management systems including policy, process and standards development.
  • Delivered information security compliance audits (BS7799/27001, BS15000, PCI).
  • Performed internal and external security assessments (pentests) including scoping, analysis, reporting and presentation of findings.
  • Undertook formal CRAMM reviews and technical risk assessments.
  • Provided technical security consultancy services to other capability units within the organisation and to clients in bid and delivery situations.

• Technical Security Architect

  Fujitsu Services

  (Public Company; 10,001 or more employees; Information Technology and Services industry)

  April 2005 — July 2005 (4 months)

  • Developed and deployed technical security controls for the NHS IT programme.

• NHSnet/N3 Infrastructure Security Manager

  NHS Information Authority

  (Government Agency; 501-1000 employees; Hospital & Health Care industry)

  September 2002 — March 2005 (2 years 7 months)

  • Planned, implemented, managed and maintained NHS IT security policies and standards.
  • Reviewed and sanctioned Local Authority and Private Hospital connections to NHSnet/N3.
  • Investigated and resolved incidents, and, implemented corrective actions.
  • Developed national template network security solutions for connecting organisations.
  • Performed BS7799 and technical compliance audits against NHSnet/N3 Security Policy.
  • Negotiated with users, network suppliers, system suppliers and auditors.
  • Successfully planned, organised and presented topics at security seminars.

• Head of ICT

  Barnsley District General Hospital

  (Government Agency; 1001-5000 employees; Health, Wellness and Fitness industry)

  May 1999 — August 2002 (3 years 4 months)

  • Responsible for 24/7 data centre operations, local and wide area network management.
  • Managed large multi-disciplinary teams.
  • Responsible for the management of technical third party supplier contracts, service level agreements and associated finances for the Trust.
  • Developed and maintained the organisations Information Security Management System.

Additional Information

Rob Mason’s Websites:

• My Company

Rob Mason’s Groups:

Professional Member of the British Computer Society (MBCS)
Professional (Founder) Member of the Institute of Information Security Professionals (M.Inst.ISP)
ISC(2) Certified Information Security Systems Professional (CISSP)
CESG Listed Advisor

•    Certified Information Systems Security Professionals (CISSP)
•    Northern UK Security Group
•    Information Security Community
•    SC or DV Cleared Professionals (use it or lose it)
•    CESG CLAS Consultants