Information Security & Digital Forensics Specialist
- Oxford, United Kingdom
- Computer & Network Security
Simon Biles's Overview
- Security Assurance Consultant at Thales
- CLAS Consultant at ATLAS Consortium
- Information Security Consultant at Oxfam
- Subject Matter Expert at ContentMaster / Microsoft
- Associate Lecturer at Open University
- Aspire Security Architect at Capgemini
- Information Security Consultant at Parkhill
- Senior Network Security Application Engineer at 3Com
- Security Consultant and Developer at Science and Technology Facilites Council ( Formerly CCLRC )
- Forensic Consultant at CIA Excel
- Infrastructure Security Analyst ( SOx ) at Vodafone UK
- Linux Consultant at Cable and Wireless
- Kerberos Consultant at Golden River Traffic
- UNIX Security Analyst at JP Morgan Chase
- UNIX and Security Consultant at Institute of Cancer Research
- Author & Reviewer at O'Reilly & Associates
- UNIX Systems Administrator at CFX, AEA Technology Plc.
- UNIX Systems Administrator at EdNet
Simon Biles' Summary
Digital Forensics & Information Security
► Digital Forensics
⇨Currently taking on new cases for Prosecution and Defence in the UK.
♦ Computer Misuse
♦ Hacking / Cracking / Industrial Espionage
♦ Intellectual Property (IP) / Data Theft
♦ Employee Disputes
⇨ Specialising in networks and networked computers & alternate Operating Systems.
♦ Unix & Linux
♦ Windows Server & Active Directory
♦ Network Attached Storage (NAS)
♦ Intrusion Detection / Prevention System Evidence
⇨ Forensic Readiness Policies & Procedures.
♦ In line with HMG Good Practice Guides GPG 13 ( Protective Monitoring ) and GPG 18 ( Forensic Readiness )
► Information Security
♦ Security Reviews & Audits
♦ Risk Assessment & Business Impact Analysis
⇨ Penetration Testing
♦ White Box & Black Box Penetration Testing
♦ Vulnerability Assessments
⇨ Security Architecture
♦ Design and Review of Systems
♦ Security Controls
♦ Firewall rule set creation and review
⇨ Policy and Procedures
♦ Creation, Review & Audit
⇨ Accreditation & Compliance
♦ HMG IS1/IS2/SPF
♦ ISO 27001
⇨ Intrusion Detection and Prevention Systems
♦ Security Incident Event Management (SIEM) Systems compatible with GPG 13
Simon Biles' Experience
Co-founder & CEO
Privately Held; 1-10 employees; Computer & Network Security industry
April 2002 – Present (12 years 6 months) Oxford, United Kingdom
Co-founder and CEO of Thinking Security Ltd. (previously Computer Security Online Ltd.) an Information Security & Digital Forensics company near Oxford in England.
Established in 2003, Thinking Security set out to provide pragmatic and cost effective security advice without the use of fear, uncertainty and doubt. We believe strongly in sustainable solutions that don't leave our clients reliant on us, but enable them to further their business goals with the assurance that their information risks are well managed.
Security to us isn't solely about technical solutions (although we constantly feed our inner geeks), it is about a holistic approach that encompasses all aspects of the information lifecycle. We pride ourselves on our ability to speak English, something that we have been complimented on by many of our customers, because without your understanding we don't feel that the potential of any technical solution can be truly realised. In order to better enable future management decisions and to fuel continual improvement, we strongly believe in the use of meaningful metrics.
Before we became consultants, we operated at the IT coalface, securing and managing heterogeneous UNIX, Linux and Windows networks for multinational companies. We have authored or co-authored a number of books and articles on a wide range of security topics, and have been invited as guest speakers and lecturers to a number of conferences, universities and organisations.
CLAS Consultant - Fraud, Security & Risk
Public Company; 10,001+ employees; VMED; Telecommunications industry
February 2014 – Present (8 months) Hook
• Part of the Project Team providing close technical security support to deliver an inter-connected service as part of the PSN.
• Conducting technical security reviews of low level designs and plans to achieve interconnected services at IL2 and IL3;
• Routinely contributing to the production and maintenance of Risk Management Accreditation Document Sets (RMADS).
• Working in close support of Virgin Media’s Information Assurance organisation to ensure successful completion of the necessary HMG Accreditation requirements.
• Producing and maintaining supporting documentation that forms part of interconnections, such as Codes of Connection (CoCo), MoU’s etc;
• Practical application of the HMG Risk Management methodology to identify appropriate risk treatment plans;
• Application of HMG Information Assurance standards, including handling, disposal, protection of information and in accordance with the Government Classification Scheme (GCS);
• Translating ISO 27000 series objectives to align with HMG Security Policy Framework (SPF) for incorporating with a Baseline Controls Set;
• Working closely with various technical groups and external parties to specify the necessary technical security requirements needing to be satisfied for facilitating secure interconnections;
• Liaison with HMG authorities, including CESG, GCHQ, PSN, CPNI, in pursuance of secure interconnections and necessary accreditation;
Educational Institution; 1001-5000 employees; Higher Education industry
February 2013 – Present (1 year 8 months) Leicester, United Kingdom
Visiting Lecturer for a part of the Forensic Examination of Network Computers module of the postgraduate MSc in Forensic Computing for Practitioners assisting Professors Brian Jenkinson & Tony Sammes.
This module develops expertise in the forensic examination of both Client and Server machines. The module consists of an academic discussion of Networks and how they operate followed by practical hands-on development of a Network from the point of view of a small business. Starting from a stand alone machine students will build a working network via crossover connection to the use of switches on a small network to a full-blown domain with controller. Forensic artefacts and methods of recovery for evidential purposes are discussed and practically experienced along the way. Examinations/analysis are carried out on prepared hard disks with suitable scenarios.
Visiting Lecturer on the Alternate Operating Systems module of the postgraduate MSc in Forensic Computing for Practitioners - developing and delivering the whole module.
Security Assurance Consultant
Public Company; 10,001+ employees; HO; Defense & Space industry
November 2012 – December 2013 (1 year 2 months) Basingstoke
Developing, reviewing, maintaining and updating all RMADS documentation and Security Operating Procedures associated with Thales’ networks, systems and applications, in accordance with Mandatory Requirements of HMG Security Policy Framework (SPF) and applicable CESG Information Assurance Standards.
Assisting with remediation planning to ensure that systems are designed and implemented in accordance with the defined requirements. Assist with training and awareness briefings to ensure that support staff and users are working in accordance with the defined requirements.
Assisting with IAMM L3 certification and ISO27001 compliance.
Assisting with assurance activities to ensure that all Thales UK List X sites and systems continue to achieve accreditation.
Assisting with the evaluation and implementation of cost effective security requirements and controls for IL0 – IL6 environments.
Partnership; 1001-5000 employees; Computer & Network Security industry
January 2010 – November 2012 (2 years 11 months) Reading, United Kingdom
Lead TPSL (Trusted Platform Service Line) Security Architect - presentation of security compliance. RMADS & supporting documentation for accreditation of infrastructure and applications to HMG standards.
Information Security Consultant
Nonprofit; 5001-10,000 employees; Nonprofit Organization Management industry
June 2009 – October 2012 (3 years 5 months) Oxford
Thinking Security are currently contracted to Oxfam GB to review, direct and implement Information Security solutions.
Subject Matter Expert
ContentMaster / Microsoft
March 2005 – October 2010 (5 years 8 months)
Produced assorted pieces of work for Microsoft through ContentMaster, including "Building Unix Security and Directory Solutions using LDAP, Kerberos & Windows Server 2003", "Converting UNIX Daemons to Windows Services using C#" and some testing work.
Educational Institution; 5001-10,000 employees; Higher Education industry
October 2008 – January 2010 (1 year 4 months)
Associate Lecturer on the Postgraduate Information Security Management Course - M886
Taught students on the postgraduate Information Security Management (M886) course, which is based around the ISO27001 standard. This course is accredited by the Cabinet Office as a practitioner level course within the InfoSec Training Paths and Competencies (ITPC) scheme, and covers all related standards – PCI/DSS, Sarbanes-Oxley and BASEL-II.
Aspire Security Architect
Public Company; 10,001+ employees; CAP; Information Technology and Services industry
October 2008 – April 2009 (7 months) Telford, United Kingdom
Aspire Security Architect - RMADS work for HMRC
Created Risk Management and Accreditation Document Sets (RMADS) in line with HMG Security Standards for both Level 1 (Business Group Specific) and Level 2 (Organisation Wide) RESTRICTED information processing systems within Revenue and Customs for existing architectures, providing gap analysis and mitigation where designs failed to meet set government standards.
Managed full RMADS lifecycle from Accreditation Planning Agreement (APA) to completion dealing with all stakeholders and accreditors.
Information Security Consultant
March 2009 – March 2009 (1 month) Newham, London
Post Incident Response Security Assessment at the Newham University Hospital Trust, and the Newham Primary Care Trust on behalf of Parkhill. Fully managed project from setting scope to presenting final report at a board level. Assessment was benchmarked against the Information Security Forum (ISF) “Standard of Good Practice” and ISO27001, and was to strength controls following a specific breach incident that had caused significant financial loss.
Senior Network Security Application Engineer
Public Company; 5001-10,000 employees; COMS; Computer Networking industry
June 2008 – August 2008 (3 months)
Doing security test work on the next generation of 3COM appliances - Anti-Virus, Anti-Spam, IDS/IPS and Firewall.
April 2008 – April 2008 (1 month) London, United Kingdom
Carried out a full forensic investigation for a client of CIA Excel from imaging to final report. The investigation involved live acquisition and examination of a server to trace the source of leaked documents and to identify the culprit, and also a concurrent internet investigation to enable the client to further limit the distribution of the leaked material.
Infrastructure Security Analyst ( SOx )
Public Company; 10,001+ employees; VOD; Telecommunications industry
December 2006 – March 2007 (4 months)
Ensuring Sarbanes-Oxley compliance for Vodafone UK with regard to OS, DB and Application patching.
Public Company; 5001-10,000 employees; CW.; Telecommunications industry
November 2006 – December 2006 (2 months)
Linux consultant for government project.
UNIX Security Analyst
Public Company; 10,001+ employees; JPM; Financial Services industry
November 2005 – April 2006 (6 months)
UNIX Security Specialist working with ETrust and Keon.
UNIX and Security Consultant
Educational Institution; 1001-5000 employees; Research industry
July 2004 – July 2005 (1 year 1 month) London, United Kingdom
UNIX skills on Solaris, Linux and MacOS X. Evaluated, specified, built and maintained UNIX and Linux servers. Consulted for the IT Security Manager in BS7799 compliance certification and general security best practice. Constructed policies and procedures for incident response. Performed security testing, vulnerability analysis and asset identification. Consulted on Checkpoint and Nokia firewall configuration and installation. Developed, configured, tested and maintained a VPN solution. Installed IDS solution using Snort. Maintained existing Citrix installation for financial and cross platform systems. Performed in house forensic work as required by HR.
Author & Reviewer
Privately Held; 201-500 employees; Information Technology and Services industry
2005 – 2005 (less than a year)
Co-authored the Snort Cookbook and reviewed a number of other O'Reilly titles.
Simon Biles' Volunteer Experience & Causes
Causes I care about:
- Science and Technology
Organizations I support:
Simon Biles' Honors and Awards
Chartered IT ProfessionalBCS
The CITP standard is based on the needs of industry - employers, academics and Government have told us that they value a status which:
- is rigorous and demanding to achieve
- shows that holders understand the business they are working in and add business value through the use of technology
- tells an employer something about the holder which they cannot find out easily themselves
is underpinned by periodic revalidation
Simon Biles' Languages
Simon Biles' Certifications
- September 2010 to September 2012
BS 17799 Lead Auditor
- January 2006
Simon Biles' Publications
- O'Reilly Publishing
O'Reilly Cookbook for the Open Source Intrusion Detection System - Snort.
Authors: Simon Biles, ISECOM
The Latest Linux Security Solutions This authoritative guide will help you secure your Linux network--whether you use Linux as a desktop OS, for Internet services, for telecommunications, or for wireless services. Completely rewritten the ISECOM way, Hacking Exposed Linux, Third Edition provides the most up-to-date coverage available from a large team of topic-focused experts. The book is based on the latest ISECOM security research and shows you, in full detail, how to lock out intruders and defend your Linux systems against catastrophic attacks. Secure Linux by using attacks and countermeasures from the latest OSSTMM research Follow attack techniques of PSTN, ISDN, and PSDN over Linux Harden VoIP, Bluetooth, RF, RFID, and IR devices on Linux Block Linux signal jamming, cloning, and eavesdropping attacks Apply Trusted Computing and cryptography tools for your best defense Fix vulnerabilities in DNS, SMTP, and Web 2.0 services Prevent SPAM, Trojan, phishing, DoS, and DDoS exploits Find and repair errors in C code with static analysis and Hoare Logic.
Simon Biles' Skills & Expertise
- Information Security Management
- Information Security
- Computer Security
- Penetration Testing
- ISO 27001
- Computer Forensics
- Network Security
- Vulnerability Assessment
- Security Awareness
- Security Audits
- Vulnerability Management
- PCI DSS
- Forensic Analysis
- Technical Writing
- IT Audit
- Application Security
- Information Assurance
- Infrastructure Security
- Intrusion Detection
- Vulnerability Scanning
- Network Forensics
- Open Source
- Content Filtering
- Sarbanes-Oxley Act
- Ethical Hacking
- Digital Forensics
- Data Security
- Security Architecture Design
Simon Biles' Education
MSc, Forensic Computing
2012 – 2014
Transfer of MSc from Cranfield to De Montfort
MSc - modules, Forensic Computing
2006 – 2011
DipHE, Computer Science and Artifical Intelligence
1996 – 2000
I studied, in addition to CompSci and AI, Company, Criminal and Contract Law, Electronics, Industrial Management, Oceanography and Geomorphology.