About

Professional Background

As Managing Director of Halkyn Consulting Ltd, I provide specialist cybersecurity consulting services to major enterprises, combining military intelligence with cutting-edge incident response expertise. My consulting practice spans Financial Services, Property Management, Retail, and Manufacturing sectors, consistently delivering transformational security operations capabilities.

As a SANS Certified Instructor, I teach FOR508 (Advanced Incident Response, Threat Hunting, and Digital Forensics) and author courses including FOR608 (Enterprise Incident Response and Threat Hunting) and FOR577 (Linux Incident Response).

I have successfully worked with government agencies, subcontractors, and private sector clients across Financial Services, IT, Retail, Manufacturing, FMCG, and Property Management industries, consistently delivering high-quality DFIR support, guidance, and mentorship.

My expertise spans building and developing security operations teams, incident response capabilities, threat hunting programmes, and comprehensive risk management strategies that enable organisations to detect, respond to, and recover from advanced cyber threats effectively.

Key Experience

Managing Director & Principal Consultant

Halkyn Consulting Ltd
  • Provide specialist cybersecurity consulting services to major enterprises across Financial Services, Property Management, Retail, and Manufacturing sectors
  • Lead incident response engagements for multinational clients including JLL (Jones Lang LaSalle), TransUnion, Barclays, Capco, and Shop Direct Group
  • Build and develop security operations teams, incident response capabilities, and threat hunting programmes for enterprise clients
  • Deliver comprehensive risk management strategies, governance frameworks, and DFIR process development with 100% client retention rate

Recent Major Client Engagements:

JLL (2021-Present): Technical lead for global 24/7 security operations capability across IoT/SCADA/ICS environments, primary forensic investigator for enterprise-wide incident response

TransUnion (2019-2021): Developed UK CSIRT aligned to ISO27035 & NIST SP800-61, led response against advanced threat actors, implemented container DFIR workflows

Shop Direct Group (2018-2019): Established internal security operations and incident response processes, implemented Carbon Black Response and Vectra solutions

Course Author and Instructor

SANS Institute
  • Course author of SANS FOR608 Enterprise Class Incident Response & Threat Hunting
  • SANS Certified instructor for FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics
  • Course author for FOR577 Linux Incident Response

Military Intelligence Operations

UK Armed Forces
  • SIGINT/Electronic Warfare operations providing foundation for advanced threat analysis and technical intelligence gathering
  • HUMINT and Counterintelligence activities developing adversarial mindset essential for modern cybersecurity defence
  • Transitioned military intelligence expertise to combat emerging cyber threats as internet-delivered attacks evolved
  • Established analytical framework for threat actor behaviour analysis later applied to advanced persistent threats

Certifications & Qualifications

Security Leadership

🛡️
  • Certified Protection Professional (CPP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Chief Information Security Officer (C|CISO)
  • Certified in Risk & Information Systems Control (CRISC)
  • GIAC Security Operations Manager (GSOM)

Digital Forensics & Incident Response

🔍
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Enterprise Incident Response (GEIR)
  • GIAC Certified Linux Incident Responder (GLIR)
  • Magnet Certified Forensic Examiner (MCFE)
  • OSForensics Triage Certification (OSFTC)
  • Certified Cyber Threat Forensic Investigator

Threat Hunting & Analysis

🎯
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Defending Advanced Threats (GDAT)
  • GIAC Continuous Monitoring Certification (GMON)
  • Certified Cyber Intelligence Professional (CCIP)

Technical & Penetration Testing

  • GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)
  • Certified Ethical Hacker (CEH)
  • GIAC Python Coder (GPYC)
  • GIAC Certified UNIX Security Administrator (GCUX)
  • Certified in Cloud Security Knowledge (CCSK)

Get In Touch

Available for security consultancy, incident response, training delivery, and expert witness services.