Meet our Technical Advisory Board
The Cyber Scheme’s Technical Advisory Board works with us to help shape process, services and standards.
The Cyber Scheme has appointed a board of high-level industry partners to help shape the future with us. Their current responsibilities include:
- Input to the National Technical Authority (NCSC)
- The ability to review, comment upon and suggest improvements to existing standards
- Oversight of internal governance – process and procedure
- Oversight of moderations and appeals
- Authority to sign off quarterly internal audit reporting
- Involvement in the high level design of new services and training offerings
- Ability to chair sub groups with industry outreach.
Board members meet quarterly.
Please contact us if you would like to be considered as a future Board member.
Current Board Members
Paul is a subject matter expert in ethical hacking and security testing. A career in software development and the technical support industry gave Paul the insight to move to into cyber as a career. Paul is a fully qualified teacher (QTS) and has a degree in computer science. Paul holds a CHECK team leader certificate, is a chartered cyber security professional (ChCSP), is a CSTL assessor for Inf and App, a CSTM assessor, NCSC approved trainer, and VA+ assessor. Paul often teaches cyber security and hosts mentoring workshops. Paul has been a security tester for many years and is now the Lead Assessor at The Cyber Scheme.
Toby is a subject matter expert with over sixteen years’ experience in the IT Security field and has worked specifically as an offensive security tester throughout that period. Toby is a CHECK Team Leader and has held NCSC approved qualifications in both application and infrastructure from Tiger Scheme, CREST and The Cyber Scheme over his tenure. Toby is a chartered cyber security professional (ChCSP) and an assessor for CSTL Inf and App, CSTM and VA+. Toby has spent the last nine years running Tian Digital Security with the sole purpose of delivering the highest standard security assessments and advice to clients across industry.
Sarah is one of the co-founders of Shift Key Cyber and has thirty years of experience in IT and cyber security. She is a Chartered Cyber Security Professional (ChCSP), and is a member of the Chartered Institute of Information Security and the British Computer Society.
Sarah is an ISO 27001 Lead Auditor, a Cyber Advisor (Cyber Essentials), a Certified Assessor – Cyber Essentials Implementation, a Cyber Essentials Assessor, an IASME Cyber Assurance Assessor and has held the CISSP certification since 2015.
Sarah often teaches cyber security and actively mentors newcomers to the industry.
Andy is the Strategy Director for The Cyber Scheme. Andy has led the development and design of a new certification – Cyber Advisor (Cyber Essentials) in partnership with the NCSC and IASME, and has been appointed as Chair of the UK Cyber Security Council’s Professional Standards Working Group (PSWG).
In addition to his 7 years in the cyber security industry he has extensive public sector experience with 31 years’ experience in Central Government and foreign Government organisations delivering a wide range of delivery, policy development, planning, financial and business change activities covering Cyber Security, technical operations, crisis management, complex project, and technical programme delivery. He has extensive experience working with UK Government Foreign partners. His last post in Government was as Service owner for CESG (now NCSC) Assurance schemes which were underpinned by professional competence quality criteria.
Dave is an experienced cyber security consultant, technical security architect, penetration tester, and technical leader specialising in information assurance, governance, risk and compliance (GRC), and penetration testing.
Over 15 years of working across defence, Government, healthcare and the financial services, Dave has established strategic cyber security platforms, delivered and tested incident response capabilities, scoped, led and quality assured penetration testing services, and supported the development of technical vulnerability management programmes in very complex operational environments.
Dave holds CISM, CRISC and CISSP, Cyber Scheme Team Leader (CSTL) and CHECK Team Leader (CTL) certifications in both infrastructure and web application disciplines, and is both a Fellow of CREST and a full member of the CIIsec. Dave previously held senior CCP ISSM and SIRA certifications and CCP Assessor accreditation, and was a CLAS Consultant until the scheme ended.
Dave is a Director at NCC Group where he focusses on ensuring best of breed technical assurance and advisory capabilities. His career spans 25 year’s working for/with a few notable firms (e.g., NCC, @stake/Symantec, MWR Labs). Commencing as an Engineer (Technical Support and Development) and eventually leading to an 11-year tenure with MWR Labs as Global Technical Director (acq F-Secure).
He has held certifications such as CCT, CTL, CCSAS, CCSAM etc. Dave was also a recipient of the inaugural CREST fellowship; awarded in recognition for distinguished works in his capacity as a CREST assessor and technical advisor. Dave is also a published author (SQL Injection Attacks and Defenses), Metasploit framework contributor and has presented research at several international respected security conferences such as 44CON, BSides (UK, ZA & NYC), CRESTCon, Sec-T, ZACon, DeepSec, T2, Blue Hat etc. on a range of topics and technical areas (SAP, MobSec, Red/Purple Team etc).
With a background in mathematics, Alex has a passion for data driven cyber security. She is a certified OpenFAIR practitioner and performs research in the Cyber Risk Quantification space. Alex often presents and writes on cyber security current affairs and is an active member of the cyber security community, including Women in Technology initiatives.
Alex has over five years experience working in both offensive and defensive cyber security roles. Alex is a CREST Registered Penetration Tester and specialises in infrastructure testing. Alex is a Manager in the Cyber Attack and Defence team at Mazars, working to deliver a number of offensive security engagements as well as mentoring and training junior team members. She also has experience working to a number of information security frameworks and risk management standards, which compliments her offensive security skillset.
With more than a decade of experience, Jody is a highly-qualified penetration tester with a passion for exploring technologies and developing new skills. He is a CHECK Team Leader, as well as a CREST Certified Tester in Infrastructure and Applications, and is a CREST Certified Simulated Attack Specialist executing advanced red team attack simulations. In 2021, he was awarded a lifetime Fellowship of CREST in recognition of his commitment to the industry and the highest level of excellence in CREST exams, and in 2023 Jody was awarded Chartered Cyber Security Professional status.
Jody is highly motived to provide an outstanding contribution to the cybersecurity industry as a whole- he is a believer in proactively bringing solutions to the table.
In his day job, Jody is a Principal Consultant at Cyberis, delivering complex adversary simulations. He is an integral part of the leadership team, providing mentoring and support to his colleagues and driving continual improvement in client services