Alan Curran CCP M.Inst.ISP MBCS MSyI

About me

I am a CESG / NCSC Certified Cybersecurity Professional (CCP), with a background in risk assessment, risk management, and internal auditing.

For 10 years, I worked in the demanding environment of front-line Policing, acquiring the ability to work in fast-paced situations, with a proven track record of making critical decisions under pressure and being highly motivated and driven to ‘get the job done’.

I am an effective communicator, with the ability to adapt my presenting or writing style to a number of situations, from briefing senior management (presenting at board level meetings, or producing written cyber threat briefings for C suite executives), team working with colleagues throughout the business, and producing relatable content for a wider staff audience (internal cyber security awareness blogs).

I have experience of working in a highly visible role, building lasting relationships with colleagues within the business and beyond, whilst demonstrating strong personal ethics, transparency, and integrity.

Operationally, I have managed security risk in various domains, from dynamically assessing life and death situations, carrying out methodical and lengthy project-based Information Security risk assessments, to applying ISO standards of best practice for Information Security risks. I therefore have a rich understanding of risk, governance, legal, and compliance requirements for organisations from a number of varied viewpoints.

I have a deep understanding of IT risk, IT security, and the application of the various controls and best practices from within HMG policy, standards such as the ISO 27000 family, and guidance from security industry leaders such as the National Cyber Security Centre (NCSC) and Information Security Forum (ISF).


Work Experience

Security and Information Risk Advisor (Government)

2017 – Present

Working closely with ICT teams and senior stakeholders, my duties include:

  • Providing advice and control of all aspects of security in line with an identified security risk
  • Development and implementation of information security management systems (ISMS) by integrating strategies, policies, and procedures relevant to security management
  • Development and implementation of security related management reviews in respect of infrastructure, people and Information that supports Corporate policy
  • Providing advice for resolution of security and Information Risk matters
  • Explaining to risk owners and other stakeholders the causes, likelihood and potential impacts of potential Information risks throughout the information system lifecycle
  • Checking compliance with applicable regulations, standards, policies and guidance on Information risk management
  • Conducting investigations into security incidents, and coordinating specialist resources when required.

Assistant Security and Information Risk Advisor (Government)

2017 – 2017

Assisting SIRAs, and working closely with ICT and estates services, duties include:

  • Providing advice and control of all aspects of security in line with an identified security risk
  • Assisting with the development and implementation of information security management systems (ISMS) by integrating strategies, policies, and procedures relevant to security management
  • Assisting in the development and implementation of security related management reviews in respect of infrastructure, people and Information that supports Corporate policy
  • Providing advice for resolution of security and Information Risk matters
  • Explaining to risk owners and other stakeholders the causes, likelihood and potential impacts of potential Information risks throughout the information system lifecycle
  • Checking compliance with applicable regulations, standards, policies and guidance on Information risk management
  • Assisting where appropriate in the investigation of security incidents

Estates & Security Officer

2016 – 2017

Responsibilities included:

  • Managing financial records relation to estates and security, including monitoring orders, sourcing quotes, goods and services, checking and reconciling invoices using e-procurement and financial systems and processes.
  • Planning and implementing office moves, floor occupancy audits and updating CAD software drawings and asset registers.
  • Conducting staff induction training in relation to estates processes, including health and safety related induction such as Fire Safety, Environmental awareness, Manual handing etc.
  • Managing the businesses First Aid provisions and training of first aiders, and also providing support to ongoing identification and training of fire marshals.
  • Managing all aspects of the businesses obligations towards Health and Safety, including carrying out of risk assessment and in house training as and when required.
  • Providing accident reporting statistics and reports to HSE when required, and being responsible for keeping auditable details on relevant systems relating to health and safety matters.
  • Acting as the businesses “Duty Holder” in relation to Fire Safety provisions, and carrying out in-depth fire risk assessments on an annual basis.
  • Supporting the environmental manager with projects and initiatives relating to reducing the businesses carbon footprint.
  • Preforming the duties of an “Incident First Responder”, including being on call for major incidents which could affect the business, and also providing Business Continuity provision within the Estates team, including the development and update of BCP procedures.
  • Providing guidance and advice on Security matters (Physical and Information security), and acting as a point of contact for any and all security incidents and breaches.

Police Constable (Police Service of Scotland)

2010 – 2016

I preformed the statutory duty of protecting life and property, preserving order, preventing crime and detecting offenders.

My main responsibilities were:

  • Providing immediate response to calls for assistance to from the public, dealing directly with incidents or occurrences.
  • Conducting full and thorough enquiries and investigations into matters or offences coming to my attention, and seeking advice or assistance in specialist areas or persons when required.
  • Preparing legal documents, including prosecution reports for the Procurator Fiscal, and thereafter attending at court hearings to give evidence as a competent person.
  • Serving and executing warrants, citations and summons to court, and various other legal documents where required.
  • A strong commitment to partnership working, building lasting relationships with other emergency services and stakeholders such as local council members and community leaders.
  • Being responsible for the safety and wellbeing of prisoners and detainees within my custody.
  • Responsible for the maintenance and safekeeping of Police property, including vehicles, personal radios, and specialist restraint equipment and electronic items with restricted information held thereon.
  • A heightened awareness of the organisations Health and Safety Policy and procedures, and applying safe working practices daily which minimised the risk of injury and ill health to either myself or members of the public at incidents.
  • Providing practical advice and interest in the training requirements of probationary constables under my supervision, and formally reporting on activities undertaken.
  • Being fully aware of all parts of the Data Protection Act legislation, and applying it practically to all aspects of my work, including the awareness of the protective marking scheme for documents and protecting individuals confidentiality rights.
  • Forensic awareness and experience in collecting physical evidence.

Operations Coordinator (Lothian and Borders Police)

2006 – 2010

Risk assessing calls transferred via a command and control system from emergency and non-emergency call handlers, ensuring accurate ‘grading’ of incidents in line with set procedures, policy and personal experience. Managing a list of prioritised incidents, taking into account the urgency and life threatening nature of each incident on it’s own merits, and thereafter managing the allocation of various relevant, sometimes specialist, human resources to effectively resource calls to ensure a satisfactory and safe conclusion.

Emergency Call Handler (Lothian and Borders Police)

2004 – 2006

Responsible for receiving 999 calls from members of the public and partner agencies (including Ambulance, Fire, alarm companies and various other stakeholders), thereafter using communication skills to ascertain true circumstances of ongoing dynamic and sometimes life threatening situations, and simultaneously transferring accurate written data onwards to Operations Coordinators via a digital command and control system to ensure timeous resourcing of incidents.


Education

Image result for stirling university logoCertificate in Higher Education (CertHE) in ‘Policing’

Stirling University 2010 – 2012

Image result for napier university logoDiploma in Higher Education (DipHE) in ‘Criminal Justice’

Napier University 2004-2006


Certifications

Practitioner Certificate in Information Risk Management

Certified Practitioner in conducting information security risk assessments, including Business impact analysis, threat and vulnerability assessments and setting recommended controls within a risk treatment plan, in line with ISO 27001/27005 and ISO 31000. Accredited by BCS. 

QA Certified Practitioner Certificate in Cloud Security

This course (accredited by GCHQ) is focused on Cloud Security, encompassing Cloud Security Architecture, DevSecOps, Data and Assurance aspects, Governance, Cloud Security Operations and Web Application Security.

CompTIA Security+ CE

CompTIA Security+ certification demonstrates competency in Network security, Compliance and operational security, Threats and vulnerabilities, Application, data and host security, Access control and identity management and Cryptography

ISO27001 Certified ISMS Lead Implementer

Certified in implementing and maintaining an ISO 27001 compliant information security management system (ISMS), the pre-requisite for obtaining 27001 certification.  IISP accredited course. 

ISO 27005 Certified ISMS Risk Management

Certified in conducting ISO 27001 compliant risk assessments, using the practical risk management methodologies as promoted by ISO 27005. IISP accredited course.

IRM - leading the risk profession Fundamentals of Risk Management (FoRM)

Fundamentals of enterprise risk management in-line with the ISO 31000 framework. 

Practitioner Certificate in Information Security Auditing

Certified Practitioner in carrying out Information Security Auditing, in line with ISO 19011 (auditing management systems). Accredited by IISP. 

PKI and TLS Implementation

A hands on practitioners course on implementing Public Key Infrastructure, and configuring Transport Layer Security using secure cryptographic processes. 

Essential Ethical Hacking

This course was a one day introduction to Ethical Hacking, aligned to the philosophy of the Certified Ethical Hacker Certification by the EC Council. 

Certificate in Information Security Management Principles (Distinction)

This certification demonstrates knowledge of cyber security, risk management, vulnerabilities in social media, legislation, security standards, business continuity and cloud computing.


Professional Memberships and Accreditation

CCP – Security and Information Risk Advisor

Assists customers in the routine application and interpretation of security or IA policies and practices

CCP – Cyber Security / IA Auditor

Assess an organisation’s compliance with security objectives, policies, standards and processes and provides impartial assessments and reports covering security investigations, information risk management and investment decisions to improve an organisation’s information risk management.

British Computing Society 

Professional Member (MBCS)

Institute of Information Security Professionals

Full Member (M.Inst.ISP)

The Security Institute

Full Member (MSyI)