Peter Bassill


Founder, Security Researcher, Speaker


Peter Bassill - Founder, Security Researcher, Speaker

I have been in the Information Security world since 1999 and in IT in general since 1996. My work history contains a unique blended balance between the development of exceptional technical capabilities and business knowledge. I have held positions that have provided me a unique understanding of how businesses and IT align effectively with large organizations.

Background: My background includes a substantial history of first-hand responsibilities for information systems operations, network engineering, and information security management. During my career, I have achieved numerous technical and engineering qualifications and certifications, including Certified Information Systems Security Professional (CISSP). I was a community leader in Payment Card Industries Data Security Standards and in 2009 was voted runner-up in the SC Magazine's Information Security Person of the Year.


Education & Qualifications

  • 2015 Offensive Security Certified Professional (OS-6893)
  • 2015 CREST Registered Tester
  • 2011 Chartered IT Professional
  • 2011 Fellow of the British Computer Society
  • 2007 ISC2 Certified Information Systems Security Professional (106014)
  • 2007 ISACA Certified Information Systems Auditor
  • 2005 7Safe Ethical Hacking Course
  • 2005 SANS GIAC Certified Forensic Analyst
  • 2005 SANS GIAC Certified Penetration Tester
  • 1998 CompTIA Security+
  • 1997 CISCO CCNA
  • 1996 CompTIA A+


Publications

  • What Every CEO Needs to Know about Cyber Security, pending publication, due 2016.
  • Penetration Testing with Metasploit Pro - an internal Rapid7 training course, 2011
  • Penetration Testing with Metasploit Pro - an internal Rapid7 manual to support the training course, 2011
  • Cyber Security in the Real World - Infosec Europe, 2010
  • Information Security for the SME - Infosec Europe, 2010
  • Managing Cyber Security in a Dashboard, Splunk Congress, 2010
  • Cyber Security Defence in Practise, What the Big 4 got wrong - Congress, 2009
  • Whitepaper on Defending Web Applications through OWASP, 2007
  • Whitepaper on the Management of DDoS Attacks, 2006
  • Nexpose Masterclass - an internal Rapid7 manual and training course


Competencies

  • Development of Corporate Information Security Governance Frameworks at Board and Exec level
  • Information Security Strategy Planning and Development
  • Information Security Management within distributed teams
  • Secure Architecture Design and Assessment
  • Policy Framework Design & Development
  • Security Training & Awareness Program Development
  • Secure Business Solutions
  • Encryption Management
  • Security Innovation
  • Security Standards - PCI-DSS, ISO27001:2013, DPA, NHS Information Governance Toolkit, FCA, LEXCEL