Beruflich Dokumente
Kultur Dokumente
SPECIALTIES
•Business Continuity/Disaster Recovery
•Emergency Management
•Risk Management
•Management of large, complex projects within rigid time, resource, and budget constraints
•Security(both physical and IT)
•Training
INDUSTRY EXPERIENCE
Finance/Banking/Insurance Telecommunications Government Training E
INSTITUTION: Institute of Civil Defence and Disaster Studies (Fellow), Emergency Planning Society
Institute of Management and Production
1
CAREER HISTORY
Feb 2010 Advising UAE client with respect to “salvaging” major fixed price disaster recovery contract that they
are committed to in the oil and gas sector in Abu Dhabi which is many months behind schedule and
currently loss making.
Dec 2009 Developed resilience service marketing strategy and Business Plan for major UAE based professional services
group. The business objective is their becoming competitive vis-a-vis the big 4 and major hardware
vendors(EMC,HP,IBM etc) in the resilience sector of the Middle Eastern market within a three year period
Feb 08 – Dec 2008 CITC - Saudi Arabian Telecommunications Authority, Riyadh, Saudi Arabia
(Oct-Dec offsite)
Role Subject Matter Expert - Business Continuity/Disaster Recovery Consultant/Security
As a result of action by the Ministry of the Interior(MoI), in 2007 CITC, decided to define the obligations of the
telecommunications licence holders with regard to Disaster Recovery; Business Continuity; and compliance
with world standards( ISO27001/27002, BS17999, and BS25999) It consequently awarded a contract to A. D.
Little who assigned W.D.Patterson as SME to :
• Benchmark 12 countries as regards industry best practice in emergency situations.
• Benchmark Telecommunications best practice in War scenarios. The Saudi’s understandably are
extremely conscious of the risk of middle eastern wars. Hence the benchmark which examined the
impact of Hezbollah- Israeli war on Lebanese telecom, Wars in former Yugoslavia, and the Gulf wars,
addressed telecomms usage in wartime; network resilience; and physical security of key buildings.
• Analyse worldwide risk management and BC/Service continuity regulations/guidelines (SOX, Basel
II,BS25999,NYSE Rule 446,combined code,FSA, ITIL). Conduct Gap Analysis of current status of
Saudi Telecommunications against same.
• Conduct BC/DR/Security audit of existing and new Telecommunications operators in the
Terrestrial, Mobile, IP and Satellite sectors of the Telecommunications industry
2
• Create industry best practice guidelines (to be translated into legislation) on risk and disaster
Management to apply to the Saudi Arabian Telecommunications Industry.
• Advise Saudi Arabian Interior Ministry and CITC on emergency communications in natural disasters.
This included secure wireless access, TETRA, IP communications, first level responder
interoperability, and Telephony prioritisation.
• With the dependency of the growing Saudi finance sector on IP services, specifically address resilience
of IP telecommunications in this sector.
• Advise on flexible resilient telecommunications to be made available to humanitarian and relief
Organisations in the immediate post disaster situation
• Develop Standards on physical security to be applied to all key buildings in the carriers
network(offices, MSC, BSC, Data Centres, Earth Stations, Data Centres, Exchanges etc). This was to
address all critical threats including natural disasters(notably earthquakes, Dust storms and flooding),
civil unrest, terrorism and war
• Advise on the appropriate technological solutions to ensure network resilience
• Provide guidelines as regards industry best practice on Information Security and Risk Management to
apply to the Telecommunications Industry at enterprise level
• Advise on ensuring compliance with ISO27002 and ISO 17799 by the Telecommunications industry
and supply chain. Advising CITC re resilience and security of its own web based systems
• Advise on setting up Enterprise Security Programme, Enterprise Security Strategy, and Computer
Security Incident Response Team across CITC
• Advise on physical security and counter –terrorism. Ensuring that it was incorporated in
Network rollout
• Advise on infrastructure resilience for networks and datacentres in the telecommunications industry
• Advise CITC(Board Level and Senior Technical Level) on Crisis Management and Business
Continuity Planning practice and structure to be applied within CITC itself
The report has been translated into legislation which now applies to the Saudi Telecommunications industry
July- December 07 Developed “Corporate Governance, Risk, Resilience and Reporting” training course. This course incorporates
an analysis of the key Governance regimes in the UK(addresses Combined Code, FSA, Corrigan3,Turnbull, Smith
and Cadbury), EU(Basel II), USA(SOX,NYSE446) both from a theoretical and “hands-on” perspective.
• Developing Disaster Recovery and Business Continuity plans for the Treasury Division
of the National Commercial Bank of Saudi Arabia. These were compliant with the Basel II High
Level Principles on Business Continuity and the draft BS25999 standard. They involved relocation
of staff to Disaster Recovery offices that I had managed the fitting out and testing of.
• Advised NCB Business continuity Dept on implications of draft BS25999 in context of
SAMA regulations
• In charge of testing Treasury division DR/BC plans both desktop exercises and actual tests
• Developed resilience solution for Treasury division call recording and CTI service .
• Reviewing information security
• Conducted in depth Risk Assessment of HR, Facilities, Telecommunications and IT support
functions .
• Advised on data centre design security and safety
• Advised on counter terrorism
• Audited voice telephony and VOIP as part of Risk assessment of Telecommunications
• Audited Saudi and Bahrain call centres from a resilience perspective
• Audited Wide Area Network, LAN and third party Satellite services.
• Conducted in depth Risk Assessment of HR; Facilities;and Information Technology ;Security; &
Telecommunications.
The facilities assessment focussed on the buildings, infrastructure(power, air
handling,space, floor loadings , equipment monitoring etc) logistics and safety.
Given the middle eastern situation much attention was paid to security against terrorist
attack. In depth building(and surrounds) security design guidelines were provided
to NCB based on a combination of worldwide standards, and the authors
personal experience.
For the Information Technology assessment analysis was undertaken of systems and procedures.
Focus was given to. project risk management(using tops down approach), change
and incident management.
3
A key component of the audit related to IT Security. The areas of greatest concern
were mobile computing, internet security, interface to change and incident ,management
and external customer focussed systems. With regard to the latter given
the dependence of the NCB on E- Commerce considerable attention was given to
security of their portal based systems(online banking etc).
The review highlighted major exposures which could have allowed fraud to
take place on a massive scale. Remedial actions were recommended which should
prevent future fraud.
• Developed Disaster recovery strategy re data telecommunications networks
(terrestrial, Satellite) and voice( Avaya PABX, Some terrestrial, IVR, VOIP) based
on the results of a risk assessment. This was complicated by the Reuters satellite
market data services which used proprietary hardware and software with support out
of Austria. The report highlighted major exposures as regards single points of
failure and where possible(not always as Saudi Arabia has a single Telecoms supplier)
provided costed and resourced solutions
The review highlighted the need for Risk Management and Business Continuity to be embedded in the
culture of the organisation.
November 2006 Co Host ,Main Speaker and Facilitator at Pandemic Planning Conference
held in Belfast which was attended by senior management(up to Asst Director level)
representatives from Office of the First Minister, Northern Ireland Housing Executive,
Belfast Resilience, and Social Welfare Department.
Consultancy
• Developed a generic disaster recovery/business continuity strategy for a major European
mobile Telecommunications carrier(GSM,GPRS) addressing all aspects of business including
retail outlets and Call Centres.
• Reviewing the Plans prepared by a major shipping company for Business Continuity and
Disaster Recovery at their worldwide offices(45 in total).
• Advising defence client on Disaster Recovery and Security implications of VOIP
• Reviewing Major Emergency Response Plan for Northern Ireland Housing Executiv
Business Devt
• Undertook business development with commercial and Government clients in the EU providing
Consultancy expertise in Business Continuity, Project Management, and Risk Management.
• Arranged security consultancy for 50+ off-shore oil rigs in the UAE
Environment IBM A/S400, Unix, Windows 2000
4
The Audit Report was presented to selected Board members in September 2005. It confirmed
their belief that the existing DR strategy was severely flawed. Consequently I was commissioned to produce a
new Disaster Recovery Strategy for the EPO with specific focus on the Rijswijk and Munich operations. An
integral part of the strategy was the sourcing of a third Dutch data centre and the migration from the existing
inadequate Rijswijk DR centre to this centre. The strategy incorporated a major change in wide area network to
eliminate distance issues with replication.. Radical solutions were proposed re storage management, X series
virtualisation, and networking across the three main sites (Rijswijk, Munich and Vienna). In addition to
developing the strategy the report provided a tactical level guide, including, as appendices, detailed data centre
migration plan , revised WAN(before and after), logistics plan for supply/distribution chains and application
migration schedules. The report, in a sanitised form was presented to the EPO's Administrative Council. A high
proportion of the strategy has been acted upon
Although the technical component of the role was very significant, at least as critical was stakeholder
Management given the multi ethnic and highly political nature of the EPO board
Environment IBM Z990, IBM P Series, X Series, Windows NT, Multiple HDS9980 SAN(92 terabytes),
IBM3494VTS, GDPS/PPRC,GDPS/XRC, Oracle, Websphere,Netbackup, Legato, ITIL ,Prince
Prior to a successful integration of RBoS and Churchill's systems an audit/gap analysis of the
DR/BC/Security capabilities of Churchill’s systems against RBS Standards and Operating Principles
and FSA Regulations/Guidelines was required. Where gaps were identified I:
Developed the technical disaster recovery/business continuity solution
Project Managed solution implementation into the RBS Insurance Service environment.
Tested BC and DR solutions prior to their being accepted into production
Environment IBMZ990, Compaq Mid Range, multiple EMC,&HDS 9800 SAN, Cisco, MPLS, Unix, Windows NT, SRDF,
Netbackup, ITIL
5
• Developed Business Continuity strategy and plans for Billing(BSCS), Mediation, and
Customer service(Vantive( system
• Conducted disaster recovery tests at the Den Haag MSC and Computer centres of IT systems,
Mobile Network Switching and environmental hardware( Generators, UPS, Air Handling etc).
• Implemented remote working for my department and for key Dutchtone executives to
facilitate continuity of service in a disaster which denied access to the datacentres and offices
Advised on consolidation of data centres across the Orange Telecom Group
Dutchtone delegate at the Nacotel joint Government- Telecoms industry working party
Environment Mid Range Unix, Windows NT, Ericsson MD110, Alcatel & Nortel GSM switches, Nokia 3G switches
Cisco IP Switches, Prince 2, ITIL, PRINCE, Primavera, MS Project,BSCS .
.
1994- 2000 Omega Project Management Managing Consultant
Major assignments were:
2000 Telstra - Project Director – PlanIT
The replacement for Telstra’s Cable Plant Record System which addressed maintenance and fibre
Installations was in crisis when I took control. It was 18 month behind schedule and significantly over budget.
I pulled the project round to a level where it could be handed over to IBM(Telstra's had outsourced in
The interim) to finish the rollout.
6
Managing the implementation of the Vision 0800 project. This encompassed billing,
customer care and management reporting Controlled the extension of Vision 0800 to cover
Toll 0900 customers.
NORTHERN HEMISPHERE
ICI(2 projects); Midland Bank; National Bank of Kuwait (UK and Kuwait); IMSData (Germany);Xerox(2 projects)
UK Post Office;Hadeed(Saudi Arabia); National Housing Trust (Jamaica) .These were regularly achieved on time and budget.