William John Murphy - Senior Cyber Security Consultant

Profile

Qualifications

Certified Cloud Security Professional (CCSP)

Internationally recognised certification focusing on cloud security, governance, and risk management, aligned with ISO 27001 and NIST security frameworks.

Cyber Scheme Check Team Member (CSTM)

Specialised qualification for cyber security checks and assessments, with a focus on government compliance and threat mitigation.

Certified DevSecOps Expert

Certification in integrating security practices within the DevOps lifecycle, ensuring secure development, continuous integration, and deployment processes.

AWS Security Specialty

Advanced expertise in securing AWS environments, with a focus on identity management, monitoring, data protection, and compliance with industry standards.

AWS Certified Solutions Architect

Recognised as an expert in designing scalable, highly available, and fault-tolerant systems using AWS cloud services and infrastructure.

Azure SC-200 (Defender)

Specialisation in securing Microsoft Azure environments, with proficiency in implementing security controls, threat protection, and monitoring solutions.

MSc Advanced Cyber Security (Distinction), King’s College London

A Master's degree focusing on the latest cyber security strategies, technologies, and risk management, obtained with distinction from a leading institution.

Key Skills

Cloud Security

AWS, Security Frameworks (ISO 27001, NIST 800-53, OWASP)
Cloud Security Models, Network Security, Encryption

DevSecOps

CI/CD Pipeline Security, Vulnerability Management, Threat Modelling
Automation and Secure Development Practices

Security Architecture

Cloud Security Models, Network Security, Encryption
Designing Secure Infrastructure and Applications
Security Control Implementation

Risk Management

Vulnerability Management, Security Auditing, Security Analytics

Key Achievements

Vulnerability Management Automation

Spearheaded the automation of vulnerability management using AWS Inspector and AWS IAM for access control, ensuring compliance with ISO/IEC 27001. Implemented encryption using AWS KMS and SSL/TLS, and secured VPC endpoints for sensitive data, enhancing security posture and operational efficiency.

Cloud-Native Log Delivery Solution

Designed and implemented an AWS Firehose solution for secure log delivery to Splunk, ensuring compliance with NIST 800-53. Reduced infrastructure costs while maintaining efficient log management, improving scalability and security for log storage and monitoring.

Secure Software Development Guidelines

Developed and integrated OWASP-based secure software development guidelines into the SDLC, educating developers on secure coding practices, vulnerability management, and risk assessments, significantly reducing security vulnerabilities across the organisation.

AWS Security Lake Recommendation

Conducted a comprehensive evaluation of AWS Security Lake versus Splunk for log storage, presenting a business case that identified significant cost savings on storage and indexing fees. Managed the transition plan, coordinating teams to integrate the solution and optimise costs, while maintaining Splunk for monitoring and alerting.

Key Experience

Senior Cyber Security Consultant - Accenture

September 2022 - Present

As a senior consultant, I lead cloud security strategies, risk assessments, and security transformations for government and defence clients. My responsibilities include:

Leading the design and implementation of cloud security strategies for AWS environments, ensuring compliance with industry security frameworks (ISO/IEC 27001, NIST).
Conducting risk analysis and security reviews, identifying gaps in current security controls, and proposing enhancements to cloud infrastructure security.
Integrating security best practices into the DevSecOps pipeline, implementing automated security controls across the software development lifecycle.
Managing the implementation of vulnerability management solutions, including AWS Inspector and secure application platforms for centralised vulnerability management.
Delivering workshops and presentations to senior stakeholders, educating them on cloud security, emerging threats, and best practices.
Penetration testing critical government platforms and conducting network security audits for Azure configurations and compliance with CIS benchmarks.

Lead Engineer - Beambox Wifi LTD

April 2020 - August 2022

As lead engineer, I led the architecture and development for the company’s core product. I was responsible for ensuring the quality and scalability of the product, and coordinating the technical direction. My key responsibilities included:

Led the technical design and architecture of the core product, ensuring it met business requirements and scaled effectively to handle growing user demand.
Conducted regular code reviews, ensuring adherence to high-quality coding standards, reducing technical debt, and improving code maintainability.
Ensured seamless integration and delivery of product features.
Implemented performance optimisations and security enhancements, ensuring that the system could scale efficiently and meet the security requirements of a growing user base.
Managed sprint planning and provided continuous feedback to ensure alignment with business goals and deadlines.
Optimised the development workflow, introducing new tools and processes to improve team efficiency and code quality.

Solution Manager - Hargreaves Lansdown PLC

July 2014 - April 2020

Advised on secure API and hosted application implementations for client data solutions. Managed resources, change requests, and agile workflows for portfolio clients, ensuring data integrity and availability.