Resume
Matthew Twells
Cybersecurity Leader | Security Architecture | Technical Training Development and Instruction | UK Army Veteran
3x AWS Certified: AWS CCP, AWS Solutions Architect Associate, AWS Security Specialty Certified
Experienced Advisory IT Risk Manager @ Grant Thornton
Cybersecurity Technical Project Manager / Engagement Manager
Technical Training Development/Architect
Technology Instructor
Reach Me:
matttwells@outlook.com
1-541-666-9661
Rapid City, South Dakota, 57701 (USA)
LinkedIn
GitHub
Instagram
Professional Summary
Multidisiplinary cybersecurity professional with proven experience within
the military and government sectors
working in infrastructure support and
secure communications.
Experience in penetration testing, vulnerability assessment, internal IT
security audit functions
and cybersecurity consulting for large organizations
in the private sector.
Experience architecting cybersecurity training curriculums and training frameworks,
developing professional-grade training/educational content
and training delivery
for both public and private sector clients.
Professional History (Details on request)
Experienced Advisory IT Risk Manager
Grant Thornton LLP (Remote, USA)
Apr 2021 - Present
- Managed multiple simultaneous audit/consulting engagements inline with relevant financial services and public accounting regulations (AICPA, FFIEC, SOX etc) as an Experienced Manager within the Insurance practice of Grant Thornton’s Risk, Compliance and Controls (RCC) division.
- Assisted in locating, interviewing and developing talented Associate and Senior Associate individuals as part of the overall buildout of the IT Risk/Cybersecurity team.
- Conducted audit and advisory consulting engagements across a range of subject matter including but not limited to: E-mail Security, SIEM Implementation, Firewall Security and Governance and Infrastructure (Server/Database) Security.
- Reviewed existing and drafted net-new Cybersecurity, Risk Exception, Software Development Lifecycle (SDLC) Incident Response, Vulnerability Management and Cloud Security Policies and Standards.
- People Pod Leadership Team member, helping facilitate professional-grade training resources for the up-skilling and cross-training initiative in flight across Risk, Compliance and Controls (RCC).
- Developed technical acumen and coached career-oriented “soft skills” within Senior Associate and Associate members of the team under management.
- Managing and coaching 2 interns simultaneously during the Grant Thornton Summer Internship within Grant Thornton RCC.
- Grant Thornton RCC JumpStart Faculty Member x2 , assisting in getting the new GT Associate class off to a well-informed and powerful start to their GT careers.
- RCC (IT) point of contact for FastPath Segregation of Duties (SoD) tool.
Project Highlight
(Work in progress) Currently in the process of building out a standardized, template-based library of controls, audit tests and consultancy primers
to ensure that no one person within the team can silo information and that any team member can safely and effectively be delegated an audit control.
IT Security + Privacy Engagement Manager
Vanguard Group, Inc. (Malvern, PA)
Mar 2021 - Apr 2021
- IT Security Internal Audit (Advisory and Assurance) engagement management
- Production of control design understanding and operational effectiveness work papers
- Coordination of/leading audit team to achieve engagement objectives in a timely and effective fashion
- Subject matter expertise / Consulting for internal audit teams (2xDevSecOps Engagements, 1x Identity & Access Management)
- Liaising with internal stakeholders to synthesize new and existing internal audit and IT training materials into a sustainable,
college-esque experience for new and existing Vanguard Crew members.
Project Highlight
Single-handedly architected, designed and produced an end-to-end cybersecurity training program
within Global Technology Audit Services, consisting of over 750+ slides of content utilized internationally by other departments.
Senior Security Consultant
CYSIAM, Ltd. (Astwood, UK)
July 2020 - Feb 2021
- Security Consulting for CYSIAM's wide range of public, military and private sector clients
- Technical Project Management on large-scale public health project
- Part of development team for CYSIAM's 2020 marketing plan
- Production of professional-grade cybersecurity training courses and training sales documentation for multiple clients
- Part of small team producing initial bid/tender for live commercial opportunities
Project Highlight
Brought on as Onboarding Analyst/Onboarding Lead for HALO multi-cloud hosting platform for NHS Track & Trace
Cyber Defence Operations Centre during 2020/21 COVID-19 Pandemic.
Project Highlight
Training development, production and lead instructor for Foundation phase of cybersecurity
capacity development programme for confidential customer in UAE.
CHECK Team Member Penetration Tester & Technical Consultant
Information Risk Management, Ltd. (Gloucestershire, UK)
July 2019 - July 2021
- Responsible for various penetration testing/IT Health Checks for government and private sector clientele under the NCSC check scheme
- Technical Project Management on large-scale UK 5G telecommunications/private cloud project
- Production of marketing material, educational blog articles and other content for company outbound media channels
- Peer mentoring and colleague skill development
- Consulted with large organizations on multi-channel cybersecurity projects
Project Highlight
Brought on as Lead Consultant on a large 5G telecommunications private cloud project focusing on managing
a large-scale vulnerability management and remediation programme with several product/workstream owners simultaneously
Deputy Systems Manager / UK CIAV (Coalition Interoperability,
Assurance and Verification) System Administrator
Hexegic, Ltd. (Gloucestershire, UK)
Mar 2019 - July 2019
- Worked in a small, agile team facilitating interoperability of the NATO FAS Application suite supporting UK (CIAV) team.
- Provided timely, accurate systems administration/ reporting.
- Investigation and remedying of system vulnerabilities on classified, deployed virtualized environments.
- Peer mentoring and colleague skill development
- Consulted with large organizations on multi-channel cybersecurity projects
Project Highlight
Provided technical assistance/engineering support to forward-deployed CIAV team in Bydgoszcz, Poland
for the CWIX19 Interoperability Exercise.
Systems Administrator / Communications Systems Engineer
British Army, last unit 18th Signal Regiment (UKSF) (Various Locations, UK)
Jan 2016 - Dec 2018
- Started as 1st line diagnostic/repair technician fixing and reimaging communications equipment post-deployment
- Delivered remote technical support to deployed warfighting personnel
- Central UKSF Service Desk Analyst. Underwent ITIL training and was highly effective
in the role, leading to incident management duties.
- Left Army as a systems administrator on an enterprise-grade UK SECRET network. Duties also included
ad hoc vulnerability research tasks.
Project Highlight
Part of team that integrated Microsoft System Center Service Manager into the wider unit technical ecosystem,
as part of a large Scale A MOD OS migration project.
Professional Writing Engagements
- No Starch Press
- Contracted written work - Networking Basics For Hackers, due late 2021-early 2022
- Self-Published Work
- Cybersecurity Field Manual - 1st Edition released Jan 2020, revised 2nd edition released Mar 2020, 3rd edition currently in development
- Currently optioned by No Starch Press for future publication
- Copywriting
- Accelerate Technologies, Ltd. - Production of cybersecurity-related sales copy/material for Accelerate's commercial partners, as well as educational cybersecurity-related articles
Further professional history available on request
