Leigh Hall CISSP C|EH

Information security professional - experienced in consultancy, architecture, and management

Work History

Work History
Sep 2013 - Present

IT Security Architect

William Hill

Responsible for providing security consultancy and architectural guidance to multiple projects and initiatives of varying complexity; maintaining PCI compliance in a busy retail and online environment.

Lead security architect on a significant virtualisation and "DevOps" transformation project - changing the way in which William Hill delivers and maintains infrastructure and applications.

Designed and implemented a global engagement model for the security architecture team, formalising the interactions between projects, architects, application security specialists, and the security architecture team.

Designed and implemented a security architecture model - abstracting the compliance requirements for William Hill into a generalised set of control objectives and architectural principles to allow for the creation of repeatable patterns and more consistent design advice.

Assessment of new mobile gaming providers; web application security assessment for new gaming products; close working with testing teams and system integrators to validate security vulnerabilities and to identify solutions and workarounds; facilitation of penetration testing and remediation of findings.

Also covered: Firewall rule review and approval, IPS design, testing of DLP solutions, AD/GPO security configuration, assessment of CA/PKI and certificate management requirements and options, assessment of remote access solutions, data centre migration assessment, supporting of external audit activity for various international audit requirements.

Conducted interviews for Security Architect vacancies in the UK, Gibraltar, and Tel Aviv via face-to-face, telephone, and Skype.

Jun 2012 - Sep 2013

Principal Security Architect

The Co-operative Banking Group

Responsible for the management of all aspects of information security across a portfolio of approximately 100 projects from routine ‘small change’ through to mergers, acquisition and divestments with significant complexity.

Line management, development and performance management of a team of architects, including project allocation, day to day development through coaching and mentoring, external training and qualifications and internally provisioned soft-skills training.

Provided consultancy on behalf of the banking group relating to the secure implementation of a Bring Your Own Device (“BYOD”) provision – including input into RFI/RFP, policy construction, risk assessment and control design.

Provided guidance and direction, based on previous divestment experience, to a new major divestment programme with regards to appropriate controls and safeguards relating to third party hosting and processing of confidential data - ensuring that lessons learned from previous divestment activity were reflected in initial shaping and planning.

Mar 2011 - Jun 2012

Senior Security Architect

The Co-operative Banking Group

Senior security architect responsible for a major change portfolio encompassing a number of high-profile, high-complexity business and infrastructure separation projects.

Consulting on security design, operational risk and contractual arrangements between multiple parties.

Senior consultant on a significant divestment programme - provided requirements and guidance for all aspects of the divestment activity, including transitional shared-occupancy of a major premise, third-party connectivity, detailed IT separation planning, and testing. Line management for a small team of architects.

Aug 2009 - Mar 2011

Information Security Consultant

Co-operative Financial Services

Working on multiple projects of varying complexity and scale to provide effective and appropriate information security consultancy, based on an ISO 27001 framework, ensuring that relevant legal frameworks, contractual commitments, company policies, technical considerations and industry best-practices are adhered to in accordance with appropriate risk assessment findings.

I have worked on a number of key projects challenged with refining and redefining a number of areas within the Information Security arena at CFS. These have included a redesign of key elements of the security project engagement methodology, a baselining of the existing Operational Security across two newly merged organisations, the gathering and defining of requirements for the establishment of a new Security Operations Centre and the rationalisation of project channels across the business to reduce the risk from projects being progressed without effective security engagement.


Jan 1992 - Jan 1999

Audenshaw School

4 A' Levels and 10 GCSEs




EC Council