Darren Simpson

Independent GRC and Cyber Security Consultant

I have over 20 years’ experience providing traditional IT services as well as assisting clients with their governance, risk and compliance challenges. I have undertaken work for small companies looking to enhance existing systems, through to large organisations (including pharmaceutical, media, health, legal, finance and education), winning some prestigious industry awards during my career.

I understand my client’s business comes first and never try to impose unnecessary technologies or the latest trend. Instead, I spend a lot of time understanding the organisation and the audience before suggesting solutions. I have proven experience helping clients adopt alternative technologies and procedures, taking pride in being innovative with disaster recovery, business continuity and security solutions.


IASP Award Winner

I managed the network services team for an ISP and created the BlueYonder Workwise platform (Telewest), taking responsibility for all aspects of the design and implementation of the core network infrastructure. I was also responsible for the security and connectivity for all services including hosted solutions for financial institutions, Government departments, premiership football clubs and FSB members.

In 2002, the ISP achieved the IASP award for Europe and Asia, and Microsoft Certified Partner Award winner for Europe (3rd Worldwide).


Successful IPO Audit

Throughout my employment as a Information Security Consultant, I was responsible for the creation of detailed designs and implementation for the delivery and full-lifecycle management of a wide range of solutions.

I audited and designed the infrastructure and governance procedures of an international organisation enabling an Initial Public Offering to be achieved.


CISSP Awarded

Passed the independent Certified Information Systems Security Professional examination to consolidate my experience and knowledge in the field of information security.


Successful PCI-DSS Implementation

I successfully completed my first PCI-DSS project for an international clothing company in 2008; the complexity of the project was more challenging given the scale of the environment (over 300 stores), the allotted timeframe (less than 12 months) and the technology in use at the time (unsupported).

My involvement with this project focused on the design and implementation for the security of the core infrastructure and end user devices (firewalls, switching, IPS, encryption, anti-virus and endpoint protection), together with processes and procedures (namely the creation of the ISMS).


Trustee Appointment

I was asked to join the Board of Trustees at Leukaemia Busters to oversee budget expenditure in line with charity commission guidelines.


Successful ISO 27001 Project

In 2010, I was responsible for advising and remediating the processes and procedures for a law firm, enabling them to achieve ISO 27001 compliance. This was conditional on them being awarded a five year contract with a national insurance company for the provision of legal services.

I have since undertaken a number of ISO 27001 related projects involving organisations within banking, insurance and consumer industries. I will often embark on pre-audit assessments, highlighting where organisation require remediation; I assist companies when liaising with 3rd party suppliers to ensure all work is inkeeping with best practises whilst maintaining a separation of duty.


Published Tri-Axis Risk Model

Following research undertaken during MSc studies, I developed an algorithm in order to improve the accuracy of decision based analytics when assessing situational risk. Tests demonstrated a high degree of accuracy and was proven to isolate causal risks for a variety of highly publisised disasters such as the Space Shuttle Columbia and Deepwater Horizon tragedies.

Additional research has also demonstrated human limitations when assessing risks; memory recall, estimations and observation exercises are proven to be unreliable and I often use the exercises when testing client's business continuity plans and security assessments.


MSc Risk Management

Studied Risk Management at the University of Portsmouth focusing on Strategic Risk, Crisis Management, Business Continuity and Project Risk. I was awarded a distinction and also won the faculty prize for marks achieved throughout the course and my research regarding Quantitative Risk Assessments.


PhD Research

My previous research demonstrated the accuracy of QRA and associated qualitative data was questionable. Whilst many issues were raised regarding the overall value of current risk management standards, the subjective nature of the informing parameters were deemed to be influential factors, with the complicated nature of assessing risks significantly compounding the problem.

The objective of current research is to investigate whether graphical modelling and pattern-based analytics can reduce the potential bias and interpretive behaviour. Attention primarily focuses on the possible reduction of qualitative influences and whether pattern based analytics offers advantages over quantitative risk analysis.


Guest Lecturer

I am a guest lecturer for the University of Portsmouth at Undergraduate and Post Graduate levels in Risk and Crisis Management, whilst undertaking part-time studies for my PhD. Typical audience comprises of UK and international students, together with C-Level members of global corporations and the emergency services.


Interactive Crisis Training

Business continuity and crisis exercises tend to either be table top based or basic role playing scenarios By utilising the University of Portsmouth's simulation suite, I have designed a fully interactive training package capable of testing all aspects of crisis management.

Assessments focus on a variety of parameters including identification and conclusion of the crisis, people management, public relations, operational matters and social media. Technology allows the exercise to be reactive depending on course attendees inputs.


Founded Routefiftyfour

I founded Routefiftyfour in order to promote highly available and secure solutions for organisations of all sizes. I firmly believe "Six-nines" availability is possible provided the correct resources, technology and processes are utilised.