Jamie Rose- Principal PCI DSS Consultant
Principal PCI DSS Consultant
Jamie is an Senior Security Consultant with vast experience of generating and managing PCI DSS compliance programmes from initiation to through to delivery for a number of Financial Services, Telecommunication, Retail and Insurance blue chip companies. He has worked with the PCI DSS since it’s formation in 2004 during his six years working for Visa Europe, a founder member of the PCI DSS, which provides him with a unique perspective in regards to the intent of the requirements in the Standard and there interpretation.
Jamie is fully conversant in all aspects of a PCI DSS delivery; from Cardholder data flow analysis, scope reduction, gap analysis, remediation plans and solutions to creating a set of complaint security policies, standards, processes and procedures. Furthermore, he was been used a number of times to complete full audits, RoCs and AoCs.
With a strong technical background Jamie has the ability to communicate complex issues and ideas, providing credibility and influence when dealing with both business and technical groups. Experienced in UNIX, Network, Database and Microsoft technologies.
In depth knowledge of industry standards including: PCI-DSS v3.0, ISO 27001/2/4,
Details about Jamie
Where does your passion currently lie within Cyber Security?
I have a payments background, working with Visa Europe for a number of years and have been focussing on PCI DSS compliance activities since its inception. My main passion is guiding organisations through the minefield which can be the PCI DSS and the misinformation which sometimes occurs; adding clarity with a structured methodology which helps organisations clearly understand, what can be, an unfamiliar and complicated subject. I am passionate about leaving a legacy of controls and concepts that are integrated into BAU activity so organisations can easily maintain, and demonstrate, their compliance with the DSS continuously.
Why do you like working with JAW Consulting UK?
JAW Consulting UK is fresh and vibrant company and I enjoy working with the likeminded individuals on interesting and challenging projects. The company attracts individuals who view security as a fundamental component of any outstanding organisation; seeing security as business enabler rather than a tick box exercise. This is the ethos throughout the company and it underpins all of our activities.
What do you find most interesting about Cyber Security Architecture?
Cyber Security Architecture at its best can be thought of as consistent set of principles, policies, capabilities, and standards that set the direction and vision for the development and operation of the organisation’s business information systems so as to ensure alignment with, and support for, the business needs and strategy. All aspects of these components are what I find interest about information security architecture, an organisation that has a good security posture always has these components at its core and integrated into it overall business processes and SDLC.
What certifications do you currently hold?
I currently hold a CompTIA Security+, PRINCE2 Practitioner, and ITIL Foundation Level. I intend to complete the CISSP this year, and the CISA shortly after.
How do you deal with the human factor in information security?
With the ongoing growth of Web 2.0 and the open sharing culture that stimulates, the human factor in regards to protecting an entities system components and data is that much more of a challenge. The cheapest and easiest way to address this is Information Security awareness training and education. Implementing the right process as part of on-boarding and refresher training at regular intervals is a vital component of a entities protection against social engineering attempts and data leakage. Regular Security bulletins and poster campaigns keeps Information Security awareness heighted. Another vital component of a addressing the human factor in Information Security is having a robust ISMS and supporting set of documentation: standards, procedures, processes, etc. For users to feel part of the process and to gain ”buy in”, I recommend working with stakeholders at all stages of documentation creation; this allows the production of a more robust, fit for purpose set of Information Security documentation that integrates into BAU activates more successfully.
What products do you enjoy working with?
I rarely get to play with the toys anymore, but when I did, I enjoyed all aspects of the usual suspects. IDS, SIEM solutions, Vulnerability Management solutions, etc. One thing which i always made sure of when deploying security tools, or running POCs was paying particular attention to the requirements gathering and analysis phase: documenting all the functional and non-functional requirements for the tool in question, ensuring vendors signed up to clear requirements, and delivered on them. The other aspect I always concentrated on was tuning of the process, eradicating false positives, fine tuning policies and reports, ensuring only the relevant data was identified and alerted, tailored to the clients environment.
What do you like doing in your spare time?
I do not get a lot of spare time as I have a large family, however when I do, I enjoy all sports, especially football. I also enjoy reading, music (I still have a set of Decks!) and Digital Photography. I have a real enthusiasm for all aspects of Information Security so I factor this into any downtime as well.
What people say about Jamie
“I engaged with Jamie whilst recruiting for a critical role with a leading client of mine. Jamie went on to exceed my clients expectations and deliver on a business critical project. It’s clear to me that Jamie is a leader in his industry and also a great guy to work with.”
James Hansen, PCI DSS Project Manager, Monarch Airlines
“It was a pleasure working with Jamie at Visa Europe. Whilst many will recall with amusement Jamie’s sense of humour, there was always a seriouus business focussed side with a strong delivery focus. I found Jamie to be a versatile and approachable Information Security professional and I echo what many others have stated in their endorsements. Jamie is confident and capable in the technical and non technical arena. It would be great to work with Jamie again in the future.”
Sion Hughes, Information Security Systems Manager, Visa Europe
“I worked with Jamie on obtaining PCI-DSS compliance for RBS and was instantly impressed with his understanding, not only of PCI but of secure network architectures as a whole. Jamie adopts a holistic approach in whatever he does an this is clearly evident in his recent track record. I found Jamie to be extremely approachable and someone willing to assist even when time is at a premium. Certainly a very worthy professional and an excellent person to have on any team. “
Manish Behal, Security Solution Architect, Cisco Systems
“Jamie has very balanced view and significant experience in implementing PCI DSS in the blue chip company arena.
He was a great asset to the PCI project team and would employ him again given the opportunity on similar projects.”
Clive Harris, PCI DSS Project Manager, RBS WorldPay
