Category: Threat Seeker
Name: Mark Nicholls
Title: Director of Cyber Security
Company: Redscan
Why Nominated: Mark Nicholls knows how hackers think and operate – a clear asset for a threat hunter. It's that insight that's led organizations across industry sectors to seek his help in improving their cybersecurity postures and battling threats, particularly those that come from the inside.
Profile: Nicholls has trained his focus on the simulation of insider threats and has applied his expertise in digital forensics to helping organizations mitigate the risk of hard-to-detect threats such as fileless malware. Nicholls' vulnerability research has covered issues such as buffer overflow, format strings, SQL injection and cross-site scripting.
Before joining Redscan, he obtained CREST STAR certification and influenced the technical standards used to define CBEST, a framework aimed at delivering controlled, intelligence-led cybersecurity testing across the expanse of the financial services sector.
Nicholls has distinguished himself in the financial sector, where he is one of a small group of security professionals in the U.K. who is trusted to perform assessments according to the standards provided by the Bank of England and Financial Conduct Authority.
At Redscan, Nicholls helps facilitate the company's red team ethical hackers and blue team cybersecurity operations center (CSOC) analysts, who work in concert to suss out and address threats and vulnerabilities.
What colleagues say: "[Mark is] one of a few individuals that every consultant should look up to. Mark's extensive technical knowledge and experience make him one of the best in our industry to work with."
Paul Sutton, senior penetration tester, Redscan
"Mark is methodical [and] well-organized, and can always be relied upon to go the extra mile to uncover vulnerabilities that other information security consultants may miss."
Alan Pantling, former colleague at Context Information Security