James Mockford

OT Cyber Security Specialist

James.Mockford@outlook.com | 07778 024479 | jamesmockford.co.uk

I am an Operational Technology (OT) cyber security Specialist with over 7 years of experience across IT and OT environments. My expertise centers on securing critical infrastructure through the development of robust security architectures that effectively bridge traditional IT systems with industrial operational technology. My technical background includes comprehensive vulnerability assessment, implementation of threat monitoring solutions, and incident response protocols specifically designed for industrial control systems. I have hands-on experience evaluating and implementing various OT security solutions, including those from leading vendors in the space. I hold IEC 62443 certification and am actively pursuing advanced credentials in industrial cyber security. As a consultant, I provide strategic insights on OT security technologies, implementation approaches, and emerging trends in the industrial security landscape.

Technical Skills

OT/ICS Security: SCADA, PLC, DCS, IoT/IIoT, ICS protocols
Network Security: Firewalls, Network Segmentation, IDS/IPS, Tenable, Claroty
Penetration Testing: Kali Linux, Nmap, Metasploit, Wireshark, x64dbg
SIEM & Log Management: Sentinel, LogRhythm, AlienVault, Wazuh, Defender
Languages / Scripting: Python, Bash, PowerShell
Networking: Industrial network architectures, LAN/WAN technologies, Mobile Communications, APIs
Compliance Frameworks: IEC62443, NIST SP 800-61, NIST SP 800-82, NIS2, ISO27001, CE+

Career Summary

Wessex Water
February 2024 - Present
OT Cyber Security Specialist
December 2024 - Present

As an OT Cybersecurity Specialist, I secure industrial control systems and SCADA networks, implementing targeted security controls that protect critical operational technology.

  • Delivered guidance for enterprise-wide OT initiatives including Claroty deployment, NIS2 regulatory compliance, and secure-by-design implementation.
  • Spearheaded Claroty platform management, including design and implementation of a custom monitoring and alerting system that enhanced visibility and incident response capabilities across the OT environment.
  • Served as technical authority on cross-functional working groups, contributing expertise to shape organisational OT security standards, governance frameworks, and strategic roadmaps.
  • Architected and implemented comprehensive OT vulnerability management program, establishing standardised processes for vulnerability identification, prioritisation, remediation, and reporting.
  • Conducted security assessments including device audits and penetration tests to evaluate security posture of new OT equipment, resulting in significant improvements to overall security stance.
Cyber Security Operations Lead
February 2024 - December 2024

As Cyber Security Operations Lead at Wessex Water, I oversaw daily cyber security operations across our IT and OT environments.

  • Led complete transformation of security monitoring capabilities, managing end-to-end migration from LogRhythm to Microsoft Sentinel from initial tender and procurement through deployment and implementation. This initiative significantly enhanced threat visibility while reducing alert fatigue, resulting in 60% improvement in both Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) metrics.
  • Developed custom rules, alerts, and incident response playbooks for both IT and OT incident scenarios.
  • Contributed to critical documentation including Cyber Incident Rapid Response Handbook, Dynamic Security Posture Playbook, and Cyber Incident Response Plan covering both IT and OT environments.
  • Led BAU operations for key security tools: Defender, LogRhythm, Sentinel, Claroty, Tenable, Cofense, Proofpoint, and Hornbill.
  • Engineered advanced, custom Python-based security dashboards integrating multiple security systems into a cohesive "single pane of glass" solution. This executive-level reporting platform translated complex security metrics into actionable intelligence for leadership, enabling data-driven strategic decisions.
Blueskytec
April 2022 - February 2024
Network Penetration & Test Analyst

As a Network Penetration & Test Analyst at Blueskytec, I specialised in identifying vulnerabilities within critical infrastructure and industrial control systems, offering tailored cybersecurity solutions to clients.

  • Conducted penetration tests on OT environments, including PLCs, SCADA systems, and ICS devices for clients such as Schneider Electric, Saudi Aramco, Shell (Nigeria LNG), DSTL (MoD), and Associated British Ports.
  • Applied MITRE ATT&CK framework for ICS to identify and mitigate OT-specific threats.
  • Demonstrated live OT cyber-attacks at industry events, highlighting vulnerabilities in industrial systems.
  • Architected and constructed comprehensive Industrial Control Systems (ICS) testbed environment, replicating production infrastructure for secure penetration testing and validation of internally developed security products.
  • Established and managed complete enterprise infrastructure from ground zero, including designing network architecture, implementing multi-layered firewall protection with granular policy management, deploying Office 365/Exchange environment, and creating specialised servers (file system, Git version control, WSUS patch management).
BMT Defence & Security UK
September 2016 - April 2022
ICT Analyst
April 2020 - April 2022

As an ICT Analyst, I was responsible for implementing and maintaining enterprise IT infrastructure, ensuring security, reliability, and compliance with MoD standards.

  • Administered and maintained enterprise network infrastructure including routers, firewalls, and web servers.
  • Provided Tier-3 level technical support, resolving complex infrastructure and security issues.
  • Mentored junior and trainee analysts on system administration and security practices.
Junior ICT Analyst
February 2018 - April 2020

Provided comprehensive tier 1-2 IT support to over 1000 employees across multiple locations.

ICT Apprentice
September 2016 - February 2018

Supported and documented key IT systems, with a focus on SharePoint environments.

Education & Certificates

Professional Development & Extracurricular Activities