Frank Marsh is an exceptional and internationally renowned information security specialist covering all aspects of information security including physical, digital, oral and intangible forms, and the prevention, detection and investigation of information leakage. He has a PhD from Liverpool University where he worked under Professor (now Sir) David King. He did post-doctoral research before working in the University Computer Laboratory.
For 25 years, until 2008, he worked for BAT Industries/British American Tobacco in a broad range of business roles, and from 1995 as Global Information Security Manager. Working with BAT‘s business operations globally, he also became the deputy CSO.
In 2001, he was elected, by the UK membership, to the global Council of the Information Security Forum (ISF) and was elected by that council of his peers to the ISF Executive a year later. He was a member of the ISF Ltd Board of Directors that led strategic business change in the ISF which resulted in renewed membership growth year on year. He was also a member of the ISF Board finance sub-group. His responsibilities with the ISF continued until December 2007.
As an information security specialist he developed various in-house training programmes for business staff that have been delivered worldwide including a 5-day specialist workshop for security managers. He has presented at numerous conferences, was a referee of the EU CTOSE project and has worked with national and international manufacturers’ associations. Throughout his career he has delivered business-focused and aligned information security that enables, rather than inhibits, business operations.
Additonal to information security, he has had responsibility for R&D and factory IT, health & safety, Quality Control, building services, and general information services. Transferred to head office in 1991, reporting directly to the Chairman, he managed the implementation of records management for BAT’s UK companies, a review of global policies reporting to another Board Director and managed disaster recovery planning and data protection.
Frank was one of the first senior executives, globally, to be Certified in Risk and Information Systems Control (CRISC) by the Information Systems Audit and Control Association (ISACA). In addition to Frank’s core skills, he also provides mentoring and coaching services.