About Bastion Cyber Security
Shah Siddique - Senior Adviser
Shah is our Network Security and Penetration testing lead, he is CISSP-certified security leader with over 30 years' experience, specialising in security assessment, vulnerability management, and technical risk reduction across financial services, healthcare, retail, manufacturing, and global enterprise sectors.
With a strong networking background (MCSE, CCNA), he has led penetration testing programmes, network security reviews, SIEM implementations, cloud security assurance, and large-scale remediation activities. Shah applies frameworks such as SANS CIS Controls, ISO 27001, NIST, and CSA CCM, and is known for clear communication and practical leadership in improving security posture across complex environments.
Dr Kristian Stewart - Senior Adviser
Kristian is our Secure Software, Cloud and AI Security Lead, specialising in architecting and hardening mission-critical systems across enterprise, telecoms and government sectors. A software engineering leader, he has built high-scale platforms focused on observability, automation and cybersecurity, meeting stringent availability and compliance requirements. Kristian has led security-sensitive products through formal certifications and “security by design” programmes aligned with NIST and Common Criteria, embedding secure coding, threat modelling and rigorous testing across the SDLC. His experience spans DevSecOps, SRE and cloud-native security, now extended to AI-driven systems to ensure secure-by-default, resilient and compliant platforms.
Stewart Picken - Senior Adviser
Stewart is a security architecture, operations and governance specialist with extensive experience shaping secure design, identity processes and technical assurance across large-scale transformation programmes. Working with all sizes of organisations, from small NGOs with near-zero budgets to the largest enterprises, he has delivered architectural reviews, implemented concrete improvements to technology and process security, and strengthened identity and access governance practices.
Leading teams and projects to deliver both tools and ways of working, Stewart has guided organisations through certifications including Cyber Essentials Plus and ISO27001 accreditation. He particularly enjoys mentoring and knowledge sharing, knowing that clients benefit not just from the work done, but from the experience shared during an engagement.
Dr Barry Hearn - Director
Barry is an experienced risk management and compliance leader with over 30 years in information and cyber security across retail, investment banking, insurance and public-sector environments. CISSP and PRINCE2 qualified, he has designed and delivered major security, governance and risk frameworks, led security consultancy teams, and ensured compliance with ISO 27001, PCI DSS, SOC 2, SOx and regulatory requirements.
Barry has held senior leadership roles in global financial institutions and top-tier consultancies, providing strategic risk oversight, security governance, cryptographic services, identity and access management, and security programme delivery. He is also an experienced educator, lecturer and technical mentor.
Geoff kinsella - Senior Adviser
Geoff is our Cyber insurance lead and has over 45 years experience in insurance. He turned his attention to the emerging insurance market for Cyber risk in 2012 and in 2013 became a Partner in Safeonline LLP, a Cyber insurance broking specialist firm, until its sale to a larger entity in 2021.
He has helped entities in many different sectors, in the UK, US, Canada, Europe and beyond mitigate their Cyber risk exposures through insurance.
He has spoken on the subject at many forums, both in the UK and overseas, and also has published a guide to Cyber insurance for businesses.
From his experience, Geoff has learned that Cyber insurance can form an important function in a company's overall cyber security strategy, removing some of the resulting uncertainties following a cyber incident. The pre-incident support afforded by many cyber insurance policies, can also be invaluable to aid businesses to manage their cyber exposures.
Geoff is a Fellow of the Chartered Insurance Institute, a Chartered Insurance Practitioner and holds an MBA.
David Ward - Senior Adviser
David is our Policy and Standards, and Third party risk lead, he is an experienced Information Security leader with a strong track record in protecting organisations through pragmatic, business-aligned security strategies. With extensive experience across security operations, risk management, and emerging threat landscapes, he brings a hands-on, solutions-focused approach to safeguarding digital environments.
Known for his clear, practical thought leadership, David regularly shares insights on topics such as Zero Trust architectures, identity as the modern perimeter, and the evolving cybersecurity challenges facing organisations today. He is passionate about helping businesses strengthen their security posture through measurable improvements, cultural alignment, and modern security best practices.
John Theobald
John is a highly experienced cyber and information security leader with a proven track record helping organisations improve security maturity, reduce risk and meet regulatory expectations.
He has held CISO roles and built CISO functions for multiple organisations, including a global manufacturing company, delivering everything from targeted security improvements to large-scale cyber transformation programmes.
With a strong technical background, John bridges the gap between technical teams and business leadership, translating complex cyber risks into clear, actionable decisions. He has extensive experience across financial services, manufacturing, government and regulated industries, and holds CISSP and CISM certifications.