Securing Infrastructure at Scale — Accor Hotels UK & Ireland Digital Transformation
From ground-level infrastructure support across 250 hotel sites to project lead on one of the largest digital transformation programmes in UK hospitality, I delivered secure network infrastructure, drove PCI DSS certification, and led the technical execution of a full estate transformation.
The Challenge
Accor Hotels UK & Ireland operated one of the largest hospitality infrastructure estates in the country — 250+ sites, 2,700 users, 350 servers, and 3,000 workstations — all running on ageing network architecture that was increasingly exposed to compliance risk, operational fragility, and security gaps. The business faced a hard deadline: PCI DSS certification by November 2016, with parallel pressure to modernise core infrastructure without disrupting live hotel operations.
- Legacy MPLS circuits across the full UK estate required decommissioning and migration to FIBRE — a complex, multi-vendor, multi-site coordination challenge.
- 200+ Cisco firewalls and switches needed HA configuration, upgrade, or replacement across UK and European hotel locations.
- Ageing on-premise Exchange infrastructure and legacy VPNs introduced both operational risk and compliance exposure.
- PCI DSS and GDPR obligations required structured vulnerability management, remediation tracking, and evidenced control implementation.
- A small team was responsible for 3rd line support, security monitoring, patching, and transformation delivery simultaneously — with no tolerance for service disruption across live hotel operations.
The Approach
Infrastructure Security & Network Transformation
Beginning as Network Systems Engineer, I established operational ownership across the full estate — providing 3rd line support for server infrastructure, corporate Wi-Fi, network security monitoring, and Oracle IPOS across 250 sites. I built the operational baseline that the transformation programme would depend on.
- Administered Active Directory, DNS, DHCP, file, print, and radius servers — maintaining identity and access integrity across 2,700 users.
- Delivered daily network and security infrastructure monitoring, establishing visibility across a geographically distributed estate.
- Implemented and maintained SCCM software deployments and monthly server patching — ensuring timely application of security updates across 350 servers.
- Created and maintained Confluence knowledge base documentation — codifying technical processes for the first time across the estate.
PCI DSS Compliance Programme
Promoted to Network Systems Analyst, I took on direct responsibility for PCI DSS compliance delivery alongside the transformation programme. I owned the technical execution of the controls required to bring Accor UK to certification — working across vulnerability management, network segmentation, and evidence gathering.
- Led PCI DSS and Qualys vulnerability reporting, remediation tracking, and control implementation across the estate.
- Coordinated the decommissioning of legacy MPLS circuits and migration to FIBRE — managing remote technical resources across multiple sites simultaneously.
- Configured and deployed HA Cisco firewall and switch infrastructure across UK and European hotel locations, hardening network perimeter controls.
- Decommissioned legacy VPNs, reducing attack surface and simplifying the network security boundary ahead of PCI assessment.
- Implemented PowerShell scripting for patching automation, compliance monitoring, and event log auditing — replacing manual processes with evidenced, repeatable controls.
Cloud Migration & Modernisation
As project lead for the Office 365 deployment, I managed the full migration from legacy on-premise Exchange — delivering a scalable, cloud-hosted email platform across 2,100 mailboxes while maintaining service continuity throughout.
- Led end-to-end Office 365 deployment across 2,100 mailboxes — project planning, technical execution, and stakeholder coordination.
- Decommissioned legacy Exchange infrastructure cleanly, removing a long-standing operational and security risk from the estate.
- Maintained uninterrupted email service throughout the migration across a 24/7 hospitality operation.
Programme Metrics
| Metric | Position |
|---|---|
| Hotel Sites Supported | 250+ across UK & Ireland |
| Cisco Network Devices | 200+ firewalls and switches upgraded or decommissioned |
| End Users Supported | 2,700 across 3 head office locations and 250 sites |
| Infrastructure Under Management | 350 servers, 3,000 workstations, 2,100 mailboxes |
| PCI DSS Certification | Successfully obtained November 2016 |
| Circuit Migration | MPLS to FIBRE decommissioned across full UK hotel estate |
| Office 365 Deployment | Full mailbox migration from legacy Exchange (Project Lead) |
The PCI DSS certification achieved in November 2016 is the defining metric of this engagement — not because it was a box-ticking exercise, but because it required evidenced control implementation across a 250-site estate with no room for gaps. Every vulnerability had to be tracked, every remediation evidenced, every control tested. That discipline is the same discipline I apply to compliance today.
The Results
- Accor Hotels UK successfully obtained PCI DSS certification in November 2016 — on schedule, across a 250-site estate.
- Full MPLS-to-FIBRE circuit migration delivered across the UK hotel estate, modernising network infrastructure and reducing ongoing operational cost.
- 200+ Cisco firewalls and switches upgraded or replaced — hardening the network perimeter across UK and European locations.
- Legacy Exchange decommissioned and 2,100 mailboxes migrated to Office 365 — delivering a scalable, compliant email platform.
- PowerShell-based patching automation and compliance monitoring established repeatable, evidenced controls — replacing manual processes that could not scale.
- Technical knowledge base created in Confluence — leaving a lasting operational asset beyond the engagement.
Technologies & Frameworks Utilised
| Technology / Framework | Application |
|---|---|
| PCI DSS | Compliance programme delivery and certification |
| Qualys | Vulnerability scanning, reporting, and remediation tracking |
| Cisco (Firewalls & Switches) | HA configuration, upgrade, and decommissioning across UK & EU |
| PowerShell | Secure scripting, patching automation, compliance monitoring |
| SCCM | Software deployment and monthly server patch management |
| Office 365 / Exchange | Full mailbox migration — project lead |
| Active Directory / DNS / DHCP | Identity, directory, and network services administration |
| MPLS / Fibre | Circuit decommissioning and migration coordination |
| Confluence | Technical knowledge base documentation |
| GDPR | Data protection controls and compliance alignment |
| Oracle IPOS | Hospitality point-of-sale infrastructure support |
Compliance is only credible when the person responsible for it understands the infrastructure it governs. I have configured the firewalls, written the patching scripts, and managed and cordinated Digital Transformation projects. This hands on experience means I do not just audit controls — I know whether they actually work.