The Challenge

During an 18-month engagement at INEOS Oil & Gas UK — one of the world's largest chemical and energy companies — I took ownership of a complex, high-stakes IT environment that spanned multiple countries and Operational Technology (OT) networks. Beginning as a contractor and converting to permanent Lead Infrastructure Engineer, I inherited a fragmented estate that required urgent standardisation and a security focus.

The environment presented severe systemic and active challenges:

Aging WAN Infrastructure: The global wide-area network required a full migration from NTT to Lumen across dozens of international sites
Patching Debt: Critical servers had gone unpatched for nearly two years, resulting in active MS17-010 vulnerabilities that were ultimately exploited
Fragmented Endpoint Estate: No standardised workstation build, inconsistent security tooling, and a lack of unified MDM governance
Limited Automation & Visibility: A small IT team managed significant manual overhead for routine tasks, with no centralised log collection for a SIEM

The Approach

This was not a steady-state maintenance role. I operated at the highest level of pressure in a critical national infrastructure environment, balancing real-time incident containment with enterprise architecture delivery.

Ransomware Containment & Incident Response

In June 2020, during the active CLOP ransomware operation, I worked directly with Secureworks incident response to orchestrate immediate containment and remediation across the INEOS global estate.

Engineered the rapid mass deployment of Secureworks Red Cloak EDR across all Windows servers using PowerShell automation, targeting the full AD structure regardless of domain
Expanded EDR coverage to endpoints lacking Carbon Black, closing visibility blind spots
Led the blocking of identified C2 (Command and Control) IPs and coordinated domain trust isolation to restrict lateral movement
Implemented FSRM ransomware canaries to detect and disrupt active encryption attempts during the attack
Blocked encoded PowerShell scripts at the AV layer and executed a global password and Kerberos KRBTGT Golden Ticket reset to evict threat actors from the identity infrastructure

Global WAN Migration

I managed the end-to-end migration of the global wide-area network from NTT to Lumen, encompassing the London HQ, Teesside Gas Processing Plant, and international locations.

Configured and deployed Lumen Fortinet firewalls across sites, managing static routes, routing tables, and VLAN configurations
Coordinated with the Operational Technology (OT) team for the Clipper South / Zaventem circuit to guarantee zero disruption to critical industrial operations
Resolved complex post-migration telephony challenges, including Fortinet ALG configurations that affected voice traffic after cutover

Endpoint Modernisation & Automation

To resolve the fragmented legacy estate, I designed and delivered a centrally governed endpoint ecosystem and automated core infrastructure processes.

Built and distributed a Secure Windows 10 20H2 Workstation Image using MDT, integrated with automated Slack/Teams build notifications
Deployed Microsoft Intune MDM and FortiClient VPN across the organisation, replacing unmanaged devices and legacy connectivity with policy-driven compliance
Migrated users from local mapped drives to an Office 365 OneDrive environment using GPO-based Known Folder Move
Developed an extensive library of PowerShell automation tools covering password expiry notifications, VM build alerts, AD user lifecycle management, and file permission reporting
Established a formal monthly patching cadence to continuously remediate vulnerabilities like MS17-010 across the Hyper-V virtualisation infrastructure

The Results

Successfully shifted the INEOS infrastructure from a vulnerable, fragmented legacy estate into a highly governed, secure, and monitored environment capable of withstanding sophisticated threat actors.

Live Attack Remediation: Deployed Secureworks Red Cloak EDR across the entire organisation during an active ransomware incident
Enterprise Network Cutover: Completed the global NTT-to-Lumen WAN migration across all sites on schedule, modernising infrastructure for international offices and processing plants
Estate Standardisation: Deployed a modern secure build, Intune MDM, and managed VPN across all endpoints, immediately elevating compliance and security posture for a distributed workforce
Operational Scalability: Eliminated years of patching debt by establishing a repeatable patching cadence, and built an automation library that dramatically increased the effective capacity of a lean IT operations team

This engagement demonstrated my ability to provide security-first engineering and incident leadership under intense pressure within critical national infrastructure. Navigating a live ransomware attack while simultaneously executing a global WAN migration and endpoint modernisation programme highlights my capacity to not just secure an environment, but to actively rebuild and modernise it without disrupting core industrial operations.

The decision by INEOS to convert my title from contractor to permanent staff remains the clearest signal of the trust and impact I delivered to their senior leadership.