Terry Boon: Professional and academic


I work at a financial services regulator, focusing on cyber and IT risk. Previously, I spent over 20 years at PwC in London, most recently based in the Technology Consulting practice, with clients primarily in the financial services sector.

Areas of technical experience include information security and IT controls, operational risk, and quantitative finance. Practical experience in technology helps me develop or manage tactical solutions where needed. And my training as a chartered accountant helps me put technical challenges into a broader commercial perspective.

Industry experience

I have extensive experience working with investment banks, along with retail/commercial banks and other financial services organisations, building a broad range of experience in their products and services, processes, risks, controls, and technology. I also worked on projects supporting banks in responding to changes in regulatory requirements, including MiFID II, LIBOR transition, and PSD 2.

I have also worked on projects in other industry sectors, including insurance and telecoms.

I am a member (FCA) of the Institute of Chartered Accountamts in England and Wales (ICAEW).

Information security, IT risk, and operational risk

Infrastructure, network, and server technical security: I advised clients on the security of their technology and assisted them in defining and implementing suitable controls - through understanding how the technology works and interacts, the risks it faced in the client’s environment, and how it could be configured and managed to address them.

Information security management: I advised clients on their security management - the policies and processes on which their security relied.

Penetration testing: I performed penetration testing (ethical hacking) for a variety of clients. This included testing network and server infrastructure, web sites, and applications - assessing their security against both Internet-based/external and insider threats, and advising how they could strengthen their controls to meet those threats.

IT risks and controls: I assessed and advised a variety of clients on their general computer controls - over areas including security, change management, software development, operations, resilience, and overall management of the IT function - as part of external audits, internal audits, or other projects. On these projects I obtained an understanding of the overall technology environment; its management, organisation, and strategy; and how it aligned with the needs and expectations of the business - providing me with a broad experience of technology across a variety of organisations.

Operational risk and controls: I also worked with a number of banks on their management of broader operational risk (the risks associated with processes, systems, people, and external events), including assisting in the execution of risk and control self assessments (RCSAs), remediating gaps in compliance with operational risk requirements of PSD 2, and reviews of operational risk management.

Mathematics, quantitative finance and data analytics

MMath in mathematics & MSc in mathematical and computational finance (Oxford University): My first degree was an MMath in mathematics at Oxford University. I took a sabbatical year from PwC in 2007-08 to return to Oxford and obtain an MSc in mathematical and computational finance. Areas of study included modelling and pricing derivatives and other financial instruments; stochastic calculus and stochastic control; and numerical methods and implementation in C++ and Matlab.

MSc dissertation - pricing derivatives based on house prices: My dissertation was on Shared appreciation mortgages: property derivatives and unconventional loan interest charges. I developed a model for residential property prices based on historical time series; and used it to price mortgages where the finance/interest charge is based on the increase in in the property’s value, and to value other property derivatives.

Derivative valuation at an investment banking client: I spent over 3 years working in the Valuations function during the winding up of an investment bank. This included developing, tailoring, and applying quantitative finance models for valuing derivatives; reviewing counterparties' valuation methodologies and data; and broader trade and market data analysis.

Applying technology

Tactical software development: I have experience in developing tactical software solutions (for example, using Python, C++, VBA, SQL, and R) and have used this in data analysis, quantitative finance, and security testing to deliver projects and automate inefficient manual processes.

Linux and open source: I have used Linux, along with other open source tools, as a development and server platform for security testing and personal projects - providing practical insight into Linux/Unix system administration and the open source ecosystem.