Gartner Expert

Tom Croll

Sr Director Analyst

Tom Croll is a Certified Cloud Security Professional (CCSP) and researches various aspects of public cloud security. Mr. Croll tracks the security and compliance capabilities of cloud service providers, researches how to design and deploy secure workloads in public clouds and monitors the threat and vulnerability landscape present in public cloud services. Related areas of research include cloud access security brokers (CASB), Cloud Security Posture Management (CSPM), and the integration of security into DevOps (DevSecOps). As a former agile coach, he also specializes in recommending workflow methodologies appropriate to each customer's unique individual skill-sets, requirements and external constraints in order to maximize value.

Previous experience

Mr. Croll was the lead cloud security architect for EU Withdrawal projects at the Financial Conduct Authority of the U.K. He advised multiple product groups on security strategy in line with organizational risk appetite. He conducted research and analysis of new architectural patterns for secure cloud deployments. He led numerous digital transformation projects for moving enterprise workloads into the cloud. He advised DevOps teams on appropriate methodologies for successful delivery such as Scrum, Kanban and Cynefin. He used big data and complexity theory to help numerous companies improve their security posture through automation and innovation.

Professional background

Financial Conduct Authority

Senior Cloud Security Architect


Lead Cloud Security Architect

Visa Europe

Senior DevSecOps Engineer

Areas of coverage

Security and Risk Management Leaders

Security of Applications and Data

Security Operations

Agile and DevOps (retired)

Infrastructure Security


M.Sc., Computational Neuroscience, Royal Holloway University

B.Eng., Electronic Engineering with Music (hons), University of Glasgow

Read More Read Less

Top Issues That I Help Clients Address

1How can we deploy IaaS securely?

2How can we manage SaaS securely?

3How do we combine security with Agile methodologies?

4How do I collaborate securely using SaaS applications?