Well I certainly fit that description. I'm somewhat familiar with Drupal, having worked with versions 4 through 7, and would love to help if possible, but I'm hesitant to commit to something as I am somewhat time constrained. Keep in mind I'm not a web pro, I'm a humble textbook editor by trade. I'm also sensing some hesitance to stay with Drupal on your and Paul's behalf. Ultimately my biggest question is how the attack happened. Drupal does run quite securely on some very high profile sites, so I guess the first step to fixing things if Drupal is retained is figuring out what went wrong. If the issue is locking down the server, then long term it may be more productive to avoid having to maintain a server at all and go with github pages as suggested, effectively outsourcing security issues entirely. Another thing to keep in mind is that with version 8, Drupal is set to undergo some quite deep changes that as far as I can tell will make it far less suited to a casually maintained site. So again, long term, Drupal may not be the best solution. 

So with those caveats in mind, if no one else steps up, and no other solution is agreed upon, I'll cautiously put my hand up.