root@localhost:~$ cat profile.txt

+---------------------+ | Security is | | a process, | | not a product. | | | | | |+-------------------+| +------..-----..------+ .---------------------. / /===================\ \ / /=====================\ \ /___________________________\

I’m a cyber and information security professional helping organisations to achieve their security objectives.

A lifelong interest in security and computers, alongside experience in Web, system and network penetration testing, combined with application security and governance, have allowed me to combine hands-on technical ability with a strategic and governance mindset.

I believe that to effectively defend systems one benefits by also understanding how to attack them. Being a systems thinker, understanding the whole lifecycle of threat, exploit, detection, response and governance and where all of that sits in a business or organisation is essential. In the context of a business or organisation, security is never an end in itself, but a means of helping it to achieve its broader strategic objectives and to succeed.

When not engaged with work, I enjoy taking on CTF challenges, building small form factor computers, working on my homelab, researching and writing about information security issues, privacy and free software, and occasionally other subjects that draw my interest.

Skills

Network penetration testing, web application penetration testing, wireless penetration testing, cyber security, application security, security architecture, IdAM, DevSecOps, cloud security, information security governance, information risk management, incident management and response, data protection, disaster recovery, PCI DSS, ISO/IEC 27001, GDPR, NIST Cybersecurity Framework, Cyber Essentials, CIS Benchmarks, CIS Controls, OWASP ASVS, OWASP SAMM, MITRE ATT&CK

Education and Certifications

Professional Memberships