Jack Wilson

Associate Security Consultant

Career Summary

I'm an associate security consultant with a passion for computer security, graduating from Abertay University in Dundee with a first-class honours degree in ethical hacking. I have recently passed the CPSA certification and I'm working towards CRT status. I've presented research and spoken at events, security meetups and conferences throughout Europe.

Work Experience

Associate Security Consultant

Aon
June 2018 - Present

I currently work as part of the proactive security team within Aon Cyber Solutions (formerly Gotham Digital Science). We work with clients to identify risks within their organisations, evaluate the risks contextually and offer recommendations to improve the overall security posture. This is achieved through:

  • Infrastructure penetration testing
  • Web application penetration testing
  • Red teaming exercises
  • Effectively communicating findings through reports aimed at technical and non-technical clients

Intern Security Consultant

Scottish Business Resilience Centre
January 2017 - May 2018

Duties and responsiblities included:

  • Infrastrucure penetration testing.
  • Web application penetration testing.
  • Communicating findings to technical and non-technical clients through reports.
  • End-user security awareness training through public speaking engagements.

Achievements

  • Our team were finalists in the 2017 DigiLeaders 100 award.

Workshop Leader

Edinburgh International Science Festival
December 2017 - January 2018

This contract-based role involved travelling to Abu Dhabi to teach local students (from ages 12-21) about computer security.

The main event was four days of teaching a class about a variety of computer security subjects including:

  • Information gathering
  • Phishing
  • Linux basics
  • Web application hacking
  • Post scanning
  • Wireshark
  • Configuring firewalls

The role requires a variety of skills including:

  • A good technical understanding of the techning material.
  • Being able to explain complex security subjects in simple ways, where the students main language was Arabic.
  • Balancing being strict with the students to control the classroom, while being kind and caring enough to keep the students interest.

Projects

iOS VPN Security

September 2017 - May 2018

Due to the increasing number of recommendations for consumers to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ’gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind.

Paper (PDF, Opens in a new tab)

Penetration Testing Assignment

January 2018 - May 2018

For this university assignment we were allocated a virtual network to conduct a penetration test on. This involved following a methodology and writing a report to effectively communicate the findings. The network was dynamically generated to challenge each student individually

Paper (PDF, Opens in a new tab)

Penetration Testing Methodologies Comparison

January 2018 - May 2018

The other assignment for our penetration testing module involved picking two popular and widely used penetration testing methodologies to compare and evaluate each.

Paper (PDF, Opens in a new tab)

Digital Forensic Investigation

September 2017 - December 2017

As part of the digital forensics module, our assignment was to recover a hard drive of a suspect (John Doe) who was accused of holding indecent images of birds. The assignment required us to follow the proper chain of custody process for the seized hard drive and follow a standardised methodology for analysing the hard drive to recover evidence.

Paper (PDF, Opens in a new tab)

Web Application Penetration Test

January 2017 - May 2017

One of our third year modules was based around web application security and penetration testing. The assignment involved a web application with dynamically generated vulnerabilities. We were expected to follow a standardised web application penetration methodology (such as OWASP) to find and exploit vulnerabilities. The hand-in was split into two parts, the first part focussed on exploitation, and the second part on remediations.

Pentest Paper (PDF, Opens in a new tab)
Remediations Paper (PDF, Opens in a new tab)

Analysis and Prevention of Microsoft Office Malware

September 2017 - December 2017

As part of a module, we were assigned time to research into a topic of our choosing. Using Microsoft Office macros as a method of payload delivery was a popular tactic at the time, so this research analysed some malware samples found online and discussed prevention methods with a focus on enterprise security.

Paper (PDF, Opens in a new tab)

Investigation of Intrusion Detection and Preventio Systems

September 2017 - December 2017

Our third-year networking module consisted of two assignments, both of which were research-based. The first assignment was to investigate a common tool or system applicable to networking and write a white paper explaining how it works and how it works. For this, I elected to research IDS and IPS, while launching some very basic attacks to determine the effectiveness of out-the-box configurations.

Paper (PDF, Opens in a new tab)

Open-Source vs Commercial Cloud Solutions

September 2017 - December 2017

The second assignment for our networkng module involved picking two products within the IT field, one of which that was free and open-source and one that was a commercial market leader. After this, we had to configure the open-source product and write a white paper discussing the benefits of each product along with a guide on setup and configuration.

Paper (PDF, Opens in a new tab)

Skills & Tools

  • Penetration testing
  • Infrastructure security
  • Web application security
  • Public speaking
  • Windows
  • *NIX
  • Metasploit
  • Burpsuite
  • Python
  • Bash

Education

  • BSc (Hons) Ethical Hacking
    Abertay University
    First-class honours
    2015 - 2018
  • HNC Computing
    Perth College UHI
    2014 - 2015

Certifications

Language

  • English (Native)

Interests

  • Security Conferences
  • Cycling
  • Gaming
  • Reading