I'm an associate security consultant with a passion for computer security, graduating from Abertay University in Dundee with a first-class honours degree in ethical hacking. I have recently passed the CPSA certification and I'm working towards CRT status. I've presented research and spoken at events, security meetups and conferences throughout Europe.
Associate Security Consultant
I currently work as part of the proactive security team within Aon Cyber Solutions (formerly Gotham Digital Science). We work with clients to identify risks within their organisations, evaluate the risks contextually and offer recommendations to improve the overall security posture. This is achieved through:
- Infrastructure penetration testing
- Web application penetration testing
- Red teaming exercises
- Effectively communicating findings through reports aimed at technical and non-technical clients
Intern Security Consultant
Duties and responsiblities included:
- Infrastrucure penetration testing.
- Web application penetration testing.
- Communicating findings to technical and non-technical clients through reports.
- End-user security awareness training through public speaking engagements.
- Our team were finalists in the 2017 DigiLeaders 100 award.
This contract-based role involved travelling to Abu Dhabi to teach local students (from ages 12-21) about computer security.
The main event was four days of teaching a class about a variety of computer security subjects including:
- Information gathering
- Linux basics
- Web application hacking
- Post scanning
- Configuring firewalls
The role requires a variety of skills including:
- A good technical understanding of the techning material.
- Being able to explain complex security subjects in simple ways, where the students main language was Arabic.
- Balancing being strict with the students to control the classroom, while being kind and caring enough to keep the students interest.
iOS VPN Security
Due to the increasing number of recommendations for consumers to use VPN’s for privacy reasons, more app developers are creating VPN apps and publishing them on the Apple App Store and Google Play Store. In this ’gold rush’, apps are being developed quickly and, in turn, not being developed with security fully in mind.Paper (PDF, Opens in a new tab)
Penetration Testing Assignment
For this university assignment we were allocated a virtual network to conduct a penetration test on. This involved following a methodology and writing a report to effectively communicate the findings. The network was dynamically generated to challenge each student individuallyPaper (PDF, Opens in a new tab)
Penetration Testing Methodologies Comparison
The other assignment for our penetration testing module involved picking two popular and widely used penetration testing methodologies to compare and evaluate each.Paper (PDF, Opens in a new tab)
Digital Forensic Investigation
As part of the digital forensics module, our assignment was to recover a hard drive of a suspect (John Doe) who was accused of holding indecent images of birds. The assignment required us to follow the proper chain of custody process for the seized hard drive and follow a standardised methodology for analysing the hard drive to recover evidence.Paper (PDF, Opens in a new tab)
Web Application Penetration Test
One of our third year modules was based around web application security and penetration testing. The assignment involved a web application with dynamically generated vulnerabilities. We were expected to follow a standardised web application penetration methodology (such as OWASP) to find and exploit vulnerabilities. The hand-in was split into two parts, the first part focussed on exploitation, and the second part on remediations.Pentest Paper (PDF, Opens in a new tab)
Remediations Paper (PDF, Opens in a new tab)
Analysis and Prevention of Microsoft Office Malware
As part of a module, we were assigned time to research into a topic of our choosing. Using Microsoft Office macros as a method of payload delivery was a popular tactic at the time, so this research analysed some malware samples found online and discussed prevention methods with a focus on enterprise security.Paper (PDF, Opens in a new tab)
Investigation of Intrusion Detection and Preventio Systems
Our third-year networking module consisted of two assignments, both of which were research-based. The first assignment was to investigate a common tool or system applicable to networking and write a white paper explaining how it works and how it works. For this, I elected to research IDS and IPS, while launching some very basic attacks to determine the effectiveness of out-the-box configurations.Paper (PDF, Opens in a new tab)
Open-Source vs Commercial Cloud Solutions
The second assignment for our networkng module involved picking two products within the IT field, one of which that was free and open-source and one that was a commercial market leader. After this, we had to configure the open-source product and write a white paper discussing the benefits of each product along with a guide on setup and configuration.Paper (PDF, Opens in a new tab)
Skills & Tools
- Penetration testing
- Infrastructure security
- Web application security
- Public speaking
BSc (Hons) Ethical HackingAbertay UniversityFirst-class honours2015 - 2018
HNC ComputingPerth College UHI2014 - 2015
October 2018 - October 2021
- English (Native)
- Security Conferences