Founded Trethtec in 2021, serving as both Director and Security Consultant. At Trethtec, I provide a wide range of penetration testing services, working directly with clients to strengthen security and offer strategic guidance.KEY RESPONSIBILITIES & HIGHLIGHTS- Deliver all disciplines of penetration testing across infrastructure, web and mobile applications, cloud environments (AWS, Azure, GCP), and containers (Docker, Kubernetes). - Conduct reviews of infrastructure, firewalls, servers, workstations, and network devices. - Lead social engineering engagements (phishing, vishing), physical access testing, and wireless testing. - Provide actionable security recommendations to enhance clients' defences. - Serve as a trusted advisor, leading high-priority security projects. - Offer overflow support for security consultancies, delivering testing services remotely and onsite (UK & abroad). - Assist with scoping and pre-sales to help security consultancies win business. - Deliver training and mentoring to junior testers, ensuring consistent, high-quality delivery. - Oversee all aspects of business operations, including client relations and service delivery.PENETRATION TESTING DISCIPLINES DELIVERED- External & Internal Infrastructure Testing - Web Application & API Testing - Mobile Testing - Workstation & Server Build Reviews - Firewall Build & Ruleset Reviews - Network Device Reviews & Segmentation Testing - Cloud Penetration Testing (AWS, Azure, GCP) - Container Build Reviews (Docker, Kubernetes) - Breakout Testing - Physical Access Testing & Social Engineering - Wireless Testing - Thick Client Testing

Joined Equilibrium as a lead penetration tester and played a key role in building and growing the penetration testing department. Worked closely with the leadership team to develop and expand the penetration testing service line and ensure the delivery of high-quality services across all disciplines.KEY RESPONSIBILITIES & HIGHLIGHTS - Built the penetration testing department and developed the penetration testing service line. - Hired, trained, and mentored testers at all levels, focusing on skills development and maintaining high testing standards. - Actively involved in scoping and presales work, collaborating closely with the sales department to win new business and shape tailored client solutions. - Carried out technical quality assurance for penetration testing reports and technical documentation, ensuring consistent delivery and accuracy. - Developed standardised documentation for all stages of the engagement lifecycle to improve efficiency and consistency. - Served as the primary technical contact for clients, ensuring smooth communication and delivering high-value advisory services. - Delivered work outside of traditional penetration testing, including incident response, tabletop planning, security operations centre (SOC) design, and general security consultancy. PENETRATION TESTING DISCIPLINES DELIVERED - External Infrastructure Testing - Internal Infrastructure & Assumed Breach Testing - Web Application & API Testing - Mobile Application Testing (iOS & Android) - Workstation & Server Build Reviews - Firewall Build & Ruleset Reviews - Network Device Build Reviews & Segmentation Testing - Cloud Penetration Testing - Container Build Reviews - Breakout Testing - Physical Access Testing & Social Engineering Engagements - Thick Client Testing - IASME Cyber Essentials

As a core team member at Capita Cyber Security/Trustmarque, I provided comprehensive penetration testing services, both remotely and on-site. I worked closely with clients to identify critical vulnerabilities and improve their overall security posture, while mentoring junior team members.KEY RESPONSIBILITIES & HIGHLIGHTS- Delivered end-to-end penetration testing services across a variety of disciplines, including infrastructure, web applications, and cloud environments.- Led kick-off calls and debrief sessions with clients, ensuring effective communication and clarity of findings.- Conducted in-depth vulnerability assessments and provided actionable remediation advice to clients.- Provided training and shadowing opportunities for junior team members, fostering skill development and maintaining high-quality testing standards.PENETRATION TESTING DISCIPLINES DELIVERED- External & Internal Infrastructure Testing- Web Application & API Testing- Cloud Penetration Testing- Container & Breakout Testing- Workstation & Server Build Reviews- Network Device & Segmentation Testing- Firewall Build & Ruleset Reviews

As a dedicated member of the Nettitude team, I delivered high-volume commercial penetration testing services for a large security consultancy. I was involved in various stages of the engagement lifecycle, from initial scoping and kick-off calls to delivering detailed reports and debriefs, both remotely and on-site. Additionally, I mentored less experienced team members through training and shadowing to help develop their technical and consultancy skills.KEY RESPONSIBILITIES & HIGHLIGHTS- Delivered comprehensive penetration testing services across multiple disciplines for a wide range of clients.- Led kick-off calls, engagements, reporting, and debriefs, both remotely and on-site, ensuring clients received clear and actionable findings.- Provided training and shadowing for junior team members to help develop their technical and consultancy skills.- Worked closely with engineers in the marine and offshore sector, conducting specialised tests on ICS/SCADA and safety systems.- Planned and delivered secure development training for external customers, enhancing their security practices.- Conducted R&D initiatives and presented findings at an internal conference to drive innovation within the team.PENETRATION TESTING DISCIPLINES DELIVERED- External & Internal Infrastructure Testing- Web Application & API Testing- Cloud Penetration Testing- Container Build & Breakout Testing- Workstation & Server Build Reviews- Network Device & Segmentation Testing- Firewall Build & Ruleset Reviews- Physical Access Testing & Social Engineering Engagements- ICS/SCADA/OT Testing- Thick Client Testing

Joined Claranet's InfoSec team in a two-person unit to develop and launch the Continuous Security Testing (CST) service, aimed at delivering ongoing penetration testing with daily and monthly updates to improve vulnerability detection times.KEY RESPONSIBILITIES & HIGHLIGHTS- Delivered continuous security testing, providing clients with daily/monthly vulnerability updates.- Developed and automated workflows for the CST service, working closely with the development team.- Involved in scoping and presales, collaborating with sales teams to tailor offerings to clients.- Hired and mentored junior testers, focusing on skills development and knowledge transfer.- Operated the CST service solo during its early months, ensuring smooth service delivery.- Helped onboard 20+ clients on year-long CST contracts and expanded the team to five members.- Supported high-volume penetration testing, providing services across various security disciplines.- Achieved OSCP and CRT certifications, completed Offensive Security AWAE course, and participated in NSS training.PENETRATION TESTING DISCIPLINES DELIVERED- External & Internal Infrastructure Testing- Web Application & API Testing- Cloud Penetration Testing- Container Build & Breakout Testing- Workstation & Server Build Reviews- Network Device & Segmentation Testing- Firewall Build & Ruleset Reviews

Joined ECSC as a junior penetration tester, assisting in the delivery of high-volume commercial penetration testing services. Delivered kick-off calls, engagements, reports, and debriefs both remotely and on-site.KEY RESPONSIBILITIES & HIGHLIGHTS - Delivered external and internal infrastructure testing, web application testing, and social engineering engagements (phishing). - Seconded to the Security Operations Centre (SOC) to manage custom Linux appliance estates. - Built and installed firewalls for clients at premises and data centres. - Supported the delivery of CREST Cyber Essentials assessments. PENETRATION TESTING DISCIPLINES DELIVERED - External & Internal Infrastructure Testing - Web Application Testing - Social Engineering & Phishing - CREST Cyber Essentials