A valuable asset to any company, I am hardworking and confident in my ability. I am enthusiastic about technology as well as the skills listed below and in previous employment. I continuously strive to improve my skills and knowledge with self study. I always look to automated tasks things easier and quicker for myself and others. I run various security groups and information sharing with a combined member count of approx 400,000 people. My personal project has been https://pentest.training which is a free pentest training lab for anyone to use free of charge with access to a full networked lab with typical windows domain setup with servers for real world testing, which was picked up by netsparker who then became and official sponsor after gaining 250,000 visitors in the first 2 weeks of launch.
IT Governance - Senior Penetration Tester.
I am currently working for IT Governance as a senior penetration tester, my role is to lead penetration testing engagements from the beginning such as scoping (including PCI DSS) to completing the engagement with a written report and debrief/consultation. I am also responsible for helping train other staff members and provide a training resource and lab, similarly I also created and personally host services run by IT Governance such as their phishing portal.
My key areas for IT Governance are,
web app testing, internal and external pentesting, wireless testing, social engineering both physical access and phishing, PCI DSS testing and scoping and mobile application testing.
ECSC - Lead Consultant
Aug 2014 – Feb 2015
Previously working for ECSC I was responsible for performing infrastructure penetration tests and adequate training from ECSC this further lead to develop my web app testing skills. As a Lead Consultant I was responsible for managing the engagement from start to finish. i.e. introduction through to performing the penetration test giving the debrief at the end with the client and often senior management and then compiling a report for the client along with any follow up conversations regarding the assessment and results.
NCC Group - Security Consultant
Jan 2014 – Aug 2014
Working as a penetration tester for NCC group, one of the worlds largest pentest companies. Working alongside some infosec famous colleagues of which has helped me enhance my understanding in particular areas, specifically web application testing. My roles is to provide penetration tests for companies, covering all aspects of IT Health checks, such as web app testing, infrastructure, build reviews etc.. My role is similar to my previous job except working for higher profiled clients with a larger company who specifically help with personal development.
Randomstorm - Security Engineer
September 2012 – Jan 2014
My position on the Professional Services team at RandomStorm involved internal and external penetration tests for the public and private sector. I worked with highly privileged clients including councils and government servers. A full technical understanding of almost all Operating Systems is required and a good understanding of network infrastructure.
My duty was to perform active and passive reconnaissance against the target and use information i had gathered to launch specific attacks against the hosts within a given scope. Vulnerabilities will then be exploited in order to compromise systems and methodical attacks used to escalate further privileges within a network for Domain Admin level access or find specific business critical files. A report is written for each job undertaken with detailed information regarding the vulnerable target hosts, business impact and remediation advice. Proof of concept screenshots and evidence is also provided to the client to show exploitation is possible and is not just theoretical.
I undertook training by other team members to continually help improve my performance and work quality and keep up-to-date with new security threats and exploits through online infosec groups and partaking in security and pentesting conferences.
During my time here I achieved 'Rookie of the year' award issued by the company.
Republic - Systems Administrator
June 2012 – September 2012
A Systems Administrator for Republic. They are one of the leading competitors for modern fashion in retail. With a vastly expanding company and reputation they are investing in a multi-million pound Oracle integration. My Role as a Systems Administrator involved administering the internal Domain and systems including project work and testing for the Oracle integration. As i am the only other Linux user at the company other than the DBA, I find myself spending a lot of time working and helping configure and setup Oracle databases and creating and configuring the VM’s on Oracle Servers and installing new Blades. Since starting my position here i have implemented an internal monitoring solution and a PXE environment. I have also Setup an internal Wiki for the IT support team and implemented a new helpdesk system. I am involved in the creation of the new E-boutique system that will be put into the new store in Leeds on September the 14th.
Webfusion - Senior Dedicated Server Engineer
January 2010 – June 2012
I was a member of the Senior Engineer team for Webfusion who are a leader in the European Hosting industry. They provide a wide range of hosting platforms ranging from simple websites to cloud hosting environments. As a second line engineer I am currently responsible for dealing with escalated issues which other staff are unable to resolve. My support scope covers dedicated servers, shared hosting and Virtual Private Servers. I am responsible for providing the support for primarily dedicated servers for “123-reg” “xcalibre” “Donhost” and “Webfusion”
As working as part of such a diverse role I am required to have an in-depth understanding of many key areas to both Linux and Windows OS in regards to dedicated servers and web servers. Many of these are listed below;
A complete understanding of DNS
Apache, Qmail, SSH, MYSQL, FTP, Unix Commands, Unix Software e.g. denyhosts, IPTables, Plesk
IIS, FTP, MYSQL, Windows Features and Roles, RDP, Firewalls, Mail-Enable,
Server Diagnostics and Log evaluation both on Linux and Windows servers.
Understanding Server networking in a datacentre environment and VLAN's as well as IPMI power adapters.
Load balancers for custom solutions and setting up this in a working environment
Using backup services and creating backup scripts with rolling volumes on external servers.
The Operating Systems I am required to know are:
Centos, Ubuntu 6-10, Fedora, Redhat, Windows 2003 Web-Std-Ent, Windows 2008 Web-Std-Ent
Pantheon Financial - Systems and Network Administrator
August 2008 – March 2009
I worked for Pantheon financial as a systems administrator working alongside the IT manager. Pantheon is a large financial organization encompassing 7 sites across the UK with 10 servers and 150 users.
Below are some of the day to day jobs that were involved in my role:
Supporting a 7 site Active Directory
Citrix Server Installation & Management
Providing desk side user support
Providing Telephone / Remote Support
Windows Server 2008 – I installed and managed a new 2008 server on our network
Network Cabling Installation
Hardware installation/Fault finding
I have detailed below some of the technologies and I worked with in this role:
Exchange Server 2003
Blackberry Enterprise Server
Windows 2003/2008 Active Directory
Bespoke Accounts Software
Systemnet - IT Technician (Apprenticeship)
December 2007 – July 2008
Systemnet are an IT outsourcing company which encompass supporting a large parent company, and multiple external clients. They also provide CCTV, networking and door access installation services. As part of my position here I was working with the Senior IT technicians supporting the parent company and working on customer sites fitting networks, CCTV and Interactive Whiteboards.
Below are some of the responsibilities I had whilst working here;
Installing Interactive Whiteboards
Installing Door Access
Windows 2003/2000 Server support and management
Desk side support for users
Supporting clients by assessing their IT needs
Following through the full order process from site surveying, ordering equipment through to installing servers, cabling, Operating Systems, Domains and Support
Supporting following technologies:
Windows Server 2003 – Administration, Installation & Configuration of Windows Domains and Active Directory
Exchange Server 2003
Switches/Routers/Networking Infrastructure installation.
Laptop and PC Repairs – Hardware repairs and component replacements
Telephone and Remote Support – VNC, Remote Desktop
Internal Penetration Testing
External Penetration Testing
Web Application Testing
Windows OS / Server
Certified Ethical Instructor (CEI) 2019
Certified Ethical Hacker (CEH) 2019
Crest CPSA 2015
Crest CRT 2015
Parallels Plesk Certification – basic and Advanced 2010
CISCO Advanced Security 2007
BTEC Advanced Award IT Practitioners 2007
NVQ 2 IT Practitioners - DISTINCTION 2007
NVQ 2 IT Professional - Merit 2007
7 GCSE’s at Grade C and Above 2006
IT GNVQ 2006