I was quite a late bloomer into the IT world. My parents bought me my first computer when I was about 13 years old and much to my colleagues dismay it was Windows XP! I remember my Dad always telling me not to break the PC as I was notorious for playing with settings I didn't understand. Funnily enough, I never was interested in gaining a career in IT and always planned to go to drama school. After much consideration I decided to undertake an Ethical Hacking undergraduate degree, which I didn't complete as I realised real world experience would put me ahead of my classmates. I do plan on going back to University at some point soon, to hopefully do a non technical degree, in most probably business.
Since being in work I have had the opportunity to conduct security assessments and penetration tests for a number of different companies across many sectors. I have spoken at many conferences (BlackHat Abu Dhabi, BSides Chicago, DeepSec Vienna, JustForMeeting Portugal, DC4420 London and a number of different domestic OWASP chapter meetings). This has allowed me to travel across the world, hacking a lot of different things and speaking to a lot of different people.
I began my security employment working for a small company in the North of England called RandomStorm as a Security Engineer. Here I focused most of my attention on hacking web applications but was also involved in building the hardware and installing the software for one of their SaaS solutions.
During my time at RandomStorm, I began working on an idea that would help security researchers alert vendors to vulnerabilities in their products. upSploit was created to provide a quick and easy platform to automatically create and send advisories and make sure that if the vendor didn't reply they would constantly be reminded until an appropriate time where the advisory would go full-disclosure. The project is currently on hold for development and upSploit v2 will be released late this year / early next.
I then started working for Trustwave SpiderLabs. I was in the Application Security Services team and conducted web application and external penetration tests on a regular basis. I also worked with the research team to help coordinate the advisories our teams created when alerting vendors to problems that were found on pentests.
I currently work as a Lead Security Specialist at Visa Europe focused on making sure the business is upholding a good security posture. In my spare time I conduct web application and external penetration tests for a number of personal contacts as freelance contract work.