I am a senior penetration tester with extensive hands-on experience with both blue and red team environments. My expertise goes beyond delivery of just findings and I am well-versed in both implementing short-term fixes as well as rolling out a long term end-to-end security programme.


I have a significant level of hands-on experience with legacy and fringe systems - unlike most application and system security consultants, I have real world experience with often inacessible technologies such as RPG, COBOL, IBM i, AIX and z/Arch. My knowledge goes beyond just the surface level of basic auditing; I have in-depth experience with PHYP and the SLIC nucleus, and my understanding on RPG/COBOL security is scoped all the way from the source code level through the MI, VOXLATOR, machine level and SLIC kernel interfaces.

In addition to my specialisation, I am well-versed in more standard technologies such as .NET, Mobile (Android/iOS), Web, Network/Infra/Cloud/Containerisation, which puts me in the unique position where I can deliver on more common technologies while maintaining a resident presence for deeply specialised deliverables.


  • GIAC Certified Intrusion Analyst (11820)
  • GIAC Penetration Tester (11350)