Cyber defence · consulting · engineering

I help organisations build cyber defence that works in the real world.

Detection engineering, incident response, threat-led testing, and the messy human reality of running security in real organisations. Based in the UK, working in UTC.

Get in touch What I do Projects Privacy resources
Selected work

Projects

Reverse-engineering an over-the-air attack that turned three meeting-room TVs into a covert data-egress channel.

HbbTV “Red Button” smart-TV attack research

A breach investigation in 2021 that traced a 94 GB data theft from a UK healthcare provider back to three meeting-room Samsung TVs, compromised over the air through the HbbTV "red button" interactive …
A slate-form portable cyber operations workstation, hardened by default.

Covert Cyber Deck

A 280 × 230 × 30 mm slate built around the Raspberry Pi Compute Module 5 with dual SDRs, monitor-mode Wi-Fi, a BlackBerry-style keyboard, and a fully hardened Ubuntu base. Designed to be self-containe…
Free, defender-focused intelligence on every IP address you can throw at it.

IP Insights

A free threat-intelligence service that answers a single question quickly: what is this IP address, and should I be worried about it? Backed by a network of 73 honeypots, tarpits, and deception device…
All projects
For the people who land here needing help

Privacy & anti-surveillance

Practical, opinionated, UK-flavoured resources for taking back control of your exposure and resisting the steady normalisation of surveillance. Long-time supporter of the EFF; long-time user of OpenPGP.

OSINT self-audit

Find what's out there about you, then take it down. UK-specific.

PGP / GPG primer

A practitioner's honest take. Where it earns its keep, where it doesn't.

Encrypted contact

Signal, PGP, and other channels — tiered by sensitivity.
All privacy resources
Recent writing

From the blog

Security architecture for the operationally honest

9 December 2015

Most architecture diagrams describe a posture that nobody can run. Here is what changes when you design for the team that has to operate it at three in the morning.

Threat hunting without the marketing

22 November 2015

Strip the buzzwords away and threat hunting becomes a small, disciplined practice. Here is what it actually looks like in a real estate.

Building a defence function people don't quietly leave

14 October 2015

Talent retention is the unspoken metric on which every security programme actually rests. Here is what changes when you start designing the function for the people inside it.

All posts