If you’ve realised or you already know CTUS.IO is a one-man outfit, you might want to understand a little bit of my work history that might help you make your decisions to work with me.

Below is a reflection of what you might consider a CV, where there are clients that I wouldn’t want to name on here, I’m happy to share whom I’ve worked with over the phone or a coffee.

I’ve worked in Luxury retail, government, aviation, medical, fin-tech, finance, charity, church and ‘white labled’ at many partner security companies.

They all want the same thing, visibility of the problems known and new, validation, recommendations, support and confidence, I’ve broken down the common criteria for all the work I’ve done over the past 8 years in the main menu to try and highlight areas that are familiar to organisations, but if I’ve missed something, I’m sure I can bring value.

 

yeah, yeah, Give me the CV

Independent Security Contractor.

CTU Security Limited, London

July 2015 – Present

Working as a security provider across a range of companies as diverse as the technology in use, the best way to generalise the tasks employed for are essentially problem-solving and problem prevention.

Since 2015 I have delivered penetration tests for security companies and performed security assessments on security companies.

For the past two years work delivered has been a range of assisting delivery of business programs, building out the effective operation of security teams and awareness programs.

Principle Security Consultant

Investec Bank (UK), London

August 2013 – July 2015

An average month at Investec would consist of threat modelling and penetration testing of services, systems and processes.

Issues broken down to the point of conception,  language prepared for the different layers of the business based on how far the issue reached, while not actively penetration testing or sometimes in parallel I would be optimising vulnerability scanning, build quality ingress-egress concerns and how we action them short term and long term.

Third party security became a large part of my role, with small microsites from marketing purposes to integrations, ensuring good security and creating baseline acceptance and tolerance criteria was a recurring exercise.

 

Senior Penetration Tester

CHECK Team Leader / CHECK Team Member Via Tiger Scheme

Various Security Companies, UK Wide

January 2010 – August 2013

Over this periodI had conducted penetration testing, vulnerability scanning and security reseachfor Pentura, Digital Assurance, Information Risk Management  (IRM) and Sapphire in a permanent team member and contractor capacity

Responsibilities common to a CHECK Team security consultant are to deliver effective penetration and security testing, along with confidence in remediation.

 

VRP/BugBounty & Notables:

  • eBay
  • Portswigger
  • Tennable
  • Netsparker
  • Facebook
  • Apple
  • Recorded Future
  • Adobe
  • Atlassian
  • Splunk
  • Cloudflare
  • VMWare
  • Detectify

 

  • Ecava (SCADA)
  • Bromium
  • Symentec
  • Yandex
  • ZScaler
  • Barracuda
  • Bugcrowd
  • meraki

Training and Posts: