I started my career as a software engineer before transitioning into cyber where I took on penetration testing and application security roles. Each stage has been a rewarding struggle including training and certification, applying my skills to clients or work projects, and a lot of trial-and-error!

Let's connect on LinkedIn to stay in touch!

Where my journey has led me:

• ⚫ Software Engineer ⬇️
• ⚫ Penetration Tester ⬇️
• ⚫ AppSec Engineer ✅

In my application security experience I am currently learning (in progress!):

• 🔴 Code Reviews in Java, Python, JavaScript and others.
• 🔴 Understanding common issues in CICD implementations (OWASP Top 10 CICD).
• 🔴 Identifying commonly used SAST/DAST and other tools of AppSec.
• 🔴 Trying to figure out DevSecOps!

In my penetration testing experience I learnt:

• 🟠 Web app and API testing applying the WSTG and identifying OWASP Top 10 amongst others.
• 🟠 Physical security testing including social engineering and non-destructive entry bypasses.
• 🟠 Thick app testing of Java or C# binaries.
• 🟠 Scoping pentest work by working closely with clients and managing that relationship.
• 🟠 Identifying leaky ciphers.
• 🟠 Staying up-to-date with certification and training from HTB, OffSec, PortSwigger and others.

In my software experience I learnt:

• 🔵 Coding in Java primarily, supported by Python, Groovy/Gradle, and Bash scripting.
• 🔵 Designing software using system-level and software-level requirements and tests.
• 🔵 Applying both test-driven development and behaviour-driven development methods.
• 🔵 Utilising Agile methodologies to schedule work within the team.
• 🔵 Eliciting requirements from end-users and management and managing releases and timelines.