Jan 2022 – Present · 4 yrs 3 mos

• Lead global Product Security, InfoSec, AI, and IT operations for high-growth enterprise fintech experiencing 40%+ YoY expansion across 5 emerging markets. Manage 50+ staff and $10M budget securing large-scale operations for thousands of employees and tens of thousands of field agents. Report to ExCo and present to board on cyber strategy.
• Built security program from zero to mature state - directly contributing to company achieving profitability while scaling rapidly. Own AI transformation as discontinuous innovation, pioneering GenAI implementation across all business units. Partner with President, CEO, and C-suite on strategic technology decisions affecting enterprise-wide operations.
• Built security program from zero - directly contributing to M-KOPA achieving global profitability through massive reduction in fraud losses
• Own global AI business transformation - leading enterprise-wide rollout of - AI tools, training programs, and agentic systems across all business units
• Established product security and threat intelligence divisions from scratch - revolutionised mobile security for M-KOPA and partners including Samsung and Nokia
• Pioneer in GenAI security monitoring (2022) - developed world-leading agentic threat intelligence capabilities
• Transformed InfoSec from nothing to comprehensive program: full EDR deployment, 24/7 XDR monitoring, external threat intel, NIST-based IR team
• Own all IT, Security and AI risk for regulated fintech/banking environment - ensuring compliance across multiple jurisdictions
• Lead strategic planning, budgeting, and major vendor negotiations - partner with CFO on departmental financial planning
• Remain hands-on technical - writing code and pioneering AI developer tools (Claude Code, Notion AI, Copilot, MCP) to drive engineering efficiency
• Revolutionized OKR management through AI automation, driving organizational efficiency
• Regular engagement with President, CEO, and C-Suite on strategic decisions

Jan 2021 – Jan 2023 · 2 yrs · Warwickshire, England, United Kingdom

• Industry expert brought in to teach advanced binary exploitation to undergraduate and postgraduate students. Delivered practical offensive security training alongside industry roles.
• Taught low-level exploitation techniques including buffer overflows, Windows mitigation bypasses, and malware reverse engineering
• Developed coursework covering memory exploitation, assembly programming, and fuzzing fundamentals
• Translated complex vulnerability research experience into accessible curriculum
• Mentored next generation of security researchers in practical attack techniques

Jan 2021 – Jan 2022 · 1 yr

• Led a team of 3 researchers developing cutting-edge offensive capabilities for the global security market. Focused on discovering critical vulnerabilities in widely-deployed systems.
• Discovered critical email spoofing vulnerability affecting 97% of top 1 million websites - could bypass SPF, DMARC, DKIM and ARC chain protections (https://github.com/Accenture/mail-spoofer)
• Published research showing how to spoof emails to MI5, No 10 Downing Street, CIA, GitHub, Big 4 firms and major cybersecurity vendors (https://www.youtube.com/watch?v=j6NJnFcyIhQ)
• Developed XEN hypervisor instrumentation for government - enabled VM monitoring invisible to rootkits
• Identified vulnerabilities in consumer IoT devices and backends, including EV charging infrastructure
• Expanded technical skills to include Rust and Go alongside existing expertise in Python, C, C++, Java, Ruby

Jan 2019 – Jan 2021 · 2 yrs

• Founded and led a boutique security consultancy specialising in advanced vulnerability research for government, FTSE 100, police and military clients. The focus is on exploiting hard targets, ranging from Windows kernel vulnerabilities to IoT devices.
• Conducted security assessments for UK government agencies, police forces, military and FTSE 100 companies
• Executed red team operation against power generation facilities - remotely rewrote camera firmware to bridge air-gapped ICS/SCADA systems
• Identified critical vulnerabilities that could have compromised significant portions of the UK power grid
• Specialised in exploiting Solidity/blockchain smart contracts and extracting machine learning models
• Performed red team exercises, extracting ML models from sensitive government and police AI systems
• Delivered source code reviews, reverse engineering, and binary rewriting using Binary Ninja

Jan 2016 – Jan 2020 · 4 yrs

• Conducted advanced security assessments of telecommunications infrastructure deployed across UK, USA and New Zealand networks. Reported directly to GCHQ and Huawei leadership on critical national infrastructure risks.
• Discovered "nationally significant" vulnerability in 2019 that could compromise global internet infrastructure - awarded GCHQ/NCSC challenge coin for preventing worldwide telecommunications crisis (https://news.sky.com/story/gchq-discovered-nationally-significant-vulnerability-in-huawei-equipment-12086688)
• Provided critical input for emergency firmware patches deployed across multiple countries to prevent internet outages
• Performed symbolic execution and bounded model checking using Z3 solver to mathematically prove vulnerabilities in kernel and embedded systems
• Developed assembly-level exploits for embedded systems across PowerPC, ARM, and MIPS architectures
• Built custom fuzzing tools with sanitisers (ASAN, MSAN, TSAN) for VxWorks and other real-time systems
• Created emulation frameworks for hardware systems to enable vulnerability research at scale
• Reverse-engineered network core infrastructure using Frida, IDA Pro, and Binary Ninja

Jan 2012 – Jan 2016 · 4 yrs

• Conducted vulnerability research on critical national infrastructure, including intelligence services, military systems, financial infrastructure, payment cards, and biometric identity systems. Discovered multiple zero-days in cryptographic implementations used across the UK government and allied nations.
• Part of the pioneering NCSC team that revolutionised global password policy - first in the world to recommend passphrases over 90-day rotation, fundamentally changing authentication practices worldwide
• Developed advanced biometric spoofing techniques for fingerprint, facial recognition and iris-based systems using mathematical modelling of recognition algorithms
• Among the first globally to implement and test FIDO authentication standards (2013), years ahead of industry adoption
• Discovered zero-day vulnerabilities in AES implementations, presenting findings to GCHQ and NSA mathematicians
• Collaborated with MI5, FBI, NSA and other allied agencies on identity and authentication security
• Performed hardware-level security assessments and low-level attacks on embedded systems

Jan 2012 – Jan 2016 · 4 yrs

• Deployed operator supporting UK special forces in hostile environments. Specialised in telecommunications networks (2G/3G/4G/WiFi). Completed multiple operational tours, including a secondment to MI6 overseas.
• Developed custom tools for real-time network analysis and signals intelligence gathering
• Created proprietary software used in counter-terrorism operations
• Provided lawful interception capabilities to allied nations
• Technical liaison between GCHQ and special operations forces during classified missions

Jan 2010 – Jan 2012 · 2 yrs

• SOC analyst on the NATO NCIRC deployment team in Belgium. Responsible for pre-deployment security assessments and architecture hardening of NATO's cyber defence systems.
• Conducted supply chain security reviews to eliminate components and software from hostile nation states (Russia, China, Iran)
• Fixed critical vulnerabilities and validated system architecture before operational deployment
• Ensured NCIRC infrastructure met NATO's strict security requirements for multinational defence operations