Information Security and Penetration testing

Every day we read of new data breaches, unauthorised access, exploiting of vulnerable services, and hacking mischief in general.  For the past few years I’ve been incredibly interested in Information Security (InfoSec) and penetration testing, and have found myself drawn to this discipline more and more.  I am a Certified Security Test Professional (CSTP), and I’ve recently earned the title of Certified Ethical Hacker, which is best described as:

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.

Source: EC Council

I’ve embarked on a period of research and study as well as attended hacking tools and methods courses by respected InfoSec industry veterans such as Troy Hunt and Hacker House. I’ve put the skills and knowledge gained from my InfoSec education to use for many clients as part of general testing, now I offer clients specific penetration testing services, including:

  • Infrastructure security assessment
  • Web Application security testing
  • Social Engineering (remote and on-site)
  • Open Source Intelligence (OSINT) research
  • Version and patching review
  • High level and in-depth reports

I use the same tools that hackers may use against your systems and software. I’m constantly reviewing, researching and studying tools and techniques; I attend InfoSec events including OWASP London Chapter meetings, BSides London, Security Congress, SteelCon conferences, as well as participating in numerous online penetration testing and InfoSec forums and groups.

I will work with your test teams and developers to highlight the secrity areas that they should be aware of (e.g. OWASP Top 10), and advise your clients how they can improve their online security. No-one wants to be hacked – do what you can to reduce the risk of being a victim of the ‘black hat’ hackers (they’re the bad guys, they use their hacking skills for malicious intent; ‘white hat’ hackers are the ethical, good guys who strive to make systems safer and less vulnerable).

I’m an ethical, white hat hacker; please contact me to discuss your security requirements.