I break into things for a living.
More specifically, I’ve spent the last decade finding out how organizations fail at security and helping them do something about it. The technical work is interesting, but what keeps me in it is the harder question underneath: how people build trust in systems, where that trust breaks down, and what it costs when it does.
I run Empiric Security (opens in new tab), my independent offensive security consultancy. My CV has the full background — experience, credentials, and speaking history.
Outside of work I shoot film (opens in new tab) and ride motorcycles.
Recent Writing
- Infosec Training Is Weird Now Enshittification comes for us all.
- Lessons in Project Management A largely unfiltered and slightly refined response to upper management’s annoying idealisms.
-
Less Pager For
Persistence New research for using
lessas a persistence mechanism.