I break into things for a living.
More specifically, I’ve spent the last decade finding out how organizations fail at security and helping them do something about it. The technical work is interesting, but it’s the harder questions underneath that keep me here: how people build trust in systems, where that trust breaks down, and what it costs when it does.
I run Empiric Security (opens in new tab), my independent offensive security consultancy. My CV has the full background — experience, credentials, and speaking history.
Outside of work I shoot film (opens in new tab) and ride motorcycles.
Recent Writing
- What To Do With Bad Ideas From People Who Also Have Good Ideas On consuming valuable ideas from people whose other beliefs you find repugnant, and why avoidance is the choice to be passive.
- Infosec Training Is Weird Now Enshittification comes for us all.
- Lessons in Project Management A largely unfiltered and slightly refined response to upper management’s annoying idealisms.