In the not so distance past I worked as a security consultant at Portcullis Computer Security in London. The company was acquired by Cisco. This work as a continuation of the Information Security MSc that I did at Royal Holloway in 2014-2015.

My role was initially that of a penetration tester. I mainly reviewed the security of websites (“web apps”), but also network infrastructure, and host reviews (“build reviews”).

During my time at Cisco I pivoted to cover more on the soft side of security, which is often known as GRC (governance, risk, and compliance). During this time, I picked up certificates for ISO 27001 Implementation and ISO27005 Risk Management.

Writing

Cryptography

• Hashing, fast and slow
• Learn the basics of cryptography
• Basic cryptography: “security services” as found in Bitcoin and blockchain technology
• It may look complex and unpredictable but is it really?

Technical security

• Smart contract security
• Protecting against replay attacks in inter-operating and multi-blockchain environments

GRC

• Creating better passwords
• Password managers – local vs global
• Are conventional password rules wrong?
• CIS Controls Implementation Guide for Small-and Medium-Sized Enterprises
• How secure are large-scale mining and validation facilities?
• Blockchains, data protection and GDPR

Anonymity

• Investigating the security of anonymous messaging over the Internet
• Introduction to anonymity
• Theoretical anonymity
• Concepts and schemes of anonymous communication
• In-depth analysis of bitmessage