My time is divided evenly between providing PCI-DSS remediation advice to Level 1/2 merchants and service providers across multiple sales channels (including e-comm, POS/store and telesales), performing security audit and secure code review, and secure SaaS dev. I have designed encryption systems for large corporations, built security governance programs, and twiddled bits in intercepted LAN traffic whilst testing new fuzzing techniques. I've done this for 25 years or more since completing my PhD in proving correctness of real-time systems. I'm an independent consultant and run a company of 8 full-time security and dev experts who do the same.

When I'm not thinking about security, I'm rock climbing, mountain biking, or motorbiking around Europe.