skooch'es home on the internet... ain't my web design skills slick?


cool things i've done (in chronological-ish order, most recent at top):
  - found XSS in RSA SecurID Cloud [1]
  - had my IoT research from 2015 rediscovered AGAIN by a team at Avast [1]
  - ran the CTF with friends again at Kiwicon 11, we used stuff like aws, docker, and terraform. it was pretty cool [1]
  - presented at WhiskeyCon/SyScan 2018 about spoofing facial biometric liveness tests... might do a proper talk on this soon [1]
  - had my IoT research from 2015 mentioned below rediscovered independently by a bunch of researchers and dubbed TRACKMAGEDDON [1]
  - ran an infosec con (BSides Wellington) with 600+ attendees in the capital of city of NZ [1] [2] [3]
  - helped start Hackers Helping Hackers, an organisation dedicated to bringing underrepresented groups into the infosec industry [1]
  - helped run a bug bounty simulation style event that had real CASH prizes for students at BSides Canberra [1]
  - (possibly) started the "hack a cheap device from AliExpress now lets all laugh at it" con talk trend at Kiwicon [1] [2] [3]
  - helped run a CTF with friends that had a SICK theme (read: gifs and WebGL) and ran it at Kiwicon for a couple years [1] [2] [3]

neat things i'm currently working on:
  - short book or blog post series for newcomers into the security consultancy industry (eta: 2020)
  - ARM reversing tutorials/blog posts/talks (eta: early 2020)

about me for companies and stalkers:
  - i've been part of the infosec community for 8+ years and have been working in the industry for 4+ years as of 2019
  - i've also spoken at and run events/workshops at infosec conferences internationally
  - i'm currently working as a pentester and security architect, working on breaking/building infa externally/internally, source code review, MDM deployments, iOS/Mac applications, and webapps
  - i've participated in bug bounties, created CTFs and participated in them, practiced OPSEC, used OSINT
  - i'm fluent in Python & JS, familiar with C and Go, but working in other languages is fun as i'm quick to pick up new things
  - i currently reside in Melbourne, Australia, but i'm comfortable with remote work or moving overseas

employment history for recruiters and head-hunters:
  - 2019 to ????, currently employed full-time as a senior technical specalist at Hivint/Trustwave [1] [2]
  - 2016 to 2018, employed full-time as a security consultant at ZX Security [1]
  - 2012 to 2016, a few casual and part-time web development and system administration roles

things i like doing in a security role:
  - mentoring and working with juniors, teaching people, running workshops and presentations
  - refining processes, improving infrastructure, making reports clear and concise
  - automating things, building tools, writing documentation and resources
  - working with the client to understand their needs, writing the proposal or statement of work, scoping cool engagements for the team
  - being a amongst a diverse, communicative, and technically badass team of people, culture and fit is important to me
  - doing interesting projects or engagements from time to time, while acknowledging that there are boring parts to every job and powering through those bits!

email me at: skooch [[at]] skooch ((dot)) ws