I'm an Australian application security nerd who is currently working for Atlassian. I've previously worked remotely for SafeStack, HashiCorp, and in San Francisco for Cruise Automation, Salesforce, LinkedIn and co-founded Asterisk Information Security in Perth, Australia.
What is this website? Well, I realised I didn't like my about.me page very much, and impulse bought this domain a while back. So, here's my new vanity landing page thingo.
I've been involved in a few open source security projects and have also presented at a number of conferences. You can read more about these things in the ... things section.
Outside of my professional interests in application security and hacking, I'm also interested in a number of other areas of modern computing, particularly development/operations practices, web-scale/cloud computing and automation. I've been known to dabble in Golang, Ruby, JavaScript and Python, but like most things I'm passionate about, I seem to have a love/hate relationship with each of these languages. The same goes for my opinions on most operating systems (both desktop & mobile). I guess this is what keeps things interesting.
Oh - and I'm a (n)vim user
Before I was into computers though I spent a large portion of my life focused on music, particularly on the drums. This time was spent playing in a number of cover bands, studying Jazz Performance for a while at WAAPA, and playing in a number of original, Perth bands. Including Mélange, Grenade Baby Lemonade, Red Delicious, BLAST Furnace, and even doing a few shows drumming with Nathan Gaunt.
Outside of family, music and computers I'm into a bunch of regular (somewhat geeky) hobbies. BBQing, travelling, reading, writing, and gaming (console, PC, tabletop whatever).
I used to blog quite a bit, but then a few years ago deleted my old self-hosted (on AWS) wordpress and shifted to a Jekyll powered blog on github pages. During the process I went through and removed the archives - which dated back to the early 2000s I think.
I guess this section should be called projects, except I find I don't stick to things indefinitely.
I'm one of the co-authors (alongside Wade and Michele) of the Browser Hacker's Handbook. Published by Wiley, and released in 2014, I was super fortunate to be invited to help out with the project by Wade back in 2012-ish. The book wouldn't have come together without the help of so many other people though, and it's through everyones involvement I feel like I helped with something pretty amazing.
The reason I got invited to help with the book was due to my involvement with the Browser Exploitation Framework (aka: BeEF). Similarly, I was fortunate to get asked to help out with the BeEF project by Wade a number of years back, and through contributions to this project, I've been able to meet a number of brilliant people. It's funny to think about how contributing to a piece of OSS could impact your life so much, but it's fair to say that this has made me a better developer, communicator and security professional.
I'm also the creator of hcltm. A tool for AppSec and DevOps practitioners that want to standardise on modular threat modelling using HashiCorp's HCL language.
2010 - Barcamp (Australia). Web Security Slides
2011 - Australian Information Security Association (AISA) Techday (Australia). Defending Web Applications Slides. Presented with the wonderful David Taylor
2012 - OWASP AppSec APAC (Australia). Shakes Hooves with BeEF Slides
2014 - Kiwicon (NZ). Hooked-Browser Mesh-Networks with WebRTC. OR, BeEF for Vegetarians Slides
2015 - DEFCON (USA). Hooked-Browser Mesh-Networks with WebRTC YouTube and Slides
2016 - CactusCon (USA). WTF is Browser Hacking? Slides
2016 - Blackhat Arsenal (USA). A refresher on BeEF
2017 - BSides SF (USA). Dormant DOMination YouTube
2017 - Australian Cyber Security Centre Conference (Australia). (App)Sec from the Trenches
2017 - NCC Open Forum (USA). Dormant DOMination
2018 - Kiwicon (NZ). Getting Shells from JavaScript: offensive JavaScript techniques for red teamers (with Dylan Ayrey)
2019 - BSides SF (USA). Offensive JavaScript for Red Teamers (or anyone really) (with Dylan Ayrey) YouTube
2021 - BSides SF (Remote). Offensive JavaScript Techniques for Red Teamers (or anyone really) updated (with Dylan Ayrey) YouTube
2021 - CyberWest Summit (Australia). Getting started with Threat Modelling
2023 - The Application Security Podcast (Remote). Threat Modeling with hcltm YouTube
2023 - PerthSec (Australia). Threat Modelling: 14 years in the making
"Engineers are all basically high-functioning autistics who have no idea how normal people do stuff." -Cory Doctorow
I used to think that my technical skills were one of the most important skills I had. As I've gotten older, I realise that my ability to communicate is much more important.
"Empathy is a tool for building people into groups, for allowing us to function as more than self-obsessed individuals." -Neil Gaiman