Independent security researcher based in the UK. I find vulnerabilities in real systems — IoT devices, web infrastructure, APIs — through original research rather than automated tooling.
Background
I came to security research through a decade in data analytics, where I developed a methodical, evidence-based approach to understanding complex systems. That background shapes how I work: I follow the detail, build a complete picture, and document findings precisely.
My research covers two main areas. In IoT, I work at the hardware and firmware level — identifying debug interfaces, extracting and decompiling firmware, and analysing the resulting code to find meaningful vulnerabilities. On the web side, I focus on infrastructure and API security, looking for logic flaws and access control issues that automated tools routinely miss.
Research
I publish detailed write-ups of my findings, including methodology, evidence, and remediation timelines. You can read them on the research page.
How I can help you
I'm available for penetration testing engagements, with a particular focus on IoT devices and web APIs. My starting point is always a manual assessment of the attack surface — understanding how a system is actually built before reaching for any tooling. If you need a checkbox compliance scan, I'm probably not the right fit, but if you want someone to think carefully about what you've built, get in touch.
Get in touch
If you'd like to discuss working together, or have a question about something you've read here — get in touch. I work remotely across the UK.