MILDLY EFFECTIVE SELF PROMOTION PAGE
Update: I no longer work in the cybersecurity field, so all of the below content is now outdated / archival. I'm looking to coach beginners at rock climbing in the near future so please get in touch if you're up for that! A new (and also mildly effective at best) rock cilmbing promotional page will be added soon. That being said, if you are a charity or activist group in need of assistance in the cyber realm then please don't hesitate to get in touch. I will try my best to help you or find someone that can.
- - -
Hello, welcome to my 'professional' portfolio page, here is a picture of me wielding two axes in a field. This website is definitely not mobile-friendly so be prepared for horrifying walls of text.
I try to bring the ideas and nuances behind security, hacking, and the wider hacker culture to a mainstream audience in creative, unique ways, with a view to raising awareness and knowledge around important cyber issues while hopefully providing some entertainment along the way.
I am most interested in working towards maximal global security, safety, and privacy for everyday individuals, helping them protect their information from cyber threats such as corporate/government surveillance and widespread mishandling and abuse of personal data.
I split my time between creative/technical consultancy and speaking/writing, covering a wide range of sectors and topics. That's quite a boring and vague sentence so what I've done is made a list of works and added some accompanying images, thus successfully achieving the bare minimum required of a portfolio.
I like to mix things up, from keynoting at the European Central Bank to working with contemporary dancers on theatrical stage performances to creating exhibits for spy museums to inspiring the next generation of hacking / privacy experts.
This isn't an exhaustive collection of my work because, as you can imagine, working in the field of hacking/cybersecurity results in a mountain of very convoluted non-disclosure agreements, even for projects that aren't particularly sensitive.
An espionage and hacking museum based in New York, I was SPYSCAPE's "Head of Hacking" throughout its yearslong journey from a single document full of potential story ideas to a 60,000 square foot attraction in the heart of Times Square.
My role covered everything from drafting entire physical exhibits to creating briefs for a talented London design team who constructed a large and varied collection of immersive spy challenges and games.
I also researched decades of spying/hacking history and working with skilled product designers, copywriters, developers, user experience professionals, and architects, all to ensure absolutely every real life story we told, from Alan Turing to Edward Snowden, made perfect sense in relation to every other aspect of the museum and left visitors with a mix of both knowledge and excitement.
The New York Times describes SPYSCAPE as the headquarters of our cultural fascination with the art of deception. American lifestyle magazine Town & Country say that it's one of the best things to see and do in New York.
Inspired by Misha Glenny's excellent book McMafia: A Journey Through the Global Criminal Underworld, this fictional series sees businessman Alex Godman, born into a family of Russian mafia exiles, drawn into the world of organised crime.
I worked with the show's writers and creators on hacking and espionage related plots. I don't want to spoil the series by giving away too many details, but I will say that certain computer takeover and data obfuscation methods that occur are both novel and very much unexpected.
A review by Den of Geek says "The technology is so involving that one of the suspenseful highlights of the heroin theft is when the hacker says he has to reboot. This makes episode 4 a high point for McMafia." Here's a small clip if you don't mind spoilers.
You can find the official trailer here.
Barclays Cyber Security Awareness Month 2017
I worked with Barclays bank to create a video piece aimed at raising internal awareness around cybersecurity threats. This piece featured myself and a journalist talking through how large financial institutes can be breached, from highly sophisticated 0day attacks to exploiting random employees through social engineering and leveraging access to sensitive data.
The video was then repeated on various screens inside Barclays HQ in Canary Wharf, London and in the nearby tube station. Originally I thought it might be played for a week or so, but two years later somebody approached me on the street and said "you're the guy from that damned looping video in our office building". So I suppose it must still be playing somewhere, persistently instilling the fear of hacking into thousands of bankers, which is quite amusing.
Jokes aside, this was a nice project, and I applaud Barclays for being years ahead of their competition when it comes to emerging threats and security awareness. They were very much on the ball.
Teh Internet Is Serious Business
Written by Tim Price, this play at the Royal Court Theatre in London delved into hacktivism, Anonymous, and LulzSec, capturing the essence of the internet and its boundless creativity/madness, as well as more serious themes around mental health, paranoia, trust/distrust, and the collective virtual hivemind. An impressive set design by Chloe Lamford includes a giant ball-pit, imposing Hollywood and corporate signs, and the occasional inflatable palm tree.
I worked with the writer, director, actors, and dancers to help shape the story and its themes, working through the representation of the internet in real life and advising contemporary movement experts and the choreographer on how to portray cyber attacks, e.g. what a Distributed Denial of Service Attack might look and feel like in dance form.
Michael Billington, a theatre critic since 1971, praised it as a high-speed hacktivist adventure, concluding that "as an analogue-trained hack, I found its portrait of a world of digital activism both enlightening and unexpectedly touching."
Two years after the original London run the play was adapted in South Korea and made even more bizarre.
Agent Asha: Mission Shark Bytes
Written by Sophie Deen, CEO of Bright Little Labs, this fictional children's book tells the story of Asha Joshi, a young girl from London who has just joined the top secret Children's Spy Agency. Her first mission is a big one - she must save the entire planet from evil teen trillionaire Shelly Belly, hack her way into the world's largest tech company, and deal with an army of sharks that are disrupting global internet connectivity.
This book is a really lovely mix of education and entertainment, providing realistic coding knowledge and exercises on critical thinking for young kids. It also contains engaging comic strip style segments and interactives.
I helped out with early readthroughs of the material, providing ideas and suggestions around hacking, future technologies, and real world examples that could be woven into the story. I also had the enjoyable opportunity of really expanding into the realms of the ridiculous given this was aimed at children, which meant talking hamsters and sentient drones were within scope for storytelling.
You can order the book from Waterstones. Also check out the Bright Little Labs brand as a whole if you have kids, as it boasts a seriously impressive collection of educational materials.
Battersea Arts Centre / The Space
The Space, an organisation which supports the UK arts and culture sector teamed up with The Battersea Arts Centre to develop online installation pieces, working with 13 artists to develop and realise their ideas through coding workshops, 1-on-1 feedback, audience testing, and partnerships with programmers.
I was one of three judges who chose the winner of this initiative from three finalists.
Deborah Pearson's piece allowed anyone to make an alternate version of their real Twitter account, showing you a potential life that could have existed had you made different choices along the way. Ben Pacey created an artificial intelligence that could be communicated with in unique and intimate ways. Rhiannon Armstrong compiled an immersive collection of real-life human confessions, all donated completely anonymously.
All of these were seriously impressive concepts, but in the end we chose Rhiannon's piece, titled The International Archive Of Things Left Unsaid.
I tried to keep this section as lean as possible by limiting it to only talks, lectures, and panels, with a couple of exceptions. Everything else can be found in "Other Media".
My ethos with public speaking is fairly simple. I like to make sure everyone in the room is having a good time and that they're not just being bombarded with dull memorised information that is quickly forgotten.
When the day ends and everyone disperses as the stage/studio returns to emptiness, we can all (hopefully) be left with something nice in our minds.
Physicist Richard Feynman said that there's a pleasure in finding things out - a kick in the discovery of knowledge. Comedian Norm Macdonald said that it's one thing to make people laugh, it's another to make them smile. I reckon both of these quotes ring true when having a stab at talks and presentations.
Baillie Gifford - Cyber Security Forum
A major investment management firm wanted to learn about staying safe online and securing end devices, so they chose me to waffle on for an hour (twice) about passwords, full disk encryption, threat modelling, and online PerSec/OpSec. Excellent Q&A covering GDPR tricks, the dubious ethics of companies like Apple, and the good/bad of global law enforcement responses to hacking.
Talk | Virtual
I delivered the keynote to open day 3 of the event, themed around cyber security strategies. In the year 2021 it's ransomware, ransomware, ransomware. I spoke about ransomware and more ransomware. How it works, why it works so well, who the players are and how governments, corporations, and insurers are reacting to it. In a post-talk Q+A we discussed 0day markets, bug bounties, hacker festivals, and more. This was my first event in an actual studio since COVID19 lockdowns so it was a real delight to be in meatspace rather than virtualspace.
Keynote | London
An engaging panel discussion hosted by investigative journalist Geoff White entirely focused around passwords. It was a treat to nerd out over very specific technical details, like differences in password hashing schemes and key derivation functions, specifically how companies can implement superior protection policies, and provide insight into exactly how passwords are cracked (sometimes very easily).
Panel | Virtual
A talk and fireside chat hosted by Cystel, a cybersecurity and artificial intelligence company. I discussed how companies can be hacked - from smart devices in the lobbies of casinos to thorough network takeovers of major banks. Plus the growing hype of SOAR technology / defensive AI, and automation tools used to vastly scale hacking operations.
Talk | Panel | Virtual
Europe's leading trade fair for IT security. I was honoured to be entrusted with their Special Keynote, especially as this same speaking slot was given to Edward Snowden a few years prior. With 60 minutes to play with I tried to cover as much as possible, from 0day markets and ransomware gangs to government spy technology and global responses to cyber crime. Most importantly I talked about the future of hacking and how we can collectively embrace authentic hacker culture.
Keynote | Virtual (originally planned for Nuremberg)
"The leading European event on cybersecurity". I featured on a panel discussing the future of Artificial Intelligence. I particularly enjoyed talking with the Cyber Defense Commander of the French Military, Didier Tisseyre, about the ethics of AI and automation in times of conflict. Despite an hour of me fiddling with a translation device and looking perplexed as things rapidly switched back and forth from French to English, there should be some interesting content.
Panel | Grand Palais, Lille
A discussion around the future of hacking with various experts, from a GDPR lawyer to the president of CREST. This was a particularly interesting and lively event which resulted in a very insightful report produced by Redscan plus video interviews with every guest. A great example of how roundtables should have a purpose and meaningful output.
Roundtable | Interview | London
European Central Bank IT Conference 2019
Myself and colleague Mustafa Al-Bassam performed a joint keynote, live hacking demonstration, then an afternoon panel with others. We covered various parts of the malicious hacker ecosystem and its impact on the financial sector, plus emphasised the importance of large entities like banks hiring exceptional security personnel rather than just checking boxes.
Keynote | Live demo | Panel | European Central Bank, Frankfurt
A deep dive into hacker culture with a room of medical students. In this long lecture I covered everything from bug bounties to surveillance capitalism. I also got stuck in with some other activities on offer such as applying surgical sutures to a pig's foot and learning about intubation techniques.
Lecture/Talk | Second Faulty of Medicine, Charles University, Prague
I introduced the 20th anniversary of the legendary movie "Hackers" and then interviewed the director, Iain Softley. We held a costume contest and gave out a fantastic bottle of vintage whisky to the winner. EMF never fails to provide a fantastic vibe.
Interview | Talk | EMF Camp, Herefordshire
On stage with colleague Mustafa Al-Bassam, we talked through Serious Crime Prevention Orders, a set of restrictions that can be placed on individuals after they've been through the legal system. We both had one ourselves covering the use of encryption and internet-enabled devices. This was the perfect technically-minded audience for this topic.
Talk | EMF Camp, Herefordshire
I brought the history of Anonymous to a younger audience, hopefully leaving some inspiration and tips on getting into the field of hacking/security. The live translator for this event was particularly awesome - they picked up on very niche hacker jokes and delivered them instantly to a sea of audience headsets.
Talk | Copernicus Science Center, Warsaw
Following the release of the short documentary A Hacker's Story (see media section below), I did a tour of Q&As and panels. I haven't listed them all here, but this one was particularly interesting as it took place a few days after GDPR came into force in the European Union (May 25th, 2018). I was sat next to someone from the Met Police who was an excellent sport after a few pokes occurred from myself and the audience at certain law enforcement protocols. A lively London crowd with lots of interesting questions.
Panel | Google Campus, London
This primetime Japanese TV show translates to "The Most Useful School In The World" or "The Class I Want To Take Most In The World". I guest lectured throughout this episode on the best basic security practices for a young mainstream audience, from avoiding password reuse to making sure a website is authentic. I must say, this was my first experience with Japanese TV and it is absolutely wild - fast, colourful, and full of animations.
Lecture | Tokyo/London
Back in Sri Lanka for a second time in 2017, this time with Darren Martyn for talks and live hacking demos for a CEO/government audience, with a focus on Sri Lankan infrastructure. We had the opportunity to speak with government officials, military leaders, and heads of private companies about a range of cybersecurity issues, and also found the time to visit a nearby elephant orphanage and explore local temples.
Keynote | Live demo | Panel | Cinnamon Grand Hotel, Colombo
In this short presentation I try to drill down into the art and culture behind hacker visuals, from the Anonymous mask to online activist "call to arms" images. A young audience and so naturally I threw in my favourite "hack the Dutch government and a get a t-shirt" slide, which you'll find thrown about quite a bit if you're crazy enough to watch all my talks. Afters a panel with three other speakers titled "Rebels with a cause: can one person make a difference?"
Talk | Panel | Gulbenkian Theatre, Canterbury
A couple of days after my TEDx talk (see below) I flew to Sri Lanka to keynote their first ever Cyber Youth Summit. Speaking to groups of students from every school in the country, I tried to encourage positive hacking and advised government ministers on potential advancements in the educational system. Also the first opportunity I've had as a speaker to light a giant ceremonial golden oil lamp.
Keynote | Bandaranaike Memorial International Conference Hall, Colombo
The topic: hacking as a force for good. My first attempt at the TED format, with stories of the past and advice for young people navigating the world of hacking and cybersecurity. A great set of fellow speakers and as a bonus we had the pleasure of getting a motivational pre-conference pep talk from legendary guitarist Nile Rodgers.
Talk | O2 Arena, London
The answer to that question, like in the quantum realm, is usually somewhere in between, until the wave function collapses and everyone is either given a medal or sent to jail. I've worked with ThinkNation on a few events, this being the first - a talk about LulzSec/Anonymous and the future of hacking followed by an exciting panel which takes place on the strangest seats I've encountered in my career thus far.
Talk | Panel | Gulbenkian Theatre, Canterbury
A four-day festival around movies and literature dealing with our digital futures, with screenings of Snowden, Her, Ex Machina, and 2001: A Space Odyssey. I featured on a panel which introduced the documentary Lo and Behold, Reveries of the Connected World by Werner Herzog. Myself and academics from the university discussed themes and ideas around how technology will shape our lives, for better or worse, in decades to come. Hull had just been named the UK's "City of Culture" at the start of 2017 and was producing some strong events.
Panel | Middleton Hall, University of Hull, Hull
The CCC is Europe's most respected and popular hacker event, which showcases the true meaning of hacker culture. At their 2016 conference I was part of a panel that discussed the ongoing case of Lauri Love, who faced extradition from the UK to the USA for alleged hacking, despite no evidence being brought forward. We tried to rally people to his defense as an aggressive prosecution attempted to strip away his livelihood and health. Two years later the case was resolved in the High Court, where a judge ruled in favour of Lauri and completely blocked the extradition attempts.
Panel | Congress Center, Hamburg
A panel from 2015 with an IoT designer and smart city designer talking about the future of our cities. My view was that perhaps not all objects need a computer chip inside of them, and we're ironically making our world stupider and more prone to failure and abuse by connecting everything to everything else under powerful corporate structures.
Panel | VICE, London
Introducing a showing of the play "Teh Internet Is Serious Business", I joined Darren Martyn, Ryan Ackroyd, Mustafa Al-Bassam, and moderator Gabriella Coleman for a discussion around our past motivations and collaborations. There was a giant ball-pit at the base of the stage, because why not?
Panel | Royal Court Theatre, London
My first public talk, all about the Anonymous/LulzSec story, which was fresh in my mind from legal events the same year. I was extremely nervous but with the motivation of the WIRED team (especially then editor David Rowan) it seemed to go smoothly.
Talk | Tobacco Dock, London
Anonymous/LulzSec has been covered in thousands of articles and news pieces over the years. None of that is included here as I only want to list items that I actively participated in rather than copy and paste a bunch of decade-old things that were written about my past online personas/characters.
The list below is a combination of articles, on-screen interviews, or quotes given, covering print/digital media, TV, documentary, and podcast. All unique stories/topics where possible to avoid overlap. I must warn you though that some of it is absolute blather, such as the time I got a story about a squirrel into the Metro newspaper.
Also included is press generated from talks/presentations, especially if no video is available for that content.