John is a senior consultant with over 10 years commercial experience. John has a technical focus and is CREST accredited, often leading many of Marclay’s penetration testing projects and technical elements of investigations, audits and our virtual CISO service.
John began his career in the Royal Marines, where he worked on cryptography and managing secure communications for his team whilst deployed on live operations. After enhancing his technical skills whilst in the military, John then began his career working as a penetration tester and technical manager developing his skills in network infrastructure testing, black and white box testing, simulated phishing tests and advanced social engineering. John has worked with the NCSC on a variety of technical testing projects and has been the lead on complex public and private sector engagements.
As a technical specialist, John leads the more technical aspects of our work. This includes detailed penetration testing during information security auditing, analysis, and exploitation of key data during incident or cyber investigations and wide-ranging strategic plans for technical infrastructure hardening as part of our virtual CISO offerings. John has developed a reputation for his technical clarity of thought, especially when engaging with CTO’s, and is one of the UK’s leading thinkers on cyber-attack techniques. Able to quickly understand the architecture of a network or cloud environment, John’s input at the outset of an incident response is particularly valuable.
John has several leading industry recognised security qualifications and continually seeks to improve his knowledge by conducting threat research and development. John is also able to build and code hardware and has built RFID cloning devices and IMSI catchers as part of authorised testing projects.
Outside of the work environment, John is a keen cyclist and runner as well as a clay target shooting enthusiast.