About Me

Hey there, you’re undoubtedly reading this because you’ve just googled my name, or one of my projects.

1211.net is a domain I first registered in 1997, for projects long since left to history. Since the domain still houses my primary email address however, I keep a small gathering of information about myself here still.

I’m a software guy - writing platform services and products these days - but for the longest time I was an information security and forensics practitioner, doing incident response and investigations work. If you know that world, you’ve probably seen me at an infosec conference or twenty, or may know me by my handle from the 90’s - “Databeast”. That picture you’re seeing on the right is my entry from the “Faces of DEFCON” project, courtesy of the ever-awesome mister Eddie Mize.

Originally from the North of England, I’ve been living and working in the USA since the 90’s and now call Las Vegas home. It’s a nice change from perpetual rain at least, but you can’t find a good Lancashire Hotpot here for love nor money.

Career

If you’d like to read my current, formal resume, you can find it on Dropbox. I deliberately do not itemize every single technology and application I’m familiar with in that resume, but I do keep an itemized list on this site.


I’ve been ‘a bit good’ at computers for some time, to say the least, my first “hello world” was written in BASIC in the summer of 1982, on an Acorn BBC Model A microcomputer. For quite some time after that, I wanted to be an electronics engineer or the like, computers were interesting, but I perceived them as just a more advanced tool. That changed for me sometime around 1992, when I realized that computers were a medium. That was about the first time I’d gotten access to anything beyond local-area-networking systems.

The underground computer hobbyist scene was my window to a larger, more creative world; one where a bunch of amateur coders, graphics artists, musicians and content creators, distributed across international lines but brought together by shared interests and newly-accessible networked computers worked together with the same prowess any professional remote development team has today, for a shared love of creation and exploration. The modern Open-Source Community finds its root far beyond the mass availability of the internet and github. The platform of choice for us back in these days however, was the (legendary, IMHO) Commodore Amiga, and its unix-inspired AmigaOS and ease of writing assembly language to interface directly to the system’s (advanced for the time) A/V hardware.

But it goes without saying that during those years, I got more than my fair share of exposure to how computers, like any other tool, could be misused, and how many pieces of technology out there (like the phone system) were computers wearing different clothing. by 1995 I was familiar with general TCP/IP principles, security risks, and had already built a computer dedicated to running Linux (the very early versions of the Slackware distribution). Not much later I got my first job getting paid to understand TCP/IP stuff, working on SunOS systems for a local Internet Service Provider. They had a 4Gig hard drive for their USEnet spool, such resources were almost excessive at the time.

in 1997 I ended up relocating to the USA (and getting married). This turned out to be a perfectly-timed action, since the internet boom had begun - the demand for people who knew TCP/IP and the suddenly-exploding-in-popularity Linux, were in short supply. A small webhosting company called “LiquidWeb” (these days, very much a multi-million dollar company) made me their first employee, doing sysadmin and customer support alike.

I found my connections to the (very small at that time) Information Security community around the same time, attended my first DEFCON shortly afterwards (this is back when DEFCON barely had 2,000 people in attendance) and that’s where the rest of it begins…

I worked for USWest Wireless next (although that soon become Qwest Wireless in an acquisition touted as a merger) during one of the most interesting times in Telecom - this was the very early days of starting to push TCP/IP over SS7 networks to mobile devices, the birth of the smartphone. I ran IP network security monitoring and architecture for them, on what was essentially the largest network I’d ever been responsible for, during the height of the internet boom. We did a lot of cool stuff in those early days, and then spent a few days in a cold-war-era underground telecom operations bunker during 911.

After that, things became… “interesting” in the information security field; overnight, more and more roles started requiring a security clearance. I’m not eligible for a clearance, nor have I ever had interest in pursuing one. Needless to say, this put a fair hold on my career for a while, I ended up doing a lot of lower-level IT roles for a while, and a lot of freelance work doing things like Voice-Over-IP installations and the like. (I actually did the remote installation of the Mozilla Foundation’s first office VOIP system in the course of this however, something I still consider something of a small honor today).

Several years of road-warrior contracts later (largely doing compliance and forensics work), I got an offer that would have me relocating to Boston MA, to be the technical lead for a new Incident Response Team being assembled at EMC/RSA. Working solo takes its toll on you, and after so long, I was eager to have a team to work with and lead again. We accomplished some great things there, building out our own processes and tools, in the SIEM space. Our ops center became a showcase for RSA technologies and the team got to compose and present the content for RSA’s own main stage at the RSA conference in 2011.

It might go without saying, but We also discovered and investigated the RSA breach. That is a story unto itself however.

After that experience (and to put it mildly, rather disillusioned with the behavior of certain federal organizations and their partners) I decided that I’d had enough of frontline forensics and reverse engineering work. Over the last decade however I’d been slowly improving my software development skills to the point where I was comfortable working on product-scale projects, and not just minor utilities. I made the decision to stay in the information security world, but move decisively over to the product development side of things. Alienvault (now AT&T Cybersecurity) was my next port-of-call; I respected their open-source SIEM offering and signed up with them doing product research and acting as their Product Community Manager. It was definitely a welcome change from working in the secrecy of DFIR and Forensics.

By this time, I’d spent more than a few years exploring better ways to handle forensic investigations into network intrusions - graph databases, semantic data, linked data, Ontological reasoning - exploring them from both technical and usability aspects to empower investigators and response personnel to make more informed decisions, more accurately, faster. Empowering security analysts to be able to operate a level otherwise outside the scope of their experience. Hiring security practitioners had exploded in every industry vertical overnight and infosec is a field that really does require it’s “10,000 hours” before you become a net positive asset in it. Lowering the cost of entry to allowing people to become effective investigators became my new calling.

I’d spoken at a few conferences on the topic at this point, and begun an open-source project to proof-of-concept my research into something practical and extensible by the community. I had a fairly well-established reputation as “that graph-data infosec guy” in the community by this point. It was unsurprising then, when I was approached to come work on a submission to DARPA’s ICAS project that was heavily centered on graph databases and linked data. I took it, and got to visit and present at the Pentagon. As someone who was born in and grew up in a tiny little industrial town in the North of England, “presenting at the Pentagon” was never something I would have thought to put on my bucket list, yet here I was scratching it off the list already.

From there on out, I’ve been hooked on the startup life, getting headhunted from one to the next as a technical lead for architectural design and development. I still keep an ear in the infosec world, and my reverse engineering skills sharp, but I enjoy building rugged, secure software now more than I did testing and cleaning up after bad software. Modern cloud-native development has been rewarding both in terms of its challenge, and how much of the same technical knowledge I acquired specializing in network security can be applied back to it.

“Everything old is new again” may feel overused some days, but it’s an unavoidable truth in the world of computing and is something to be embraced with enthusiasm, not ennui - things roll in cycles, but each cycle brings improvements and insights not possible the time before last. After years working in infosecurity, and security products I’ve been branching out into more generalized development where I have the opportunity to be more ‘beginner’s mind’ in things again, though I’ll never let go of the methodical relentlessness I learned during all those years of forensic investigations into criminal incursions, hunting down software bugs instead of exploited systems is a change of pace I think I’ve earned for myself.

Contact

ways to get in touch with me

Presentations

a short interview I did at BSides San Francisco in 2013:

My initial presentation on the AWESIEM linked-data forensics platform, at BSides Las Vegas 2013:

An introductory class to Semantic Data and Ontology Design, at BSides Las Vegas 2014:

Presenting on the imperative for Security Collaboration, at RSA Conference 2013: