I have worked in cyber security for over two decades, focusing on independent and realistic testing. This has involved understanding how attacks work and then designing practically useful security evaluation methodologies.
I began my cyber security testing career in the late 1990s, reviewing anti-virus software as a journalist. At that time detection was fragile, testing was largely manual (and often flawed from a number of perspectives) and vendor claims were rarely challenged with real authority.
Also, the term ‘cyber security’ was not commonly used. At least, not how it is used today.
Independent testing
That experience shaped a long-standing scepticism toward headline metrics and an interest in how security products actually behave in practice.
I later founded SE Labs to focus on independent, adversarial testing of security controls under realistic attack conditions. My work today concentrates on discussing and developing testing methodologies, interpreting results and examining and explaining the gap between security claims and observable outcomes.
Some say I developed the first real-world anti-malware test. Today I am known for innovating advanced threat testing across all types of attack surface.
How I work
- Prioritise realism over perceived coverage
- Treat testing as both an adversarial and partnership discipline
- Assume products will fail and focus on the ‘how’ and ‘why’
- Explain technical details to security development and business purchasing teams
- Separate marketing narratives from measured behaviour
The main goal of my testing initiatives has been to drive positive change, meaning that buyers make better informed decisions and security vendors make better products.
Collaborations
Over my career I have worked with a number of influential and ground-breaking organisations including:
- National Cyber Security Centre (NCSC)
- Internet Engineering Task Force (IEFT)
- Anti-Malware Testing Standards Organization (AMTSO)
- Association of anti Virus Asia Researchers (AVAR)
- NetSecOPEN
- Global 500 companies including industrial, pharmaceutical and financial
Leadership
I founded the innovative Dennis Technology Labs in 2007 and then moved on into the next-generation of cyber security testing, founding SE Labs in 2016.
From 2008 I was a founder member, often Board member and sometime Board Chairman of the Anti-Malware Testing Standards Organization (AMTSO).
I advise CISO-level executives in some of the largest companies in the world, and provide consulting to government bodies regarding mergers and acquisitions in the cyber security industry.