James is a penetration tester and offensive security professional specialising in web application and network infrastructure security. His work involves finding what automated scanners tend to miss which is uncovering critical attack paths, chaining of vulnerabilities to demonstrate real risk and logic flaws buried deep inside systems for a variety of different sectors such as finance and health.

He’s uncovered and helped remediate vulnerabilities ranging from low-severity misconfiguration to critical-severity exploits across large-scale systems such as banking applications. He finds issues and demonstrates the impact. James communicates the risk clearly to both technical teams and C-suite stakeholders, and helps make sure it never happens again.

His expertise spans many offensive security domains such as web application pen-testing (OWASP, Burp Suite, custom tooling), network and infrastructure testing on large enterprise environments such as data centers, OSINT and external attack surface mapping, phishing simulation campaigns, AI/LLM testing, purple teaming and cloud security reviews (M365, G-Suite and hybrid environments).

James has mentored junior security professionals, led projects to bring previously untested systems into scope, built detection logic in security solutions, and stress-tested EDR/XDR solutions against real attacker techniques. James brings a mindset built around real-world threat emulation, not just a compliance checkbox.

James also brings extensive experience in cybersecurity consulting, having audited over 700 organisations spanning Australian financial services firms and companies across international markets against the NIST Cybersecurity Framework. Through these engagements he has helped organisations understand their true security posture and implement meaningful improvements.

Security isn’t a product. It’s an ongoing fight and he’s in it.