Jack Wilson

Senior Application Security Engineer · Manchester, United Kingdom · hi@jackwilson.uk

I'm a product security engineer with a passion for computer security. I've previously worked as a penetration tester with experience delivering multiple service lines including web application, infrastructure and cloud penetration tests.

I have worked with a diverse range of clients in industries including: financial services, payments, manufacturing, healthcare and education to validate security controls, presenting results in technical and executive-level reports.

I've presented research and spoken at events, security meetups and conferences throughout Europe, including:

  • Securi-Tay (2018 & 2019).
  • BSides Ljubljana.
  • DC4420 (London DEFCON Group).
  • Cyber Re:coded.

My current and past qualifications include:

  • BSc (Hons) Ethical Hacking (First Class Honours).
  • AWS Certified Security Speciality
  • AWS Certified Solutions Architect (Associate).
  • CREST Registered Penetration Tester (CRT).
  • CREST Practitioner Security Analyst (CPSA).
  • CHECK Team Member.


Experience

Senior Application Security Engineer

Vercel - United Kingdom (remote)
March 2023 - Present

Senior Product Security Engineer

Moonpig - Manchester, United Kingdom

Internal subject matter expert for application and cloud security. Helping to drive the roadmap and prioritisation for the product security function.

November 2021 - March 2023

Product Security Engineer

Moonpig - Manchester, United Kingdom

My primary focus is application and cloud security, with a goal to improve SDLC security. This is achieved through:

  • Conducting penetration tests and security design reviews.
  • Defining internal technical security guidelines and standards for software engineers.
  • Integrating security tools into the CI/CD pipeline.
March 2020 - November 2021

Associate Security Consultant

Aon - Manchester, United Kingdom

I worked as part of the security testing team within Aon's Cyber Solutions (formerly Gotham Digital Science, a Stroz Friedberg company).

I worked with clients to identify risks within their organisations, evaluate the risks contextually and offer recommendations to improve the overall security posture. This was achieved through:

  • Infrastructure, web application, mobile application and thick client penetration testing
  • Red teaming exercises
  • Build reviews
  • Citrix/WebRDS/RAS breakouts
  • Staff augmentation projects
  • Effectively communicating findings through reports aimed at technical and non-technical audiences
June 2018 - March 2020

Intern Security Consultant

Scottish Business Resilience Centre - Stirling, United Kingdom

I worked part-time while completing my studies. My responsibilities included:

  • Infrastructure and web application penetration testing.
  • Conducting corporate and individual footprints using open source intelligence (OSINT) techniques.
  • Delivering presentations to client on security hygeine and staying safe online.
  • Writing penetration test reports.
January 2017 - May 2018

Workshop Leader (Contract)

Edinburgh International Science Festival - Abu Dhabi, United Arab Emirates

This contract-based role involved travelling to Abu Dhabi to teach local students (from ages 12-21) about computer security.

The main event was four days of teaching a class about a variety of computer security subjects including:

  • Information gathering.
  • Phishing.
  • Linux basics.
  • Web application hacking.
  • Port scanning.
  • Wireshark.
  • Configuring firewalls.

The role required a variety of skills including:

  • Extensive technical knowledge.
  • Being able to explain complex security subjects in simple ways, where the students' main language was Arabic.
  • Balancing being strict with the students to control the classroom, while being kind and caring enough to keep the students interest.
December 2017 - January 2018

Education

Abertay University

BSc (Hons) Ethical Hacking

First Class Honours Degree

September 2015 - May 2018

Perth College UHI

HNC Computing

B Overall

September 2014 - May 2015

Conference Talks

Panel: Striking While The Iron's Hot

Securi-Tay 2019 - March 2019 - Dundee, Scotland

YouTube Recording

AWS Security Crash Course

Abertay Ethical Hacking Society - March 2019 - Dundee, Scotland

Panel: Getting Past the Gatekeepers

Cyber Re:coded - October 2018 - London, England

VPN's and You: Why the consumer VPN market is a bit broken

London DEFCON Group (DC4420) - July 2019 - London, England

Slides

iOS VPN Security

Securi-Tay 2018 - May 2018 - Dundee, Scotland

YouTube Recording
Slides

iOS VPN Security

BSides Ljubljana - March 2018 - Ljubljana, Slovenia

Recording and Slides

iOS VPN Security

Abertay Ethical Hacking Society - February 2018 - Dundee, Scotland

Windows 10 - Why?

Abertay Ethical Hacking Society - September 2016 - Dundee, Scotland

Publications

InfoSecurity Magazine (October 2018)
#Cyberrecoded: Students Should Get Involved to Get Hired

FutureScot Magazine (December 2017)
To catch a criminal, you've got to think like a criminal

Projects

Dissertation
Dissertation (PDF)

Network Penetration Test
Penetration Test Report (PDF)

Penetration Testing Methodologies Comparison
Penetration Testing Methodologies Comparison (PDF)

Digital Forensics Investigation
Court Report (PDF)

Web Application Penetration Test
Penetration Test Report (PDF)
Remediations Report (PDF)

Analysis and Prevention of Microsoft Office Malware
Report (PDF)

Investigation of IDS and IPS Solutions
Report (PDF)

Skills

Technical
  • Infrastructure and Web Application Penetration Testing
  • Cloud Security (AWS)
  • Thick client penetration testing
  • Build reviews
  • Citrix Breakouts

Interpersonal
  • Writing technical and executive-level reports
  • Communicating with key project stakeholders
  • Authoring technical documentation

Interests

Security isn't just a job for me, it's something I have a deep interest in. I spent a lot of time outside of work continually developing my knowledge. This includes reading technical security books, attending security conferences and participating in online training such as HackTheBox.

When I want time away from technology, I enjoy cycling or running.



Certifications

  • AWS Certified Security - Speciality
  • AWS Certified Solutions Architect - Associate
  • CREST Registered Penetration Tester (CRT)
  • CREST Practitioner Security Analyst (CPSA)
  • (Former) CHECK Team Member