EXPERIENCE
James started his career as a software developer and worked across a range of different industry sectors before moving into an information security role. He has spent the last 8 years in offensive security, with the latter half of that time spent delivering Red Team engagements.
EDUCATION & CERTIFICATIONS
- Masters of Science: Computer Systems (Bangor University)
- Offensive Security Certified Professional (OSCP)
- Certified Red Team Operator (CRTO)
INDUSTRY CONTRIBUTIONS
James has presented at conferences in the United Kingdom (BSides Manchester and Steelcon) and often publishes research on employer blogs and personal blogs.
PASSION FOR SECURITY
James has been fascinated by computers since he first broke the family PC and had to learn how to fix it in a hurry. Now, he enjoys finding new and unusual ways to make computers do things that they weren’t meant to do.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Hunting Deserialization Vulnerabilities With Claude
In this post, we are going to look at how we can find zero-days in .NET assemblies using Model Context Protocol (MCP).SetupBefore we can start vibe hacking, we…
Teaching a New Dog Old Tricks - Phishing With MCP
As AI evolves with MCP, can a new “dog” learn old tricks? In this blog, we test Claude AI’s ability to craft phishing pretexts—and just how much effort it…
Spec-tac-ula Deserialization: Deploying Specula with .NET
This post explains how.NET deserialization can be used to backdoor a workstation with Specula, making it a valuable resource for Red Team operations.
Discovering a Deserialization Vulnerability in LINQPad
Discovering a Deserialization Vulnerability in LINQPad, written by James Williams, reveals a novel deserialization vulnerability in a.NET application with over…
Tips for Incident Response Planning: Prepare Before Crisis Strikes
During our next webinar, our Incident Response experts will cover what organizations should do to prepare so they can respond quickly and be on the way to…
Inside the Modern Red Team: How Attackers Think, and What Defenders Miss
Discover how modern Red Teams think like attackers, what defenders often miss, and how to strengthen your cybersecurity posture.
Limiting Domain Controller Attack Surface: Why Less Services, Less Software, Less Agents = Less Exposure
Before we dive in, let’s get all the TrustedSec Certified Absolutes out of the way:All software presents some level of inherent risk.Only required software…
News 5 Cleveland - Elyria Police responded to a reported restaurant robbery. But it was actually an AI prank.
AI quality is evolving rapidly, making it easier than ever to create convincing fakes from a phone. Advisory Solutions Director Alex Hamerstone spoke with News…
Top 10 Blogs of 2025
Everyone has a year-end list, and this is ours. See what our top-performing cybersecurity blogs were in 2025, there could be some you might have missed!
News 5 Cleveland - Holiday Warning: Keeping your loved ones safe from scams
As the holidays approach, the most effective defense against fraud is an informed family. Advisory Solutions Director Alex Hamerstone spoke with News 5…
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
