(UK CHECK Team Leader), Principal Consultant, NGSSoftware
Marcus has over 5 years’ experience in providing technical, hands-on consultancy to a diverse range of high-profile clients such as the British Ministry of Defence, High Street Banks, Financial Institutions, Telecommunications and the British National Critical Infrastructure.
In his current employment he is heavily involved with NGS’ financial sector clients. This involvement requires a strong focus on web application vulnerabilities from architectural and penetration testing approaches. This also demands an understanding of the specific vulnerabilities arising from complex, large-scale J2EE and .Net deployments to which many assessment teams are not exposed.
Marcus has experience in web application development, and has spoken at many conferences, as well as providing the original delivery and co-production of NGS’ Black Hat Database Assessment course.
Before joining NGS, Marcus worked as an advisor to a Vulnerability Assessment Team in the British MoD, originally starting off in the industry as an MSc Physics graduate from the University of Cambridge.
Dafydd is a Principal Security Consultant at Next Generation Security Software. He has extensive experience in penetration testing of technical infrastructure and applications.
Dafydd specialises in the security testing of custom-built applications. He has knowledge of most popular development technologies, and has authored a wide range of tools to assist in the testing process. He has broad experience in the secure design, coding and testing of web-enabled applications, and has led penetration tests of many high-profile web applications deployed by online banks and retailers. Dafydd is also highly skilled in the testing of compiled software to identify security vulnerabilities, and has carried out black- and white-box testing on behalf of several of the world's largest software vendors to help secure their products prior to release.
Dafydd is a CESG-certified CHECK Team Leader, and has worked with numerous companies and Government bodies to help secure their critical systems.