Hi - I’m Toby Jackson.

I’m a senior penetration tester with a background in infrastructure and web application security across nearly all sectors. Over the years I’ve gone from consultant to technical lead, running engagements end-to-end and helping teams consistently find issues that actually matter.

These days I work independently, splitting my time between contract penetration testing and research/upskilling. A growing part of my focus is on learning:

  • AI and ML security - understanding real-world attack surfaces, model abuse, and emerging defensive gaps
  • Cloud security - particularly the link between on-prem and Azure networks, as well as orchestrated DevOps abuse
  • Advanced Active Directory and internal network attacks - going beyond the standard checklists!
  • Red Teaming fundamentals - one day I will get that CRTL done…

Luckily for you, I’ll be documenting my learning journey through these topics, both the practical lessons from client engagements and the deeper technical research I’m doing as I level up in newer areas. Writing (and I really do write a lot) helps me think clearly, and if it’s useful to others along the way, even better!

OH and I promise never to write a blog post with AI. Here you get me, me, and more me. Lucky you!

What I Write About

Blog

The art of penetration testing and why I believe it’s such a valuable exercise. Here you’ll find my ramblings on the things I wish I’d seen written down earlier in my career - including soft skills and non-technical posts.

Research

Deep technical dives, novel techniques, and experiments in areas like AI security, cloud attack paths, and complex internal environments. These posts are larger, more technical, and will often signify novel ideas or techniques being adapted/tested for real world efficacy.

Contact