What I do

I work primarily on:

  • macOS & iOS security
    • Platform internals, code signing, Gatekeeper, Mach-O, TCC
  • Reverse engineering
    • Binary analysis, AArch64, Apple-specific formats
  • Custom tooling
    • When existing tools are insufficient, I build my own (e.g., Mach-O analysis tooling like 0tH)
  • Custom training
    • Focused, hands-on sessions for technical teams (macOS internals, RE workflows, tooling, Rust, Assembly)

What I won’t do

  • Web application pentesting
  • Compliance-driven security theater
  • Bug bounty farming
  • “Quick scans” or checkbox audits

How I work

Expect clear findings, actionable recommendations, and tooling-level depth when needed.

  • Short, focused engagements
  • Direct communication (no account managers)
  • I work with a limited number of clients at a time

If you need a long-term body rental or a vendor with slides and badges, I’m not the right person.

Background

I’ve been working in security for over 25 years.

I’ve covered both technical and leadership roles, including CISO positions, and worked with organizations such as MSC Cruises, ING Bank, Vodafone, Nestlé, FCA, and Lamborghini.

I regularly attend macOS security events and stay engaged with the research ecosystem (including OBTS).

The work published here forms the technical core of RevEng3.

Get in touch

If this resonates and you know what you’re looking for, write to: