about 丨 tomneaves.com

IT security consultant during the week, pilot at the weekend.

Hello. I’m Tom.

Security has been my passion since I was 12 years old, back then playing with Novell Netware 3.12, coding in Turbo Pascal 7 and humming along to the dialup tone of my 14.4k modem.

In the last two decades I have carried out hundreds of security assessments and provided consultancy across a large number of verticals all over the world; from finance and retail to aerospace and everything inbetween. I’ve worked with most of the major global companies within these. I was involved with the creation of CBEST/STAR with the Bank of England and CREST.

In the security world I specialise in Application Security, Offensive AI and Wireless Security - the general trend in my research.

I’m comfortable both in a debugger working through assembly code doing some POP POP RET - manually constructing ROP chains or writing custom shellcode and sitting down around a table with C-level executives.

When not at a computer I can usually be found flying a plane with that other kind of cloud.

Qualifications, Certifications, etc.

MSc Information Security from Royal Holloway, University of London - 2006
BSc (Hons) Multimedia Technology and Design from the University of Kent - 2005
CESG CHECK Team Leader (CTL) - 2011
CREST Certified Tester (Applications) - 2011, 2015 & 2018
CREST Certified Simulated Attack Manager - 2017
CREST Fellowship Award - 2018
Offensive Security Web Expert (OSWE) - 2021
Offensive Security Certified Expert (OSCE) - 2018
Offensive Security Certified Professional (OSCP) - 2016
SANS GIAC Auditing Wireless Networks (GAWN) - 2009, 2012, 2016, 2021 & 2024.
OWASP CFP/CFT Global Review Board 2022-2024
Private Pilot’s Licence

Media References

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense (The Hacker News)
https://thehackernews.com/2025/04/experts-uncover-critical-mcp-and-a2a.html

Billions of iPhone and Android owners warned over ‘bank raiding’ Wi-Fi trick – but a new tool could save you (The Sun)
https://www.thesun.co.uk/tech/22904871/iphone-android-owners-warned-wi-fi-trick/

Snappy: A tool to detect rogue WiFi access points on open networks (Bleeping Computer)
https://www.bleepingcomputer.com/news/security/snappy-a-tool-to-detect-rogue-wifi-access-points-on-open-networks/

Snappy - A New Tool to Detect Fake WiFi Access Points (GB Hackers)
https://gbhackers.com/snappy-detect-fake-wifi/

Informational Wi-Fi traffic can be used as covert communication channel for malware (Computer World)
https://www.computerworld.com/article/1612255/informational-wi-fi-traffic-can-be-used-as-covert-communication-channel-for-malware.html

Security researcher exploits Wi-Fi to create undetectable side channel (Fierce CIO)
https://www.fiercecio.com/story/security-researcher-exploits-wi-fi-create-undetectable-side-channel/2014-11-10

Informational Wi-Fi Traffic As a Covert Communication Channel For Malware (Slashdot)
https://it.slashdot.org/story/14/11/07/0227250/informational-wi-fi-traffic-as-a-covert-communication-channel-for-malware

Cyber security: Speaking the CEO’s Language (SC Magazine)
https://www.scmagazineuk.com/cyber-security-speaking-the-ceos-language/article/343071/

60 percent of FTSE companies mention cyber security rtisks in annual reports (SC Magazine)
https://www.scmagazineuk.com/60-percent-of-ftse-companies-mention-cyber-security-risks-in-annual-reports/article/339053/

Has Cyber Security Awareness Improved Among the Largest UK Businesses? (International Business Times, Continuity Central)
https://www.ibtimes.co.uk/has-cyber-security-awareness-improved-among-largest-uk-businesses-1441191

Cyber risk is not translating into boardroom discussion (Infosecuriy Magazine)
https://www.infosecurity-magazine.com/view/30326/cyber-risk-is-not-translating-into-boardroom-discussion/

Cyber security needs to be a board level issue (Help Net Security, Continuity Central)
https://www.helpnetsecurity.com/2013/01/21/cyber-security-needs-to-be-a-board-level-issue/

How hackers hijack the net’s phone books (BBC)
https://www.bbc.co.uk/news/technology-31603930

…and now for some plane pictures: