London, UK -  Cyber security professional specialising in incident response and forensics, detection engineering, threat hunting, and SOC development. Former business and technology journalist


  • Cyber security and tech
  • Coding (Python, JS, C#)
  • Psychology, philosophy
  • Running and exercise
  • Gaming (PC, PS4)
  • Music (guitar)
  • Sport (F1, football)

Currently thinking about

EVTX login session parser
I recently cobbled together a PowerShell script that extracts and correlates login/logout events from the Windows Security event log to identify user sessions. Read all about it - and try it out for yourself - in my overview blog post.

Recent blog posts

Cyber security sometimes means learning things backwards
Using winget to automate software deployment to a new laptop
2023: Thoughts on new challenges and sharing experiences
Investigating Explorer's temporary ZIP folders and retrieving files
Parsing login sessions from the Windows event log with PowerShell
Using Tkinter to build simple GUIs for Python apps
Linux .bash_history: Basics, behaviours, and forensics
SANS Holiday Hack Challenge 2021: Slot machine walkthrough
SANS Holiday Hack Challenge 2021: Yara rule analysis walkthrough
Backutil development: Implementing multiprocessing in Python