Graham Helton

I spend a lot of of time thinking about the security of systems in both offensive and defensive ways. I use this site to share some of those thoughts.


  • Masters of Science in Information Security Engineering (SANS Technology Institute) - Current
  • Bachelors of Science in Cybersecurity (University of North Georgia)


  • SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • SANS GIAC Certified Enterprise Defender (GCED)
  • SANS GIAC Defensible Security Architect (GDSA)
  • SANS GIAC Certified Intrusion Analyst (GCIA)
  • SANS GIAC Python Coder (GPYC)
  • SANS GIAC Strategic Planning, Policy, and Leadership (GSTRT)
  • SANS GIAC Certified Incident Handler (GCIH)
  • SANS GIAC Security Essentials (GSEC)
  • eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
  • eLearnSecurity Junior Penetration Tester (eJPT)
  • CompTIA Security+
  • CompTIA Linux+
  • CompTIA Network+
  • CompTIA A+
  • CompTIA Project+

Job Experience

  • Contract Penetration Tester @ Self-Employed - Present
  • Security Technical Lead @ /dev/null - Present
  • Instructor & Course Author (Practical Phishing Assessments) @ TCM Security
  • Penetration Tester @ risk3sixty
  • Junior Client System Engineer
  • Cyber Security Researcher
  • IT Intern
  • Bookkeeper

Things I Consider Myself Good At

  • Linux: I love Linux and have been using it for my main operating system and work with it daily on remote servers.
  • Penetration Testing: I started my security career in penetration testing and have never stopped. I’ve done network, web application, cloud, and external pentests for clients.
  • Application/Product Security: I find zero days in products and work to make sure they’re fixed.
  • Research: I pride myself in my ability to go from 0-100 on any topic given enough time, documenting as I go.
  • Programming/Tool Development: I love making tools that automates my work so I can send more time on the work that can’t be automated. I’ve written tools in Python, Bash, and powershell.
  • System Administration: I love working with complex systems and have learned to provision them from scratch. Anything from a building baremetal hypervisor to doing routine backups.
  • Traffic Analysis: I love identifying patterns in traffic that can be either malicious or indicative of a security flaw.
  • Security Architecture: I love designing secure systems.
  • Networking: I learned early on that networking is a fundamental piece of any secure system. Understanding how systems talk is essential.
  • Threat Modeling: I have looked at so many insecure systems that I have a keen sense of what is probably not implemented correctly.

Side Projects

Practical Phishing Assessments Course Author - Formally sold on TCM Academy but now released for free for on youtube :)

Cybersecurity Videos - Youtube channel with various cybersecurity related videos

Security Library - List of security books I’ve read and found useful.

An Assessment of Obfuscated Ransomware - Published research paper.