Graham Helton

I spend a lot of of time thinking about the security of systems in both offensive and defensive ways. I use this site to share some of those thoughts.


  • Masters of Science in Information Security Engineering (SANS Technology Institute) - Current

  • Bachelors of Science in Cybersecurity (University of North Georgia)


  • SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
  • SANS GIAC Certified Enterprise Defender (GCED)
  • SANS GIAC Defensible Security Architect (GDSA)
  • SANS GIAC Certified Intrusion Analyst (GCIA)
  • SANS GIAC Python Coder (GPYC)
  • SANS GIAC Strategic Planning, Policy, and Leadership (GSTRT)
  • SANS GIAC Certified Incident Handler (GCIH)
  • SANS GIAC Security Essentials (GSEC)
  • eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
  • eLearnSecurity Junior Penetration Tester (eJPT)
  • CompTIA Security+
  • CompTIA Linux+
  • CompTIA Network+
  • CompTIA A+
  • CompTIA Project+

Job Experience

  • Contract Penetration Tester @ Self-Employed - Present
  • Security Technical Lead @ /dev/null - Present
  • Instructor & Course Author (Practical Phishing Assessments) @ TCM Security
  • Penetration Tester @ risk3sixty
  • Junior Client System Engineer
  • Cyber Security Researcher
  • IT Intern
  • Bookkeeper

Side Projects

Practical Phishing Assessments Course Author - Formally sold on TCM Academy but now released for free for on youtube :)

Cybersecurity Videos - Youtube channel with various cybersecurity related videos

Security Library - List of security books I’ve read and found useful.

An Assessment of Obfuscated Ransomware - Published research paper.