We’re built a
little differentlyLITTLE

We don’t limit our thinking or get
trapped by the traditional.

We’re built a
little differently

We don’t limit our thinking or get
trapped by the traditional.

We ask what is possible, determine what needs to be done, then explore, learn and devise the route to get there.

We know organizations rely on their people, processes, data and technology. Each organization is different and one size never fits all, so we’re here to protect what matters, to listen, assess and deliver end to end information security to each organization’s needs.

Our team is intelligent, and bursting with creative thinkers who love solving problems utilizing  expertise from operational roles.

We’ve earned the trust of organizations all over the world, one at a time, year after year, never up-selling or reselling third party products, always tailoring recommendations to your needs, forever learning, and striving for cost effectiveness.

Ultimately, we offer unrivaled technical expertise that does its job, so you can do yours. 

about_heading_cont_img (1)

LEADERSHIP TEAM

We’ve worked with the large, the small and the extremely complex all over the world. Whoever, wherever you are, we bring the same focus and expertise to every organisation. 

team_empty

Mark Stamford
Founder & CEO

Mark started playing around with computers at age 8, eventually growing up and gaining over 20 years of experience in cybersecurity, operations, and more. Prior to founding Occamsec, he worked at UBS and KPMG.

 

Full Bio
team_empty

Erin Murtha
Chief Operations Officer

Erin brings over 20 years of experience in ensuring optimal organizational performance, growth, and client success. Her prior experience includes work at Homeland Security managing projects of critical national importance.

 

Full Bio
team_empty

Christian Kimball
Director of Technology

Christian has over 20 years of experience in IT, security, risk management, and implementing security risk programs. He has conducted offensive security engagements, and specializes in physical security and threat intelligence.

Full Bio
team_empty

Yann Cloatre
Senior Security Engineer

Yann has spent over 20 years in IT and security across diverse industries in French- and English-speaking countries. His experience spans operations, architecture, and governance, including roles at Société Générale and Bell Canada.

Full Bio
team_empty

Cayce Mahon
Senior Security Engineer

Cayce leads the east-coast assessment team. With over 10 years experience in offensive security operations, her skills cover a wide range of technical areas and she also heads up the research team.

Full Bio
team_empty

Nicholas Donarski
Senior Security Engineer

Nick has spent 20 years in information security, focused on IoT, SCADA systems, forensics, and AI. He approaches security from both the offensive and defensive perspective, and is an ardent supporter of Security BSides.

Full Bio
team_empty

George Green
Director - Special Projects

George has over 15 years of experience in IT, security, communications, and data management. He previously worked in support of the DoD, US Department of Treasury, Defense Information Systems Agency, and NATO.

Full Bio
team_empty

Arnold Agyeman
Director

Arnold has over 15 years of experience in governance, auditing, and digital transformation. He previously worked at PwC, and has expertise in the security and regulatory impacts of ISO 127001, Sarbanes Oxley, and GDPR.

Full Bio
team_empty

Davin Bateman
Director

Davin has experience in penetration testing, application and physical security, and cybersecurity resiliency. With a background in music, he now listens to organizations to help them develop better security defenses.

Full Bio
team_empty

Spencer Lindgren
Operations Lead

Spencer has a background in healthcare technology, encryption, security, and compliance. He has held roles at telemedicine provider Vigilint, Patronus Medical, and as assistant adjunct professor at UNC Chapel Hill.

Full Bio
X

Mark Stamford
Founder & CEO

Mark started in security at age 11, eventually turning it into a career where he now has over 20 years of professional experience in cybersecurity, operations, control assessment, and related fields. He started Occamsec in 2010 to help organizations find, address, and minimize exposure to cybersecurity threats. Prior to founding Occamsec, he worked as director of threat and vulnerability management at UBS, and at KPMG, conducting penetration test and identifying global threats for Fortune 100 clients.

Erin Murtha
Chief Operations Officer

Erin has 20 years of experience in operations and risk mitigation. She previously worked at the U.S. Department of Homeland Security, where she evaluated preparedness for nationwide emergencies and responded to inquiries from the National Security Council, Department of Justice, and Congress to improve the country’s security posture. Erin holds a B.A. in international policy studies from Elmira College and an M.A. in international commerce and policy from George Mason University.

Christian Kimball
Director of Technology

Christian has over 20 years of experience in IT, security, risk management/assessment, and implementing security programs within regulatory and compliance governance. He has conducted offensive security engagements to evaluate cyber, physical, and social engineering security protections, and specializes in physical security and threat intelligence.

Yann Cloatre
Senior Security Engineer

Yann has spent over 20 years in IT and security across France, Canada, and the U.S. His experience spans operations, architecture, and governance, including roles in development and engineering at Société Générale, as a security architect at Desjardins Bank, and as a security consultant for Bell Canada, Bombardier Aerospace, and other clients, with a focus on mobile security, digital forensics, and threat hunting. Yann holds a B.S. in computer science from Université de Nice-Sophia Antipolis.

Cayce Mahon
Senior Security Engineer

Cayce’s first computer was an old IBM 486 running MS-DOS. From there, she learned how to code, pick locks, manipulate many OS flavors, and finally learned how to circumvent security controls within cyber, social, and physical environments. One of her favorite projects resulted in her breaching a busy office building and exfiltrating physical and stored company data from simply talking an employee out of their keycard and workstation. She hopes there are many more projects like these in the future.

Nicholas Donarski
Senior Security Engineer

Nick has spent 20 years in cybersecurity, focused on IoT, SCADA systems, forensics, and AI across network, web, desktop, and mobile platforms. Prior to Occamsec, he was senior cybersecurity specialist at K2 Intelligence, a senior pentester for Hewlett Packard Enterprise Security, and a penetration tester at Rapid7, Halock Security Labs, and ND Technical Associates. Nick is an ardent supporter of Security BSides and a certified protection specialist.

George Green
Director - Special Projects

George has over 15 years of experience in IT, security, communications, and data management. He previously worked at Analytical Services Incorporated, serving as senior technical advisor in support of the U.S. Department of Defense and other agencies. He has also worked at the U.S. Department of Treasury, and contracted with both the Defense Information Systems Agency and NATO.

Arnold Agyeman
Director

Arnold has over 15 years of experience in cybersecurity governance and auditing consulting, guiding global enterprises through the security ramifications of large-scale digital transformation. He previously worked as a security analyst at PwC, and has expertise in the security, governance, and regulatory impacts of ISO 127001, Sarbanes Oxley, and GDPR. Arnold is a certified information systems auditor and a certified information systems security professional.

Davin Bateman
Director

Davin honed his security skills as an independent consultant, working with clients to conduct security assessments and penetration tests, improve application and physical security, and bolster resiliency to cybersecurity threats. Prior to Occamsec, he built custom media and networking installations. Davin holds a BTEC-ND in sound engineering.

Spencer Lindgren
Operations Lead

Spencer has a background in healthcare technology, encryption, security, and compliance, with expertise in implementing security programs while maintaining HIPAA compliance. Prior to Occamsec, he was an assistant adjunct professor at UNC Chapel Hill, VP of clinical operations at Patronus Medical, and program manager at telemedicine provider Vigilint. Spencer holds a B.S. in geography and a Master of Public Health, both from UNC Chapel Hill.

>

ADVISORY BOARD

team_empty

Neil Bryden
Advisor

Neil has over 35 years of experience in IT risk and security, including CISO roles at KPMG and other global enterprises. He has also advised CISOs across various industries, and has experience across governance, architecture, and strategy.

Full Bio
team_empty

Robert Hayes
Advisor

Robert holds board, director, and advisory roles at public and private organizations, helping mitigate security risks during complex business transformations. He is an acknowledged expert in cybersecurity, and former Microsoft senior fellow.

Full Bio
team_empty

John Quigg
Advisor

John is a senior staff member at the Johns Hopkins University Applied Physics Laboratory, supporting the DoD’s security initiatives in cloud, 5G, and cyber situational awareness. His background is the Airborne Rangers and DoD.

Full Bio
X

Neil Bryden
Advisor

Neil has over 35 years of experience in IT risk and security, having designed, implemented, and managed security transformation programs. Most recently, he was CISO at Teleperformance, co-chair of Pacific Northwest Cybersecurity Business Leadership Council at University of Washington Bothell, and served as chief cyber security strategist at Hewlett Packard Enterprise. Prior to those roles, he began his career at KPMG, spending nearly 30 years at the firm and rising to principal and CISO. Over his career, Neil has advised CISOs across various industries, and has experience on the security aspects of governance, architecture, outsourcing, business continuity, and strategy. Neil holds a B.Acc. in accountancy from University of Glasgow.

Robert Hayes
Advisor

Robert holds board, director, and advisory roles at many public and private organizations, helping mitigate security risks during complex organizational transformations. He is an acknowledged expert in cybersecurity, crisis management, and strategic risk assessment, and an international authority on policy and regulatory issues between governments and the technology and communications industries. Robert served as a senior fellow of the Microsoft Institute for Advanced Technology in Governments, and as senior director, strategy and partnerships, in Microsoft’s Enterprise Cybersecurity Group. His prior experience includes hostage negotiation, being appointed inaugural head of the U.K. National Specialist Law Enforcement Centre, developing the U.K. National Hi-Tech Crime Training Centre, and serving as head of the U.K. National Technical Assistance Centre. Currently, Robert is a member of the Scottish Cyber Resilience Advisory Board, a fellow of the British Computer Society, a member of the Expert Advisory Panel at the Global Cyber Security Capacity Centre at the University of Oxford, and advises the U.K. Ministry of Defence on cybersecurity matters while holding the rank of Major (V) in the Engineer and Logistics Staff Corps of the British Army.

John Quigg
Advisor

John is a senior staff member at the Johns Hopkins University Applied Physics Laboratory, supporting security initiatives in cloud, 5G, and cyber situational awareness. He previously served as futures lead for the Director of White House Information Technology, was awarded patents for applying high-performance computing techniques to cybersecurity, and investigated the 5G/edge computing security risks of smart cities and buildings. John has been technical director for the Department of Defense Joint Task Force for Global Network Operations, and helped establish the U.S. Cyber Command, eventually serving as its technical director. He also established the security practice at Spurrier Capital Partners, was a security consultant for private enterprises and the U.S. Defense Department, worked for Intel McAfee as a cyber strategist, and served in the U.S. Army for nearly 30 years. John holds a B.S. in Physics from the United States Military Academy at West Point, an M.S. in computer science from the Naval Postgraduate School, an M.A. in computer systems management from Webster University, and is a Ph.D. candidate in information security at George Mason University.

>

Industries we work with

We can’t give you names of course, that would be a security risk, but we can talk about the industries we are already protecting. 

Media

We work with traditional and modern media organizations performing security assessments across a wide range of areas: incident response, threat hunting, continuous assessment (Incenter) and intelligence support. The media industry faces a constant evolution in content delivery, including an ever-widening array of technologies bringing new risks. New technology enables reaching greater audiences, increasing revenue, but also awakening adversaries seeking a target. 

Industrial

Our activities within this industry include: assessments, secure architecture and design, purple team, red teams, threat hunts, and IOT/ OT / SCADA testing. Information security gains more importance in industrial environments every year.  Being connected to a network offers many benefits, so it is important to identify the risks these bring and determine the best way to solve them. 

Finance

We have worked with several of the world’s largest commercial and investment banks. Highlights include: determining the risk posed by security advisories via technical analysis, security assessments of multiple trading platforms, physical assessments of facilities and large scale ‘war gaming’.

Finance is the most mature information security industry, because of its attractiveness as a target. This leads to a large investment in defenses, and compliance requirements. Fintech companies’ growth may alter this dynamic as well as the adoption of new technologies by traditional financial service organizations.

 

Energy

We’ve avoided detection clad in camo, crawling across fields, breaching locations and deploying implants. We’ve social engineered into oil production facilities, performed NIST based gap analysis, tested electrical power grids and helped assess the security of offshore oil rigs. The energy sector is tied to the industrial sector, many of the problems they face are similar. 

Disruption to many of these organizations can have wide reaching consequences and considerable amounts of legacy equipment remains in these environments. 

Education

2020 saw Education organisations drastically overhaul how they teach. Online learning went from a small part of the sector, to the dominant delivery method. This introduced education organizations to a variety of risks not previously considered.  Staff and pupils were working online, suddenly thousands of users were remotely accessing services. 

Securing these environments in a cost-effective way is an ongoing area of our work. Activities include: red teaming, penetration tests, purple teams, remote user assessments, incident response, cloud migration and security plus a variety of others. 

Technology

While it can be argued that every organization involves technology, there are clearly those that are the tech sector. The tech sector continues innovating new services and imaginative uses for existing programs.

We have worked across the entire industry, testing new applications and web services, mobile applications and supporting infrastructure. Our range of services has enabled us to help technology companies build, deploy and operate their products in a secure way. 

Healthcare and Pharma

Our work involves securing the drug development and production process, plus healthcare delivery in hospitals. In the development and production side, our work has included penetration testing and red teams, mergers and acquisition assessment, purple teams, and SCADA/OT system testing. In healthcare, we’ve provided operational support as well as security testing, network architecture support and incident response.