Personal Details:
Starting her career as an IT Helpdesk Analyst for a large Pharmaceutical in 2002, Chrissy has since gained technical experience covering a wide array of sectors. She possesses a unique insight, having been a full-stack Web Developer, Close Protection Officer (Bodyguard), Information Security Officer and Cyber Security Researcher.
She spends her free time researching areas of Physical Cyber Systems Security and is actively involved within the information security community across a wealth of subjects and interest groups. Chrissy currently specialises in all things I/OT, and enjoys delivering practical hardware hacking workshops to encourage others to get involved in this fascinating field.
Chrissy has an MSc in Advanced Security and Digital forensics and has marked achievements for her contribution and research within the Information Security community. Including winning the (ISC)² Up and Coming Security Professional award, competing and winning multiple Capture the Flag tournaments and earned bug bounties for well-known services.
Competitions and Awards:
- Black Hat Challenge Coin Winner (OSINT)
- Winner of the Cyber Security University Challenge UK
- Placed Top 5, Pragyan International CTF
- SC Magazine Top 50 Woman of Cyber Security
- ISC2 Up and Coming information Security Professional Winner
- BSides London Conference Speaker – Rookie Track Winner
- Women in Security and Privacy Award
- Steelcon Award Winner
- KCC winner of “Best idea, for an app to assist the community”
Featured News and Articles:
- Trip Wire – Women in Information Security Series
- Akamai Security and Threat Intelligence blog
- Writer for Detectify Research blog
- Radio 5 Live – The Real Nihal 1 Hour Interview
Security Research and vulnerability discovery:
- Multiple XSS discovery’s in commercial platforms
- Discovered vulnerabilities in Microsoft Office 365, and two other top level domains
- Discovered Vulnerability in Whois.com domain registrar
- HackerOne #702 & #4420 contestant in Las Vegas and London events.
Placements:
- Cyber Security Research Placement: Steganography & Visual Polyglot File Analysis
- Selected out of 150 applicants for a modern apprenticeship at Pfizer Pharmaceuticals
Projects & Community:
Web Application Teaching Platform
WebSecDev is a Web Application Security Teaching Platform to encourage practical teaching for mitigation strategies. I created for my dissertation and received a distinction. It covers XSS attacks and its mitigation through a live IDE, materials and supporting video tutorials.
The Co-Lab
Founder of The Co-Lab – Hardware Security Research Workshops – London
Contributor to the RFID Research Group Proxmark Project
Redeveloped the aesthetics of the overall project to make it easier to follow for the users, whilst debugging issues found. In addition to this I created the supporting tutorial videos to assist with installation and problem solving of Linux and Windows based installs. Github Youtube Tutorial
101 CCTV DVR Hacking Workshop.
A workshop to the various areas within embedded devices and reverse engineering by way of exploring DVR devices. The workshop covers attack surfaces for web, hardware, firmware and network based attacks.
DVR Security Evolution
A Github project to document the timeline of DVR security improvements with software and hardware testing methodology.
ICS Simulation lab
A hardware and software implementation of a manufacturing plant ICS lab, for teaching protocols and attacks.
Talks and Workshops
| Type | Event | Title | Further Information |
| Speaker | AFCEA | Malicious Machines | Link |
| Workshop | World Economic Forum | Future of IoT Security – Meet the Hackers | Link |
| Speaker | PACSEC | RFID Panellist | Link |
| Keynote | Oxford University | PRactically Teaching the Next Generation | Link |
| Speaker | BSides Las Vegas | Tech Enabled Crime | Link |
| Workshop | The Co-Lab (Santander) | RFID Hacking 101 with Adam Laurie | Link |
| Workshop | 44 Con | RFID Hacking Tools | Link |
| Speaker | Ladies of London Hacking Society | Starting out in Security Research | Link |
| Workshop | Void Warranties | Extracting Firmware using JTAG and Chipoff | Link |
| Speaker | Hacktivitycon | Women in Cybersecurity | Link |
| Speaker | OWASP Amsterdam | The good, the bad and the ugly of responsible disclosure | Link |
| Speaker | Le Tour Du Hack | The good, the bad and the ugly of responsible disclosure | Link |
| Speaker | Institute of Danish Engineers | RFID Attack Exploitation | Link |
| Speaker | BSides London | Breaking the Bodyguards | Link |
Chrissy Morgan 