Andrew Tierney

Andrew has many years of experience in security as a hobbyist, mainly working with embedded systems such as routers, intruder alarms, thermostats, IP cameras, DVRs and IP cameras. As the Internet of Things trend developed, he expanded his skills into the realms of web applications and mobile applications.

Blogging and documenting his findings rapidly gained him exposure, and a number of high-profile UK companies approached him to test their devices and systems. This included companies such as Heatmiser (thermostats), Texecom (intruder alarms), WebWayOne (secure alarm signalling), WebEyeCMS (CCTV), CloudView (CCTV), Samsung Security (IP cameras), and more.

As demand for his work increased, he decided to pursue a career in security, quickly finding a match with Pen Test Partners.

With a well equipped lab and background in electronic engineering, Andrew is capable of attacking embedded systems in ways that many people aren’t. This covers techniques such as simple and differential power analysis, firmware recovery, and glitching attacks. With a good experience of both writing and disassembling a multiple of architectures, including ARM, MIPS, x86, AVR, and PIC, he is capable of reverse engineering a wide spectrum of devices from the smallest 8bit microcontoller up to the latest Android phones.

His previous work in the financial services IT world has prepared him well for customer-facing roles, and communicating complex issues to both management and developers alike. This has also given him a good grounding in working with enterprise IT systems and general sysadmin work.

Since joining Pen Test Partners, Andrew has been expanding outwards into new and unfamiliar areas. He soon hopes to become a CREST Certified consultant and wants to develop his skills in infrastructure testing.