About

I'm Andy, a cybersecurity consultant based in Edinburgh, Scotland. I specialise in Exposure Management - figuring out which security risks in an organisation actually need attention, and making sure those get fixed rather than just logged. Most organisations have more vulnerabilities than they can realistically address; my job is to help them prioritise the right ones, and to improve the processes and tools that let them do that consistently.

I came to technology through architecture. Studying it at university, I found it's a broader discipline than most people expect, covering structural engineering, environmental controls, lighting, ventilation, and a dozen other things to get right at once. I was one of the few students on my course to move away from drawing boards early on and start using CAD and 3D modelling software, which meant really getting to grips with computers at a time when that meant MS-DOS and Windows 3.1. A fairly consequential detour.

I tend to listen more than I talk. In consulting, that matters: you can't really understand what a client needs until you've heard how they describe the problem themselves.

This blog has been going in one form or another since 2009, across a couple of previous sites. I eventually consolidated everything here and rebuilt it using Eleventy, which generates static HTML. No updates to chase, no trackers, no spam comments. Much simpler.

I write here about whatever catches my interest. Mostly security, sometimes maker projects. I keep a freshwater fish tank (currently cycling it - fish incoming, hopefully), experiment with off-grid mesh communications using Meshtastic, and do a fair amount of 3D printing. I used to do a lot of photography, streetscapes and architecture mostly, and keep meaning to pick that up again.

If you find something here is useful or you want to continue a conversation, you can find me on Mastodon.

Elsewhere

Verification