So what goes on an “About” page? About me or about the site?

Given it’s a personal site I guess introductions first. I’m Paul Bolton, from the UK, also known by the amateur radio handle m0noc.

My day job is as a penetration tester, though more recently the focus has been on simulated attacks – red-teaming and purple-teaming. I hope you like the innovative site name. Seriously, though, I’ve always wondered how many people, when visiting my old blog at https://blog.m0noc.com/, mistook the 2nd character of m0noc as a letter and not a digit – ending up at some medical site. The call-sign format is dictated in part by the regulator so the “m0” prefix was mandatory.

I didn’t start out as a penetration tester.

My first job pre-millennium (late 1990’s) was as a core systems software developer for a switch management platform at a global telco, so got to learn systems programming on OpenVMS, and play with X.25, DECnet, and other fancy protocols. Can I call DECnet fancy?

After a few other roles I then moved into research, ending up in the Center for Information and Security Systems Research department at the same telco. Various projects including looking into design and prototyping ideas for virtualised self-healing networks, manage one of the main research testbeds, and got involved in various collaborations with companies such as Huawei, Genband and Netflix (aka was one of the first people to use Netflix in the UK)

My final major role before leaving the telco to become a full-time penetration tester was what got termed “in-life investigations”. Effectively investigating and fixing systemic or high-profile issues within the estate – those that the suppliers, developers or other teams were struggling to fix. Here I got to research and investigate complex systems involving a multitude of differing technologies.

More details are on my LinkedIn profile (see the bottom links on this site)

In addition to the new twitter handle @SimulatedAttack, I’m mainly at @OvertSecrecy.

The primary intent of this site is infosec related stuff, so offensive/defensive (red/blue team), penetration testing, exploit development, privacy, secure systems/network design and implementations, etc.

Let me know if you wish to see something in particular, or have suggestions for improvements. Always keen to learn.