Nick Jones
I lead Reversec's research efforts, inspiring and supporting the team in generating novel security research as seen in our conference talks, open source projects and blogs posts. As a consultant, I deliver offensive security engagements in cloud-native environments — attack simulation, detection engineering, and the tooling that makes both possible.
Previously led Reversec's cloud security consulting team for five years. AWS Community Builder since 2020.
Research Leadership
Lead Reversec's security research — owning the conference talks, blog posts and open source tools that come out of the team. Drive Reversec's AI adoption, and develop novel tooling to support our consultancy.
fwd:cloudsec Organizer
Content lead for fwd:cloudsec Europe and review board member for fwd:cloudsec US. Run the speaker mentoring programme and serve on the Technical Oversight Committee.
Public Speaking
Talks at RSA, DEF CON Cloud Village, fwd:cloudsec, Disobey, Blue Team Con and AWS Community Days worldwide.
Offensive Cloud Security
Offensive security assessments in fast-moving, cloud-native, devops-enabled environments.
- 2026 This Wasn't in the Job Description: Building a production-ready AWS environment from scratch fwd:cloudsec North America
- 2023 Stormy Skies: Modern Cloud Attacks And Their Countermeasures Disobey, Helsinki
- 2022 SaaSy detection: purple teaming Software-as-a-Service platforms Blue Team Con, Chicago
- 2021 Beyond Public Buckets: Lessons Learned on Attack Detection in the Cloud RSA Conference, San Francisco
- 2020 Cloud Native Attack Detection and Simulation DEF CON Cloud Village 2020
A Consultant's Opinionated Notes on Traveling
In my decade as a consultant, I've done my fair share of local and international travel. This post sums up many of the things I've learned the hard way over the years.
Read →
I Reviewed 500+ fwd:cloudsec Submissions, These Are My Key Takeaways
As a reviewer for both fwd:cloudsec events, I get to see a wide range of conference submissions every year. These are my key takeaways from reviewing 500+ submissions.
Read →
On AWS Penetration Testing
This post covers what the point of a penetration test against an AWS workload is, what a penetration testing program should look like, and how to make it a success.
Read →