Skip to main content

Stephen Tomkinson

Managing Security Consultant & Trainer


Stephen has been researching security since his teens, with his first CVE in 1999. After a decade as a software engineer developing secure communication tools, he switched from making to breaking software. Stephen has been with NCC Group for seven years, specialising in assessing web applications and cloud infrastructures and is now part of our Red Team, specialising in compromising companies via their legacy web applications.