G’day, I’m Jakob Pennington, and I help development teams build secure software.

I have an obsession for learning, and I aspire to share what I learn with others. Professionally, I share my time between software development, cybersecurity, and where the two disciplines intersect: application security.


My career has led to application security for two key reasons:

  1. Early in my career, as I was cutting teeth as a penetration tester, I realised that a pentest is far too late in the software lifecycle to start thinking about security. I wanted to help developers avoid introducing vulnerabilities in the first place, and to do that, I needed to get involved earlier in the SDLC.
  2. I am also a software developer, and enjoy coding far too much to give it up and focus purely on security.

My experience in both building and hacking software gives me a unique perspective, allowing me to not only find and fix security vulnerabilities, but to also integrate secure development practices to avoid similar vulnerabilities in future.


I am a Principal Application Security Consultant at Taptu. My work (and by extension, much of the content in this blog) focusses on:

  • Penetration testing specialising in web, mobile, desktop and API security.
  • Providing application security expertise to software development teams.
  • Implementing secure development practices throughout the SDLC.
  • Designing and implementing secure cloud architectures.
  • Managing software release processes, incorporating security testing and secure configuration goodness.
  • Software development, primarily in TypeScript, C# and Python.
  • Authoring and delivering secure development training and education.

On the side

Professionally, but outside of my role at Taptu, I am also:

Other interests

My love of learning spans well beyond application security. I may write about my other hobbies and interests from time to time, including:

  • Running, cycling, health and well-being.
  • Productivity and self-improvement.
  • Video games, books and other media.
  • Woodworking and DIY.
  • Cooking.

Reach out

Thank you for visiting my blog. I hope you find something here that is entertaining, motivating or thought provoking.

If you would like to get in touch, reach out via any of the social links on the home page.