James Mclean is a seasoned penetration tester with 13 years of experience blending offensive security, application testing, and systems administration across enterprise and government environments. He has led and scaled security operations and triage teams at Bugcrowd, managed complex customer-facing pentests across web, cloud, mobile and IoT, and now continues hands-on red-team work at ctrl:cyber. A former developer turned offensive specialist, he contributes tooling and integrations to open-source projects—improving host discovery, DNS validation and Censys integration—which reflects his strong backend and API skills. He’s comfortable translating technical findings to stakeholders, delivering exploit development and source-code review, and teaching others (guest lecturing in a Masters program). Outside work he’s an OSCP/OSWP-certified pentester and a homebrewer, a detail that hints at both methodical precision and creative tinkering.
13 years of coding experience
13 years of employment as a software developer
ZCE, PHP5, ZCE, PHP5 at Zend Certified Engineer
Year 12, High School, Year 12, High School at Urrbrae Agricultural High School
Sun Certified Solaris Associate, Sun Certified Solaris Associate at Sun Certified Solaris Associate
Computing and Information Science, Computing and Information Science at University of South Australia
Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses.
Role in this project:
Backend Developer
Contributions:23 commits, 1 PR, 9 pushes in 8 months
Contributions summary:James contributed to the core logic of the DNS validator. They implemented features to detect DNS poisoning, including checking NXDOMAIN responses for random subdomains. They modified the code to include checking multiple popular domains. The user also added timeout checks for baseline servers and removed debugging code.
Contributions:5 commits, 1 PR, 2 comments in 3 days
Contributions summary:James primarily focused on integrating the Censys API into the Aquatone tool. They started by adding the initial Censys API collector, then implemented the logic to correctly communicate with the API and parse the results. The integration involved handling authentication and constructing API requests to retrieve data, specifically TLS certificate information, and incorporating the results into Aquatone's host discovery capabilities. The user subsequently updated the key names used for authentication and rolled back the versioning information.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.