About us

run-as-root is a collaboration between two cyber security professionals who wanted a platform to document and share their cyber security focused projects and industry knowledge.

Alex Herrington

LinkedIn: https://www.linkedin.com/in/alex-herrington/

Cyber Security Professional with over 6 years experience in the field. Starting at the University of Portsmouth, I completed a degree in Forensic Computing BSc (Hons) and gained experience in consultancy while completing an industrial placement. This led me to my graduate job with Lockheed Martin as a Cyber Intelligence Analyst where I learnt Intelligence Driven Defence® and Cyber Kill Chain®, led customer projects and practised and taught Incident Response. Since then I have worked in number of places, gaining experience in:

  • Malware Analysis
  • Rule Creation
  • Scripting and Programming
  • SIEM – Splunk + ArcSight
  • Penetration and Vulnerability Testing
  • Log Analysis
  • Endpoint Detection and Response (EDR)

I have certifications in Global Information Assurance Certifications (GIAC) as a Penetration Tester (GPEN) and Certified Forensic Analyst (GCFA). I have also completed Splunk Fundaments 1 + 2, Using Splunk Enterprise Security 5.2 and Introduction to Phantom 4.1.

About Me

I have an extensive retro games collection and I enjoy to play console based games in my spare time. I also have a passion for sport, enjoying playing golf and following Portsmouth F.C.

Industry Certifications

  • GIAC Penetration Tester (GPEN)
  • GIAC Certified Forensic Analyst (GCFA)


  • Splunk Fundamentals 1 + 2, Using Splunk Enterprise Security 5.2 and Introduction to Phantom 4.1
  • SANS SEC560, FOR508
  • EnCase I, EnCase II

Industry Experience

Finance / Technology – May 2018 – Present – Cyber Security Analyst Senior (FSIRT)

  • Threat Detection and Monitoring using EDR tools such as Crowdstrike and FireEye HX
  • Splunk Development and Triage, leveraging the platform to create alerts and dashboards and to investigate incidents.
  • Threat Hunting – Developing hypothesis’ to hunt within the production environment to identify TTPs that may have been missed by traditional EDR and Alerting.
  • Mentoring – Onboarding new members of the team.

MSSP – June 2017 – May 2018 – Senior SOC Analyst

  • SOC Escalations
  • ArcSight development
  • Mentoring

Aerospace / Technology July 2015 – Cyber Intelligence Analyst

  • Intelligence Driven Defence (IDD) Assessments
  • Insider Threat Vulnerability Assessments (ITVA)
  • Immersion Training
  • SOC Transformation
  • Research & Development

Chris Smith

LinkedIn: http://www.linkedin.com/in/christopher-g-s

Cybersecurity specialist with a total of 17 years of experience in the technology industry, 8 years of that in cybersecurity. Expertise in Intelligence Driven Defence® and Cyber Kill Chain® to perform event and incident analysis. Led a number of customer and internal projects within the Lockheed Martin/Leidos UK Cyber practice including Council of Registered Security Testers (CREST) accreditation for the UK. Currently hold the role of senior cyber security consultant for Capgemini.

I have certifications in Global Information Assurance Certifications (GIAC) as a Certified Forensic Examiner (GCFE), Certified Forensic Analyst (GCFA), GIAC Defending Advanced Threats (GDAT), and GIAC Penetration Tester (GPEN). I hold a Master of Science degree in Forensic Information Technology and a Bachelor of Science degree (with honours) in Information and Communication Technology.

About Me

For me, family comes first. I have a young family and we love to visit country parks and stop at the play parks along the way. Summertime we regular the family picnic. My kids are big fans of Minecraft so of course I have all versions possible on all platforms! I also have a fairly extensive retro console collection, the classic games are great for the kids to pick and play.

Industry Certifications

  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Defending Advanced Threats (GDAT)
  • GIAC Penetration Tester (GPEN)


  • SANS SEC560, FOR508, FOR500, SEC599, FOR610 (working towards exam)
  • Splunk Fundamentals 1, 2, 3, Advanced Searching and Reporting, and Creating Dashboards
  • EnCase I, EnCase II

Industry Experience

Aerospace / Technology July 2013 – Present– Cyber Intelligence Analyst / Senior Security Consultant

  • UK lead / Tier III Cyber Security Operations Center (CSOC) analyst
  • SOC Design and implementation
  • SOC Transformation
  • Network penetration testing
  • Led CREST accreditation effort for the Leidos UK Cyber Practice
  • Incident response/investigations

IT Services April 2004 – May 2013 – Computer and Network Technician (Systems Administrator)

  • On-site installations included networks, PCs, servers, etc.
  • Network installations/repairs included CAT5e, CAT6, and fiber
  • Workshop repairs/upgrades included servers, laptops, and PCs