I spend a lot of of time thinking about the security of systems in both offensive and defensive ways. I use this site to share some of those thoughts.
Job Experience
- Red Team Specialist @ Google - Present
- Founder @ Low Orbit Security - Present
Security Technical Lead @ /dev/nullInstructor & Course Author (Practical Phishing Assessments) @ TCM SecurityPenetration Tester @ risk3sixtyJunior Client System EngineerCyber Security ResearcherIT InternBookkeeperGrocery store bagger
Side Projects & Tooling
- Kubenomicon: An open source offensive security focused threat matrix for kubernetes with an emphasis on walking through how to exploit each attack.
- Dredge: Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection.
- IMDSpoof: IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.
- Practical Phishing Assessments Course Author: Formally sold on TCM Academy but now released for free for on youtube :)
- Cybersecurity Videos: Youtube channel with various cybersecurity related videos
- Security Library: List of security books I’ve read and found useful.
- An Assessment of Obfuscated Ransomware: Published research paper.
Certifications
- SANS - GIAC Cloud Security Automation (GCSA)
- SANS - GIAC Network Forensic Analyst (GNFA)
- SANS - GIAC Certified Project Manager (GCPM)
- SANS - GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SANS - GIAC Certified Enterprise Defender (GCED)
- SANS - GIAC Defensible Security Architect (GDSA)
- SANS - GIAC Certified Intrusion Analyst (GCIA)
- SANS - GIAC Python Coder (GPYC)
- SANS - GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- SANS - GIAC Certified Incident Handler (GCIH)
- SANS - GIAC Security Essentials (GSEC)
- eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
- eLearnSecurity Junior Penetration Tester (eJPT)
- CompTIA Security+
- CompTIA Linux+
- CompTIA Network+
- CompTIA A+
- CompTIA Project+
Completed Training
- Inguardians - Hacking and Hardening Kubernetes - 2024
- Antisyphon - Breaching The Cloud - 2023
- Antisyphon - Kubernetes Under Siege - 2023
- Antisyphon - Active Defense & Cyber Deception - 2022
Conference Talks
- HackSpaceCon 2024 - WTF is a Kubernete and How Do I Attack it? - Recording Coming Soon
- Pancakescon 2024 - Pentesting & Personal Finance - Recording Coming Soon
- Antisyphon Snake Oil Summit - An Investigation of Exploitation by the Certification Federation
- Bsides Atlanta - Human Memory Management: Techniques for actionable security research
- Wild West Hackin’ Fest - A Tale Of Two Strands
Education
- Masters of Science in Information Security Engineering (SANS Technology Institute) - Current
- Bachelors of Science in Cybersecurity (University of North Georgia)