I spend a lot of of time thinking about the security of systems in both offensive and defensive ways. I use this site to share some of those thoughts.
Education
- Masters of Science in Information Security Engineering (SANS Technology Institute) - Current
- Bachelors of Science in Cybersecurity (University of North Georgia)
Certifications
- SANS GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
- SANS GIAC Certified Enterprise Defender (GCED)
- SANS GIAC Defensible Security Architect (GDSA)
- SANS GIAC Certified Intrusion Analyst (GCIA)
- SANS GIAC Python Coder (GPYC)
- SANS GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- SANS GIAC Certified Incident Handler (GCIH)
- SANS GIAC Security Essentials (GSEC)
- eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
- eLearnSecurity Junior Penetration Tester (eJPT)
- CompTIA Security+
- CompTIA Linux+
- CompTIA Network+
- CompTIA A+
- CompTIA Project+
Job Experience
- Contract Penetration Tester @ Self-Employed - Present
- Security Technical Lead @ /dev/null - Present
Instructor & Course Author (Practical Phishing Assessments) @ TCM SecurityPenetration Tester @ risk3sixtyJunior Client System EngineerCyber Security ResearcherIT InternBookkeeper
Things I Consider Myself Good At
- Linux: I love Linux and have been using it for my main operating system and work with it daily on remote servers.
- Penetration Testing: I started my security career in penetration testing and have never stopped. I’ve done network, web application, cloud, and external pentests for clients.
- Application/Product Security: I find zero days in products and work to make sure they’re fixed.
- Research: I pride myself in my ability to go from 0-100 on any topic given enough time, documenting as I go.
- Programming/Tool Development: I love making tools that automates my work so I can send more time on the work that can’t be automated. I’ve written tools in Python, Bash, and powershell.
- System Administration: I love working with complex systems and have learned to provision them from scratch. Anything from a building baremetal hypervisor to doing routine backups.
- Traffic Analysis: I love identifying patterns in traffic that can be either malicious or indicative of a security flaw.
- Security Architecture: I love designing secure systems.
- Networking: I learned early on that networking is a fundamental piece of any secure system. Understanding how systems talk is essential.
- Threat Modeling: I have looked at so many insecure systems that I have a keen sense of what is probably not implemented correctly.
Side Projects
Practical Phishing Assessments Course Author - Formally sold on TCM Academy but now released for free for on youtube :)
Cybersecurity Videos - Youtube channel with various cybersecurity related videos
Security Library - List of security books I’ve read and found useful.
An Assessment of Obfuscated Ransomware - Published research paper.