I spend a lot of of time thinking about the security of systems in both offensive and defensive ways. I use this site to share some of those thoughts.

Job Experience

• Red Team Specialist @ Google - Present
• Founder @ Low Orbit Security - Present
• Security Technical Lead @ /dev/null
• Instructor & Course Author (Practical Phishing Assessments) @ TCM Security
• Penetration Tester @ risk3sixty
• Junior Client System Engineer
• Cyber Security Researcher
• IT Intern
• Bookkeeper
• Grocery store bagger

Side Projects & Tooling

• Kubenomicon: An open source offensive security focused threat matrix for kubernetes with an emphasis on walking through how to exploit each attack.
• Dredge: Dredge is a linux command-line tool for finding and logging secrets on a filesystem for manual inspection.
• IMDSpoof: IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.
• Practical Phishing Assessments Course Author: Formally sold on TCM Academy but now released for free for on youtube :)
• Cybersecurity Videos: Youtube channel with various cybersecurity related videos
• Security Library: List of security books I’ve read and found useful.
• An Assessment of Obfuscated Ransomware: Published research paper.

Certifications

• SANS - GIAC Cloud Security Automation (GCSA)
• SANS - GIAC Network Forensic Analyst (GNFA)
• SANS - GIAC Certified Project Manager (GCPM)
• SANS - GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
• SANS - GIAC Certified Enterprise Defender (GCED)
• SANS - GIAC Defensible Security Architect (GDSA)
• SANS - GIAC Certified Intrusion Analyst (GCIA)
• SANS - GIAC Python Coder (GPYC)
• SANS - GIAC Strategic Planning, Policy, and Leadership (GSTRT)
• SANS - GIAC Certified Incident Handler (GCIH)
• SANS - GIAC Security Essentials (GSEC)
• eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
• eLearnSecurity Junior Penetration Tester (eJPT)
• CompTIA Security+
• CompTIA Linux+
• CompTIA Network+
• CompTIA A+
• CompTIA Project+

Completed Training

• Inguardians - Hacking and Hardening Kubernetes - 2024
• Antisyphon - Breaching The Cloud - 2023
• Antisyphon - Kubernetes Under Siege - 2023
• Antisyphon - Active Defense & Cyber Deception - 2022

Conference Talks

• HackSpaceCon 2024 - WTF is a Kubernete and How Do I Attack it? - Recording Coming Soon
• Pancakescon 2024 - Pentesting & Personal Finance - Recording Coming Soon
• Antisyphon Snake Oil Summit - An Investigation of Exploitation by the Certification Federation
• Bsides Atlanta - Human Memory Management: Techniques for actionable security research
• Wild West Hackin’ Fest - A Tale Of Two Strands

Education

• Masters of Science in Information Security Engineering (SANS Technology Institute) - Current
• Bachelors of Science in Cybersecurity (University of North Georgia)