I am a senior penetration tester and cyber security specialist with a decade of experience working with both government and commercial clients. I currently work for OBXtek where I perform penetration tests, vulnerability research and purple team exercises.
I am an active participant in the broader infosec community. I regularly attend local hacker conferences and I volunteer with Unallocated Space where I serve on the board of directors.
Skills, Tools, and Certifications
I have professional experience performing these engagements:
- Network penetration testing
- Web application penetration testing
- Wireless penetration testing
- Physical penetration testing
- Vulnerability assessments
- Purple team exercises
I am proficient at learning new tools and techniques quickly. Here are a few tools I have experience with:
- Cobalt Strike
- Burp Suite
- Kali Linux
I am familiar with these languages and tools:
- Bash scripting
I am skilled at working with various desktop and server operating systems as well as virtualization and container technologies. These include:
- Windows (most major versions)
- Linux (RHEL/CentOS, Ubuntu, Debian, Alpine)
I obtained the following certifications early in my career. While they are not current, I can re-certify any of them as necessary.
- GIAC Security Essentials Certification (GSEC)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Forensics Analyst (GCFA)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Firewall Analyst (GCFW)
- Certified Ethical Hacker (CEH)
- Red Hat Certified Technician (RHCT)
OBXtek / Crest Security Assurance
Senior Penetration Tester
May 2016 - Present
I currently work at OBXtek as a penetration tester on an Internal Revenue Service (IRS) team. My responsibilities on this team include penetration testing, vulnerability research, purple team exercises, and preparing technical reports.
Our penetration tests involve assessing in-scope systems for vulnerabilities and then exploiting them to gain access.
I research and test emerging vulnerabilities to determine their risk to client systems. If these vulnerabilities pose a threat, I check existing security controls for their efficacy in mitigating that threat.
Purple Team Exercises
Our team works with the SOC to test detection capabilities of malicious activity.
Senior Penetration Tester
October 2015 - May 2016
I assessed systems and performed code review for our client, the Department of Homeland Security (DHS).
ManTech (Formerly KCG)
Senior Penetration Tester
June 2013 - October 2015
I was a member of an internal penetration testing team for the Federal Bureau of Investigation (FBI) I was responsible for conducting in-depth penetration tests and vulnerability assessments against isolated networks and web applications. I often acted as a team lead, managing 2-3 person teams in performing assessments and producing technical reports.
Knowledge Consulting Group
August 2011 - June 2013
Our penetration testing team conducted testing for various commercial clients. I performed network, web application, wireless, and physical penetration tests, and I wrote technical reports detailing the team’s findings.
General Dynamics AIS
Cyber Security Specialist
January 2010 - May 2011
I developed internal technical security training and created and administered a virtual lab environment, which provided virtual machines for my courses. The most advanced course I developed was a network traffic analysis course which covered usage of Wireshark and tcpdump for performing network traffic capture and analysis.
June 2009 - December 2009
I acted as a technical consult on information security for a team developing a software product. I was later selected to go through a training cohort where I obtained 8 certifications. At the completion of the cohort, I worked on a team that designed and built a computer lab for performing security exercises, training, and research.
Community College of Baltimore County
AAS, Network Technology
2006 - 2008
During my time at CCBC I learned the fundamentals of networking, operating systems, and computer security that have served me throughout my career. I was an active participant in the school’s Cyber Defense Team. We took first place in the 2008 Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) and went on to compete in the national competition. In 2008, I was awarded a Student of the Year award for my program.
Volunteer and Nonprofit Experience
2010 - present
I am a co-founder of this nonprofit hackerspace where I serve on the board of directors. I have served as Vice-President, Treasurer, and Member at Large during my time at UAS and currently I serve as Secretary. The hackerspace serves the local hacker and maker community by providing a space, tools, workshops, and classes in a diverse range of technologies so that our members and the general public can learn and create.
Mid-Atlantic Collegiate Cyber Defense Competition
I have volunteered for this competition in various roles since 2008. Previously, I was on a team that competed in and won this competition. I have served on the team that helps manage and score the competition and I have worked through Unallocated Space to provide hands-on demonstrations and activities for the competition’s spectators and participants.