Jeffrey Yates

Senior Penetration Tester

I am a senior penetration tester and cyber security specialist with a decade of experience working with both government and commercial clients. I currently work for Aerstone where I lead the penetration testing team and perform a variety of security assessment for our clients.

I am an active participant in the broader infosec community. I regularly attend local hacker conferences and I volunteer with Unallocated Space where I serve on the board of directors.

Skills, Tools, and Certifications

Security Assessments

I have professional experience performing these engagements:

  • Network penetration testing
  • Web application penetration testing
  • Wireless penetration testing
  • Physical penetration testing
  • Vulnerability assessments
  • Purple team exercises

Hacking

I am proficient at learning new tools and techniques quickly. Here are a few tools I have experience with:

  • Metasploit
  • Cobalt Strike
  • Burp Suite
  • Nessus
  • Nexpose
  • Nmap
  • Kali Linux
  • Wireshark
  • Tcpdump
  • Kismet

Programming

I am familiar with these languages and tools:

  • Ruby
  • Bash scripting
  • Python
  • Git
  • C++

System Administration

I am skilled at working with various desktop and server operating systems as well as virtualization and container technologies. These include:

  • Windows (most major versions)
  • Linux (RHEL/CentOS, Ubuntu, Debian, Alpine)
  • PFsense
  • ESXi
  • Proxmox
  • Docker
  • LXD/LXC

Certifications

The following certification are active.

  • Practical Network Penetration Tester (PNPT)
  • Security+
  • Certified Ethical Hacker (CEH)
  • Red Hat Certified Technician (RHCT)

Experience

Aerstone

Senior Penetration Tester

September 2021 - Present

I lead the penetration testing team at Aerstone where I am responsible for managing the team, coordinating assessments, and performing engagements. Aerstone supports a variety of commercial and government clients with various cybersecurity assessment services including penetration testing, security control assessments, vulnerability analysis, and code review. I am responsible for coordinating and leading assessments and mentoring junior team members.

OBXtek / Crest Security Assurance

Senior Penetration Tester

May 2016 - September 2021

I worked at OBXtek as a penetration tester on an Internal Revenue Service (IRS) team. My responsibilities on this team include penetration testing, vulnerability research, purple team exercises, and preparing technical reports.

Penetration Testing

Our penetration tests involve assessing in-scope systems for vulnerabilities and then exploiting them to gain access.

Vulnerability Research

I research and test emerging vulnerabilities to determine their risk to client systems. If these vulnerabilities pose a threat, I check existing security controls for their efficacy in mitigating that threat.

Purple Team Exercises

Our team works with the SOC to test detection capabilities of malicious activity.

Inspyir LLC

Senior Penetration Tester

October 2015 - May 2016

I assessed systems and performed code review for our client, the Department of Homeland Security (DHS).

ManTech (Formerly KCG)

Senior Penetration Tester

June 2013 - October 2015

I was a member of an internal penetration testing team for the Federal Bureau of Investigation (FBI) I was responsible for conducting in-depth penetration tests and vulnerability assessments against isolated networks and web applications. I often acted as a team lead, managing 2-3 person teams in performing assessments and producing technical reports.

Knowledge Consulting Group

Penetration Tester

August 2011 - June 2013

Our penetration testing team conducted testing for various commercial clients. I performed network, web application, wireless, and physical penetration tests, and I wrote technical reports detailing the team’s findings.

General Dynamics AIS

Cyber Security Specialist

January 2010 - May 2011

I developed internal technical security training and created and administered a virtual lab environment, which provided virtual machines for my courses. The most advanced course I developed was a network traffic analysis course which covered usage of Wireshark and tcpdump for performing network traffic capture and analysis.

SAIC

Innovations Specialist

June 2009 - December 2009

I acted as a technical consult on information security for a team developing a software product. I was later selected to go through a training cohort where I obtained 8 certifications. At the completion of the cohort, I worked on a team that designed and built a computer lab for performing security exercises, training, and research.

Education

Community College of Baltimore County

AAS, Network Technology

2006 - 2008

During my time at CCBC I learned the fundamentals of networking, operating systems, and computer security that have served me throughout my career. I was an active participant in the school’s Cyber Defense Team. We took first place in the 2008 Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) and went on to compete in the national competition. In 2008, I was awarded a Student of the Year award for my program.

Volunteer and Nonprofit Experience

Unallocated Space

Board Member

2010 - present

I am a co-founder of this nonprofit hackerspace where I serve on the board of directors. I have served as President, Vice-President, Treasurer, and Member at Large during my time at UAS and currently I serve as an Emeritus Board Member. The hackerspace serves the local hacker and maker community by providing a space, tools, workshops, and classes in a diverse range of technologies so that our members and the general public can learn and create.

In addition to my board level responsibilities, I run a bi-weekly event for our community where we practice our hacking skills using Hackthebox.

Mid-Atlantic Collegiate Cyber Defense Competition

various dates

I have volunteered for this competition in various roles since 2008. Previously, I was on a team that competed in and won this competition. I have served on the team that helps manage and score the competition and I have worked through Unallocated Space to provide hands-on demonstrations and activities for the competition’s spectators and participants.