Who am I:
What do I do at Secure Ideas:
Like everyone else, I end up doing just about anything. My main responsibilities are to work on penetration testing and security architecture reviews for our clients. At Secure Ideas I am also responsible for My Security Scanner (MSS), a cloud based vulnerability assessment service that we provide to our customers. If you have any questions about MSS, please let me know.
What is my security background in a nutshell:
I started out as a systems administrator and bounced back and forth between managing Microsoft windows servers, active directory, and exchange environments. I moved on from managing Microsoft environments and went into network security. Network security gave me the opportunity to manage firewalls, routers, switches, IDS/IPS, web filters, and VPN’s with a security focus. Also, I started taking on a systems admin role to security software products, such as Antivirus solutions and WSUS. After being in the network security field and system administration field I went into information security roles at larger organizations.
In these organizations I was able to get a wide variety of experience from managing CA Siteminder implementations to deploying large scale IBM Datapower appliances. Finally, I got to experience other areas of information security including incident handling, forensics, auditing, project consulting with a security mindset, vulnerability management, and web & network penetration testing. While working in these organizations I formed GrrCON – Information Security and Hacker Conference and the ISC2 – West Michigan Chapter.
What is my favorite attack:
Cross Site Scripting (XSS) coupled with BeEF is one of my current favorite attacks right now. BeEF is such a powerful tool to an attacker and coupled with a XSS you could do large amounts of damage. BeEF attacks the browser and allows the attacker to control the victims browser. BeEF than has modules that allow you to do everything from proxy tunneling to attacking the victim with Metasploit. You can literally take over a network with a single click.
What am I learning about now:
I’m researching and working on creating new security tools for the open source community. Also, I love going to conferences and currently working on a few presentations to give at upcoming conferences.