Get To Know the Professionally Evil Experts

Get To Know the Professionally Evil Experts
Andrew Kates
Author: Andrew Kates

Kevin Johnson - CEO, Principal Consultant, and Head Nerd!

Expertise: Intrusion Analysis, Security Tool Development, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance, Compliance Assessments 

Kevin is the Chief Executive Officer of Secure Ideas and has a long history in the IT field including system administration, network architecture, and application development.  He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises, and penetration testing everything from government agencies to Fortune 100 companies.  

In addition, Kevin is a faculty member at IANS, an expert witness for the Federal Trade Commission, and was an instructor and author for the SANS Institute.  Kevin has performed a large number of training on numerous topics and led briefings and presentations for both public events and internal training.  He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security.  Kevin has been a featured speaker at a large number of conventions, meetings, and industry events including DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, ISSA, HIMSS, and the University of Florida.

Kevin is also very involved in the open-source community and runs a number of open-source projects including SamuraiWTF; a web pen-testing environment that Kevin founded, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others.  Kevin is also involved in MobiSec and SH5ARK and was the founder of BASE (web front-end for snort analysis).

Jason Gillam - CIO and Principal Consultant 

Expertise: Application Security, Security Consulting, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Compliance Assessments , Information Security Governance

Jason Gillam is the Chief Information Office of Secure Ideas.  He has over 20 years of industry experience in enterprise software solutions, system architecture, and application security.  Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.  

Jason co-built and managed an award-winning ethical hacking program at one of the world's largest financial institutions.  He also provided numerous application security training and awareness briefings to a large internal technical audience and led the development of best practices code and documentation for the same.  Jason is especially passionate about integration of security best practices with the SDLC.

Jason also strongly believes in open sharing of knowledge and tools.  He is a regular speaker and trainer for Security BSides events and has jumped in to participate in a number of local information security meetups.  He has also leveraged his development background to build open source tools including BurpSuite extensions (e.g. CO2, Paramalyzer), and Bloodhound Elementary.

Nathan Sweaney - Principal Security Consultant

Expertise: Network Security, Systems Administration, Security Consulting, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Compliance Assessments

Nathan Sweaney is a Senior Security Consultant with Secure Ideas, and has worked in the Information Security field for the last 12 years.  As a consultant he performs penetration tests, training, and general security consulting.  Nathan has a considerable amount of experience with point-of-sale environments and managing compliance regulations such as PCI.  He has excelled at finding practical and operationally feasible approaches for businesses to mitigate threats and minimize compliance obligations.  

Nathan has performed a wide range of training, briefings, and presentations both publicly and for clients on a wide range of security topics.  He has spoken publicly at security conferences including DEFCON, BSidesLV, the FBI’s Information Warfare Summit, ASIS International, and others.  Nathan also serves as the Security Advisor for the Retail Solutions Providers Association, providing consulting and insight to thousands of member companies in the point-of-sale industry, and on the CyberSecurity project team for NACHA.

Nathan is active in the security industry as a founder and organizer of the BSidesOK security conference, the host of the monthly Professionally Evil Lunch & Learn webinar series, a board member of ISSA Oklahoma, and a founding member of OWASP Tulsa.

Eric Kuehn - Principal Security Consultant

Expertise: Systems Administration, Windows/Active Directory, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance

Before coming to Secure Ideas, Eric spent close to 20 years working with Microsoft infrastructures for large fortune 100 companies.  Since its release, his core focus has been Active Directory.  He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures; used by one of the world’s largest banks.  

This included ongoing maintenance and major enhancements of not only a very secure authentication environment but also of all of the supporting tool sets required to monitor its health and integrity.  This experience has given Eric a very strong knowledge of a variety of Microsoft products and best practices.

Bill McCauley - Senior Security Consultant

Expertise: Systems Administration, Network Security, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance, Security Consulting, Compliance Assessments

Bill McCauley is a Senior Security Consultant with Secure Ideas.  He is a USAF Veteran and has worked with various electronics and IT systems over the past 18 years.  His background covers a wide variety of industries including DoD, Healthcare, Education, Energy, and Security.  Bill has a strong interest in security, system administration, and training.  

His work experience includes system administration of various DoD and Healthcare systems within both Unix and Windows environments.  He also taught multiple Health IT classes for Lake Region State College.  He has also spent several years working with NERC CIP Compliance.

Travis Phillips - Senior Security Consultant

Expertise: Penetration Testing, Application Security, Security Tool Development, Static and Dynamic Binary Analysis, Firmware Analysis

Travis Phillips is a Senior Security Consultant with Secure Ideas.  Before joining Secure Ideas, he worked in the medical field as a data analyst and web/software developer before moving on to information security doing SOC work.  He later moved on to product security testing for embedded systems on several architectures and device types.  Travis also enjoys CTF’s and wargames for hacking challenges as a pastime.  

Travis has developed a strong skill set towards application security as a result of both working in the development field as well as the security field, reviewing security of applications in both roles.  Travis enjoys teaching at local professional groups and conferences when he can and also building tools to make security testing faster and easier.

Jon Knepp - Senior Security Consultant 

Expertise: Systems Administration, Windows/Active Directory, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance

Jon brings over 20 years of industry experience in systems administration, infrastructure architecture, and technical leadership.  During that time he has worked for organizations in Financial Services, Healthcare, Big Data Analytics, and the Oil & Gas industry.  His mix of technical and business leadership experience gives him an empathetic understanding of the balancing act most IT organizations face.  

An avid PowerShell scripter since its original release, Jon frequently found himself developing key process integration automations in his former roles.  Now he looks to leverage that experience to craft new security focused tools and expand his repertoire to additional languages including Python and JavaScript.  He also continues to follow infrastructure architecture and automation trends with particular interest in container and orchestration technologies.

Rick Miller - Senior Security Consultant  

Expertise: Vulnerability Assessment, Risk Assessment, Penetration Testing, Application Security, Information Security Governance, Financial Services Acumen

As a seasoned IT profession Rick has spent over 30 years as a hands-on practitioner and cyber security enthusiast.  His roles have included commercial software development, application hosting, infrastructure design, and application security.  Rick has supported portfolios with hundreds of applications, providing penetration testing, vulnerability remediation guidance, and secure coding instruction.

To be successful, businesses must navigate fast-paced, competitive markets while meeting complex regulatory requirements in a continuously evolving threat landscape.  With nearly two decades in the Financial Services sector at one of the world's largest banks, Rick brings experience in balancing business needs with regulatory and cyber security demands.   Working in a tightly regulated and highly targeted environment has given Rick a unique perspective on the challenges facing today's organizations.  Rick has provided security and risk guidance to application owners and executives at all levels within the corporate environment.

Aaron Moss - Senior Security Consultant  

Expertise: Penetration Testing, Application Security

Aaron has over 15 years of experience in tech, ranging from helpdesk to penetration testing.  In the past, he's been an IT Consultant, network and system administrator, IT Director, and slacker.  He is also one of the core organizers for BSides Oklahoma.  In his free time, you can find him in his garage making random furniture out of spare 2x4s, hacking on some online CTFs, watching horror movies (specifically slashers) with his wife and kids (wait till you see his office!), or air drumming to Slayer.

Want to Know More? 

We hope this article was helpful in getting to know our team.  If you have any questions at all, please contact us as we will be happy to connect with your team, and look forward to the opportunity to serve you.  

Join the professionally evil newsletter