Get To Know the Professionally Evil Experts

Get To Know the Professionally Evil Experts
Andrew Kates
Author: Andrew Kates

Kevin Johnson - CEO, Principal Consultant, and Head Nerd!

Expertise: Intrusion Analysis, Security Tool Development, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance, Compliance Assessments 

Kevin is the Chief Executive Officer of Secure Ideas and has a long history in the IT field including system administration, network architecture, and application development.  He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies.  

Highlighting his leadership and commitment to the cybersecurity community, Kevin served as the Vice-Chair of OWASP for a number of years before being elected to the OWASP Global Board. This role underlines his dedication to advancing web application security standards and nurturing the open-source software community.

In addition, Kevin is a faculty member at IANS, an expert witness for the Federal Trade Commission, and was an instructor and author for the SANS Institute.  Kevin has performed a large number of training, briefings and presentations for both public events and internal training.  He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security.  Kevin has been a featured speaker at a large number of conventions, meetings and industry events including: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, ISSA, HIMSS, and the University of Florida.  

Kevin is also very involved in the open source community and runs a number of open source projects including: SamuraiWTF; a web pen-testing environment that Kevin founded, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others.  Kevin is also involved in MobiSec and SH5ARK and was the founder of BASE (web front-end for snort analysis).

Jason Gillam - CIO and Principal Consultant 

Expertise: Application Security, Security Consulting, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Compliance Assessments , Information Security Governance

With over 20 years in the industry, Jason Gillam, Chief Information Officer of Secure Ideas, has been at the forefront of enterprise software solutions, system architecture, and application security. His journey through technical leadership in diverse environments, from innovative startups to Fortune 100 companies, has equipped him with the insight to guide a wide range of professionals, from hands-on developers to C-suite executives, in navigating the complex landscape of cybersecurity.

Jason co-created an award-winning ethical hacking program at a major financial institution, leading to significant enhancements in their security posture. He’s a prolific developer of open source security tools and the architect behind the BILE Classification scheme for application penetration testing, a testament to his commitment to elevating industry standards.

As a member of the OWASP Project committee and lead for the SamuraiWTF project, Jason champions the open sharing of knowledge. His work includes educating through speaking engagements and Security BSides events, and he actively contributes to local information security communities. He also continues to keep his technical skills sharp by building and sharing penetration testing tools such as Burp Suite extensions (Paramalyzer, CO2).

Jason's latest venture into the realm of AI demonstrates his forward-thinking approach, particularly in leveraging AI for vulnerability detection and enhancing the efficacy of penetration testing. This fusion of deep security knowledge with cutting-edge tech places him at the vanguard of the industry.

For Jason, delivering value to clients goes beyond traditional penetration testing. He is known for his consultative approach, engaging with clients to understand their unique challenges and reshaping Secure Ideas’ offerings to align with their specific needs. This adaptability ensures not just a service, but a partnership that elevates the client's security strategy. Jason’s ability to leverage his team's skills and expertise results in a comprehensive, tailor-made security experience that fortifies an organization's defenses and enhances its overall security posture. His commitment is to provide not just solutions, but transformative security enhancements that cater to the evolving landscape of threats and client expectations.

Eric Kuehn - Principal Security Consultant

Expertise: Systems Administration, Windows/Active Directory, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance

Before coming to Secure Ideas, Eric spent close to 20 years working with Microsoft infrastructures for large fortune 100 companies.  Since its release, his core focus has been Active Directory.  He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures; used by one of the world’s largest banks.  

This included ongoing maintenance and major enhancements of not only a very secure authentication environment but also of all of the supporting tool sets required to monitor its health and integrity.  This experience has given Eric a very strong knowledge of a variety of Microsoft products and best practices.

Bill McCauley - Senior Security Consultant

Expertise: Systems Administration, Network Security, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance, Security Consulting, Compliance Assessments

Bill McCauley is a Senior Security Consultant with Secure Ideas.  He is a USAF Veteran and has worked with various electronics and IT systems over the past 18 years.  His background covers a wide variety of industries including DoD, Healthcare, Education, Energy, and Security.  Bill has a strong interest in security, system administration, and training.  

His work experience includes system administration of various DoD and Healthcare systems within both Unix and Windows environments.  He also taught multiple Health IT classes for Lake Region State College.  He has also spent several years working with NERC CIP Compliance.

Travis Phillips - Senior Security Consultant

Expertise: Penetration Testing, Application Security, Security Tool Development, Static and Dynamic Binary Analysis, Firmware Analysis

Travis Phillips is a Senior Security Consultant with Secure Ideas.  Before joining Secure Ideas, he worked in the medical field as a data analyst and web/software developer before moving on to information security doing SOC work.  He later moved on to product security testing for embedded systems on several architectures and device types.  Travis also enjoys CTF’s and wargames for hacking challenges as a pastime.  

Travis has developed a strong skill set towards application security as a result of both working in the development field as well as the security field, reviewing security of applications in both roles.  Travis enjoys teaching at local professional groups and conferences when he can and also building tools to make security testing faster and easier.

Jon Knepp - Senior Security Consultant 

Expertise: Systems Administration, Windows/Active Directory, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Information Security Governance

Jon brings over 20 years of industry experience in systems administration, infrastructure architecture, and technical leadership.  During that time he has worked for organizations in Financial Services, Healthcare, Big Data Analytics, and the Oil & Gas industry.  His mix of technical and business leadership experience gives him an empathetic understanding of the balancing act most IT organizations face.  

An avid PowerShell scripter since its original release, Jon frequently found himself developing key process integration automations in his former roles.  Now he looks to leverage that experience to craft new security focused tools and expand his repertoire to additional languages including Python and JavaScript.  He also continues to follow infrastructure architecture and automation trends with particular interest in container and orchestration technologies.

Mic Whitehorn-Gillam - Senior Security Consultant  

Expertise: Application Security, Vulnerability Assessments, Penetration Testing, Security Architecture Reviews, Security Consulting

Mic entered security consulting after ten years as a web application developer, five as a system integration consultant.  His experience spans web technology stacks, including .Net on Microsoft IIS and SQL Server, as well as Spring and Java on Jetty, Tomcat and WebSphere, backed by Oracle.  

His full-stack background enables him to deconstruct web front-ends and identify cross-site scripting opportunities.  Finally, his work as a systems integration engineer includes hands-on experience reverse-engineering software systems and working with decompiled code.

Jennifer Shannon - Senior Security Consultant  

Expertise: Penetration Testing, Application Security, Reverse Engineering, Static and Dynamic Binary Analysis, Firmware Analysis

Jennifer Shannon has a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities. She has experience performing penetration tests against web applications, mobile application platforms, and social engineering.

Jennifer discovered a passion for computers and problem solving at a young age. She bought Steal This Computer Book 2.0, by Wallace Wang, with one of her first paychecks, and became enamored with hacking and cyber security. While pursuing her degree she dedicated time to teaching computing skills to underrepresented minorities. She is the co-leader for the TOOOL chapter in Jacksonville, FL. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.

Cory Sabol - Senior Security Consultant  

Expertise: Multiplayer Video Game Security, Video Game Development, Application Security, Container Security, Kubernetes Security, Penetration Testing, Vulnerability Assessment, Software Development, DevOps, Machine Learning, Cloud Security 

Cory Sabol is a consultant with a background in web development, web research, and machine learning research.  He has several published academic research papers on user identification using WebID. In addition to web research, he has conducted research work on botnet detection using machine learning. 

Cory has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes.  In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals.  He has developed the Harpoon open-source tool for fingerprinting and escaping containers, and led the development efforts on the Arrrspace containerized microservices training target.

Aaron Moss - Senior Security Consultant  

Expertise: Penetration Testing, Application Security

Aaron has over 15 years of experience in tech, ranging from helpdesk to penetration testing.  In the past, he's been an IT Consultant, network and system administrator, IT Director, and slacker.  He is also one of the core organizers for BSides Oklahoma.  In his free time, you can find him in his garage making random furniture out of spare 2x4s, hacking on some online CTFs, watching horror movies (specifically slashers) with his wife and kids (wait till you see his office!), or air drumming to Slayer.

Want to Know More? 

We hope this article was helpful in getting to know our team.  If you have any questions at all, please contact us as we will be happy to connect with your team, and look forward to the opportunity to serve you.  

Join the professionally evil newsletter