The Secure Ideas Difference

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Kevin has performed a large number of trainings, briefings, and presentations for both public events and internal training. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard, and ISSA.

Kevin is also very involved in the open source community and runs a number of open source projects. These include SamuraiWTF (a web pen-testing environment), Laudanum (a collection of injectable web payloads), Yokoso (an infrastructure fingerprinting project), and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and is a former member of the 501st Legion (a worldwide Star Wars costuming charity organization comprised of and operated by Star Wars fans).

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

Jason co-built and managed an award-winning application security design and testing program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to large internal technical audiences and led the development of best practices code and documentation for the same. Jason is especially passionate about integration of security best practices with the SDLC.

Jason holds his CISSP and has conducted training and talks at numerous information security conferences including OWASP® AppSecUSA, Charlotte-Metro ISSA Summit, multiple BSides events (CLT, CHS, AVL, OKC), Hackfest (Canada), Carolinacon, and more. He is also the author of several Burp extensions including CO2 and Paramalyzer, and an active contributor to other open-source projects with a current focus on SamuraiWTF.

Denise Johnson is the President of Secure Ideas. She has over fifteen years of experience in business and organizational administration. Denise comes from a career in financial services and customer relations. She is responsible for the day to day operations of Secure Ideas and ensuring this team runs well together.

Denise is a homemaker, a homeschool teacher, and a mom to 2 daughters and lots of bonus kids.

Nathan Sweaney is a Principal Security Consultant with Secure Ideas. He has a wide range of experience in networking, systems administration, and development spanning 2 decades in IT and more than half of that in information security. Nathan has a considerable amount of experience with point-of-sale environments and managing compliance regulations such as PCI. He excels at finding practical, operationally feasible approaches for businesses to mitigate threats and minimize compliance obligations such as HIPAA and PCI.

Nathan regularly conducts security training, both publicly and privately, including secure coding techniques, network and application penetration testing, and more. He has spoken at security events such as DEFCON, BSidesLV, ShowMeCon, and the FBI’s Information Warfare Summit, as well as a wide variety of industry-specific events. He’s one of the core organizers of BSidesOK and has served on the board of directors for ISSA Oklahoma, OWASP® Tulsa, and the Hackers of Oklahoma Enterprises Syndicate.

He has the CISSP and has previously held the GPEN, GWAPT, and GAWN certifications.

Before coming to Secure Ideas, Eric spent close to 20 years working with Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest banks. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting tool sets required to monitor its health and integrity. He also holds the CISSP certification. 

This experience has given Eric a very strong knowledge of a variety of Microsoft products and best practices.

Meet Mic Whitehorn, an accomplished Senior Security Consultant and Development Lead at Secure Ideas, with a rich background in information security, penetration testing, and software development. With over a decade of technical consulting experience, Mic has successfully served diverse industries, including finance, marketing, insurance, entertainment, and pharmaceuticals.

 

Throughout his career, Mic has contributed significantly to the field of application security and penetration testing. His expertise extends to working with widely-used, modern technologies such as Node.js, serverless applications, and cloud services. Leveraging his in-depth understanding of application and browser behavior, Mic has been instrumental in safeguarding critical systems and sensitive data for his clients.

 

Having a developer's mindset, Mic approaches security challenges from multiple angles, providing unique insights and actionable recommendations. His belief in the power of collaboration has led him to forge strong partnerships with defenders, ensuring a holistic approach to cybersecurity that effectively mitigates risks.

 

Mic's passion for secure coding practices has influenced the development community positively. Through accessible training sessions, he shares his knowledge on secure coding methodologies, advanced web proof-of-concept development, and securing microservice API architecture, inspiring developers to create robust and resilient applications.

 

Recognized as an adept communicator, Mic effortlessly translates complex security concepts into practical guidance for stakeholders across all levels of an organization. From development teams seeking advice to executives making strategic decisions, Mic's ability to bridge the gap between technical intricacies and business implications makes him a sought-after expert.

 

In a rapidly evolving digital landscape, Mic Whitehorn remains at the forefront, dedicated to making the virtual world a safer place for businesses and users alike. His unwavering commitment to excellence and passion for information security continue to drive his pursuit of innovative solutions and cutting-edge methodologies.

As the Director of Revenue Operations, Andrew brings a wealth of experience in project management and a deep understanding of client organizations across diverse industries. With close to a decade of proven leadership as the former Business Development and Project Manager, Andrew has been instrumental in managing client expectations and driving growth for Secure Ideas.

 

Andrew's unique perspective, derived from both management expertise and a strong research background, enriches the Secure Ideas team, enabling them to consistently deliver exceptional results. A driving force behind the growth of the Professionally Evil brand and the Secure Ideas name, Andrew works tirelessly to expand the company's reach and impact.

 

Having earned a Bachelor of Arts degree in History from The University of North Florida, Andrew combines his academic foundation with a passion for innovation, empowering Secure Ideas to navigate and excel in the ever-evolving landscape of cybersecurity.

 

In his role as the Director of Revenue Operations, Andrew continues to lead with dedication and strategic vision, ensuring Secure Ideas remains at the forefront of success and excellence.

Meghan Olsen is the Marketing Lead at Secure Ideas. For over four years, she has worked in marketing with online advertising, even website design, and SEO. Before then, Meghan was the lead weather anchor for a local TV station in Western Montana where she learned to understand different audiences and be able to connect with them.

In her free time, she likes to play co-ed sports with her husband, or you can find them at the beach with their two golden retrievers soaking up the sun... Since they didn't get as much sun in Montana as they do in Florida.

Bill McCauley is a Senior Security Consultant with Secure Ideas. He is a USAF Veteran and has worked with various electronics and IT systems over 20 years. His background covers a wide variety of industries including DoD, Healthcare, Education, Energy, and Security.

Bill has a strong interest in security, system administration, and training. His work experience includes system administration of various DoD and Healthcare systems within both Unix and Windows environments. He taught several Health IT classes for Lake Region State College. He has also spent a few years working with NERC CIP Compliance.

Bill holds a Bachelor of Science in Management/Computer Information Systems from Park University.

Travis Phillips is a Senior Security Consultant with Secure Ideas. Before joining Secure Ideas, he worked in the medical field as a data analyst & web/software developer before moving on to information security doing SOC work. He later moved on to product security testing for embedded systems on several architectures and device types. Travis also enjoys CTF’s & wargames for hacking challenges as a pastime.

Travis has developed a strong skill set towards application security as a result of both working in the development and security fields, reviewing the security of applications in both roles. Travis enjoys teaching at local professional groups and conferences when he can and building tools to make security testing faster and easier.

Jon Knepp is a dedicated Senior Security Consultant at Secure Ideas, bringing over two decades of experience in systems administration, infrastructure architecture, and technical leadership. His extensive career has spanned sectors including Financial Services, Healthcare, Big Data Analytics, and the Oil & Gas industry, and has encompassed roles in organizations of all sizes, from agile startups to multinational corporations.

 

With a professional background that embraces both technical proficiency and business acumen, Jon has a comprehensive perspective on how an organization's scale and complexity can influence risk management. Understanding the importance of process and repeatability, Jon adeptly uses this knowledge to develop strategies tailored to address the unique security needs of each organization. An accomplished scripter, he has refined his skills in PowerShell since its emergence, creating key process integration automations essential to various roles throughout his career.

 

Jon is particularly passionate about supporting small to medium-sized businesses in their cybersecurity endeavors. In this vein, he has produced numerous webcasts specifically tailored for these organizations, offering valuable insights into building robust cybersecurity programs. By sharing his expertise and insights, Jon aims to empower these businesses to build stronger, more secure digital environments.

Doug Bigalke is a seasoned security consultant with Secure Ideas, with experience performing penetration tests, security architecture reviews, and vulnerability assessments.  In addition to this, Doug leverages a broad knowledge base in cloud infrastructure, including AWS and Azure, to support and maintain Secure Ideas internal infrastructure.

His tenure at Secure Ideas has been marked by his ability to streamline technical processes, which has led to significant improvements in the company's workflow and efficiency.  Beyond this, Doug oversees the management of hardware assets, ensuring that each component of Secure Ideas' operations performs at optimal capacity.

Doug's industry experience extends beyond Secure Ideas.  With a solid 15 years in the healthcare and financial sectors, Doug spent time developing data warehousing solutions and providing business intelligence insights.  These experiences and his current role have afforded Doug a unique perspective on security needs across diverse sectors.

Doug's colleagues often describe him as the "salt of the earth," noting his down-to-earth nature and strong work ethic.  Outside the confines of his professional life, Doug is an avid robotics enthusiast.  His passion for building robots is peppered with a fascination for machine learning, a testament to his curiosity and eagerness to learn and grow continuously.

Cory Sabol is a Senior Security Consultant with a background in Artificial Intelligence, web development, and game development.

 

Cory has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals.  Cory also has considerable experience with API security.  He has developed custom API security testing frameworks and tooling.

 

Currently he is researching Artificial Intelligence security, and developing techniques and content on this subject.

Alex Rodriguez is a security consultant with experience in Linux systems administration, Infrastructure as Code development, container platforms, automation development, and various CI/CD platforms. In his roles at Secure Ideas, he is one of the main admins of their production systems and all things automation. He utilizes Amazon Web Services, terraform, packer, vagrant, ansible, and also gets to work with clients on improving their infrastructure through penetration tests. Besides client work and system administration, he loves giving workshops and presenting on his various projects to the community. When he is not working, he is listening to as many podcasts as he can while continually improving in security, blogging, and coding.

Jennifer is a Senior Security Consultant with Secure Ideas with a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities. She has experience performing penetration tests against web applications, mobile software and platforms, and social engineering.

Jennifer discovered a passion for computers and problem solving at a young age. She bought Steal This Computer Book 2.0, by Wallace Wang, with one of her first paychecks, and became enamored with hacking and cyber security. While pursuing her degree she dedicated time to teaching computing skills to underrepresented minorities. She is the co-leader for the TOOOL chapter in Jacksonville, FL. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.

In her free time, she likes gaming, playing around with SDR’s, and painting.

Kathy Collins  is a Security Consultant at Secure Ideas.  She performs penetration testing, Scout services, and produces the bi-weekly Professionally Evil Podcast.  Kathy studied Cybersecurity at Fullstack Academy New York, holds a CompTia Security+ certification and is studying for the CISSP exam.  Kathy’s background consists of 20 years of non-profit, education and corporate  experience in the hospitality industry.  She enjoys writing, 80’s horror movies, the outdoors, hands-on projects, cooking, and building and modifying mechanical keyboards.

Aaron Moss is a Senior Consultant for Secure Ideas.  With almost 20 years in various technical roles ranging from Helpdesk to IT Consultant to Director of IT Operations, he has expertise in multiple areas and disciplines.  He particularly enjoys network pentesting, an area he specializes in.  

 

Aaron is excited to be one of the co-founders and organizers for Oklahoma’s largest Information Security/Hacker conference, BSides Oklahoma.  Participating in BSidesOK is a humbling and rewarding experience which allows him to connect with other IT and Security experts in Oklahoma and the surrounding states. 

 

Outside of hacking all the things, he loves spending time with Jade (his wife) and family playing games of all kinds, watching Horror movies (especially slashers!), air drumming to Cannibal Corpse and Slayer, or making random gory and grotesque horror movie/haunted house props and masks. 

Simon Davis serves as a full-stack web developer at Secure Ideas. His expertise is grounded in over four years of professional experience in front-end development, primarily serving the healthcare and security industries, complemented by over a year of experience in cloud and back-end development. 

Beyond his professional life, Simon has a diverse range of interests that include rock climbing, practicing karate, gaming, and reading books. An explorer at heart, he revels in the discovery of both new and age-old solutions to everyday challenges. This unique fusion of skill sets and interests positions Simon as a vital contributor in our mission to deliver practical and effective solutions for our clients.

Meet Simon Bremner, a full-stack developer and an expert in user experience design (UX). With a keen focus on human/machine interfacing and data consumption patterns, Simon creates seamless and visually captivating digital experiences.

As a full-stack developer, Simon's expertise spans the entire web development spectrum, enabling him to craft feature-rich and intuitive applications. His extensive knowledge of various programming languages and frameworks empowers him to deliver exceptional user experiences.

With almost a decade of Graphic/Product Design experience, Simon's unique strength lies in understanding user behavior and psychology, shaping his user-centric approach to interface design. By prioritizing user needs and preferences, he ensures that his creations are not only aesthetically pleasing but also intuitive.

When Simon isn't working, you'll find him building guitar pedals, capturing moments through his photography, immersing himself in a new JavaScript framework, or kicking a soccer ball around.

Josh Kemp is a dynamic and vibrant addition to the Secure Ideas team, where he takes on the role of a Security Consultant in Scout Services. His unconventional journey into cybersecurity started in the service industry, where he honed his expertise as a DJ and Bar Manager. Amid the melodies and mixes, Josh found a fascination with computers and information systems, revealing a natural inclination toward technology. This newfound passion sparked a career pivot, leading him to pursue a degree in Computer Information Technology. His background in the service industry and education have endowed him with a unique blend of skills to perform security assessments.

When Josh isn't meticulously inspecting systems for security vulnerabilities or studying to broaden his technical knowledge, he finds solace in his affinity for electronics. He enjoys delving into the intricate world of turntables and other small electronics, repairing and modifying them. This hobby not only exhibits his deep-rooted fascination for technology but also serves as a testament to his patience and meticulous attention to detail.

Larry Hammond is a Senior Security Consultant for Secure Ideas, where he helps clients find vulnerabilities and architectural issues in their systems. He has a wealth of experience in different security roles, from information protection to technical sales to penetration testing. He knows the ins and outs of securing networks, as well as the benefits and risks involved.

Larry has worked with various industries, performing application, network, and wireless security testing. He has also been a sales engineer for security detection and response products, where he learned about the challenges of defending large enterprise networks from cyberattacks.

Larry is thrilled to be back in security consulting, where he can use his skills and knowledge to make the digital world a safer place. When he's not hacking away at his keyboard, he likes to create metal furniture and art that showcase his creativity and craftsmanship.