The Secure Ideas Difference

Kevin Johnson is CEO of Secure Ideas, a consulting company dedicated to security testing and training. Kevin passionately advocates for cybersecurity through his work with Secure Ideas and as a faculty member at IANS. During his over 30 years in the industry, Kevin acted as an instructor and author for the SANS institute. He also contributed to a number of open-source projects, including OWASP SamuraiWTF (a web pen-testing training environment), Laudanum (a collection of injectable web payloads) and Yokoso (an infrastructure fingerprinting project) and was the founder and lead of the BASE project for Snort. Kevin has served as an expert witness in court cases involving cybersecurity.

Kevin began his IT career in system administration and application development. He went on to build incident response and forensic teams, architect security solutions for large enterprises and pen test everything from government agencies to Fortune 100 companies. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing, and SEC571: Mobile Device Security. In 2010 Kevin established Secure Ideas, LLC.

Kevin understands that the path to security is through education and information sharing. As a result, Kevin participates in various podcasts and training activities. He is regularly invited to keynote cybersecurity events like ISSA, GrrCon, and ShowMeCon. He has also spoken at many conferences including RSA, DEF CON, OWASP, DerbyCon, ShmooCon, and BlackHat.

When not immersed in consulting, testing, and educating, Kevin loves spending time with his daughters and exploring woodworking and costuming with the 501st Legion.

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

Jason co-built and managed an award-winning application security design and testing program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to large internal technical audiences and led the development of best practices code and documentation for the same. Jason is especially passionate about integration of security best practices with the SDLC.

Jason holds his CISSP and has conducted training and talks at numerous information security conferences including OWASP® AppSecUSA, Charlotte-Metro ISSA Summit, multiple BSides events (CLT, CHS, AVL, OKC), Hackfest (Canada), Carolinacon, and more. He is also the author of several Burp extensions including CO2 and Paramalyzer, and an active contributor to other open-source projects with a current focus on SamuraiWTF.

As the Chief Operations Officer, Andrew brings a wealth of experience in project management and a deep understanding of client organizations across diverse industries. With close to a decade of proven leadership as the former Business Development and Project Manager, Andrew has been instrumental in managing client expectations and driving growth for Secure Ideas.

Andrew's unique perspective, derived from both management expertise and a strong research background, enriches the Secure Ideas team, enabling them to consistently deliver exceptional results. A driving force behind the growth of the Professionally Evil brand and the Secure Ideas name, Andrew works tirelessly to expand the company's reach and impact.

Having earned a Bachelor of Arts degree in History from The University of North Florida, Andrew combines his academic foundation with a passion for innovation, empowering Secure Ideas to navigate and excel in the cybersecurity field.

In his role as the Chief Operations Officer, Andrew continues to lead with dedication and strategic vision, ensuring Secure Ideas remains at the forefront of success and excellence.

Before coming to Secure Ideas, Eric spent close to 20 years working with Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest banks. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting tool sets required to monitor its health and integrity. He also holds the CISSP certification. 

This experience has given Eric a very strong knowledge of a variety of Microsoft products and best practices.

Meet Mic Whitehorn, an accomplished Senior Security Consultant and Development Lead at Secure Ideas, with a rich background in information security, penetration testing, and software development. With over a decade of technical consulting experience, Mic has successfully served diverse industries, including finance, marketing, insurance, entertainment, and pharmaceuticals.

Throughout his career, Mic has contributed significantly to the field of application security and penetration testing. His expertise extends to working with widely-used, modern technologies such as Node.js, serverless applications, and cloud services. Leveraging his in-depth understanding of application and browser behavior, Mic has been instrumental in safeguarding critical systems and sensitive data for his clients.

Having a developer's mindset, Mic approaches security challenges from multiple angles, providing unique insights and actionable recommendations. His belief in the power of collaboration has led him to forge strong partnerships with defenders, ensuring a holistic approach to cybersecurity that effectively mitigates risks.

Mic's passion for secure coding practices has influenced the development community positively. Through accessible training sessions, he shares his knowledge on secure coding methodologies, advanced web proof-of-concept development, and securing microservice API architecture, inspiring developers to create robust and resilient applications.

Recognized as an adept communicator, Mic effortlessly translates complex security concepts into practical guidance for stakeholders across all levels of an organization. From development teams seeking advice to executives making strategic decisions, Mic's ability to bridge the gap between technical intricacies and business implications makes him a sought-after expert.

In a rapidly evolving digital landscape, Mic Whitehorn remains at the forefront, dedicated to making the virtual world a safer place for businesses and users alike. His unwavering commitment to excellence and passion for information security continue to drive his pursuit of innovative solutions and cutting-edge methodologies.

After spending 15 years mastering the intricacies of regulatory compliance and corporate governance in the legal field, Britiney made a bold pivot into cybersecurity that would prove to be a perfect blend of her legal expertise and passion for security. Since 2020, she has focused on developing her expertise in red teaming and penetration testing, bringing a unique legal perspective to identifying and addressing security vulnerabilities.
During her three years working with Florida state government agencies, Britiney helped streamline the procurement process by onboarding vendors to facilitate state agencies' access to essential cybersecurity products and services through the Florida Cyber Grant Program. Now, as a business development professional at Secure Ideas, Britiney channels her enthusiasm for penetration testing into helping organizations evaluate and understand their security challenges. Her rare combination of legal acumen and technical expertise makes her a trusted advisor who understands both compliance requirements and the practical aspects of security testing.
When she's not immersed in the world of cybersecurity, Britiney is an enthusiastic road cyclist and dedicated dog mom. You'll find her either exploring new biking routes, diving into epic battles in Destiny 2, or spending quality time with her beloved dogs, Pig and Bean.

Bill McCauley is a Senior Security Consultant with Secure Ideas. He is a USAF Veteran and has worked with various electronics and IT systems over 20 years. His background covers a wide variety of industries including DoD, Healthcare, Education, Energy, and Security.

Bill has a strong interest in security, system administration, and training. His work experience includes system administration of various DoD and Healthcare systems within both Unix and Windows environments. He taught several Health IT classes for Lake Region State College. He has also spent a few years working with NERC CIP Compliance.

Bill holds a Bachelor of Science in Management/Computer Information Systems from Park University.

Joining the Secure Ideas team, Giovanni Cofré brings over 26 years of Information Technology
experience, focusing on securing and defending Corporate networks, Operational Technology
(OT) environments, and high-profile E-commerce sites since 2000. His passion for the
Information Security discipline is matched by a commitment to mentoring future Security
professionals, sharing his wide-ranging experience, and fostering a culture of Security
awareness. Giovanni's knowledge and skills span multiple industries in both the Private and
Public sectors, where he has successfully designed and implemented security frameworks to
protect infrastructures. He has led the development of robust Security programs, architecture
assessments based on CIS CSC, HITRUST, PCI, and NIST frameworks, and provided strategic
direction to mitigate risks across Corporate and OT platforms. Giovanni’s hands-on experience
in vulnerability scanning, penetration testing, and the creation of practical Security processes,
standards, and policies has made him a trusted advisor among peers.

Giovanni's career includes notable roles in the E-commerce and Energy industries, where he
trained and established secure coding practices, and guided maturing strategies for enterprise
environments. His dedication to leveraging environment focused practices to meet business
needs, combined with a passion for mentoring and knowledge sharing, defines his approach to
building resilient infrastructures and driving successful Security programs.

When not focusing on the Information Security arena, Giovanni enjoys time with his family,
participating in adventure sports, and sharing his love for sliding down the mountain sideways
as an AASI level 2 Snowboard Instructor

Travis Phillips is a Senior Security Consultant with Secure Ideas. Before joining Secure Ideas, he worked in the medical field as a data analyst & web/software developer before moving on to information security doing SOC work. He later moved on to product security testing for embedded systems on several architectures and device types. Travis also enjoys CTF’s & wargames for hacking challenges as a pastime.

Travis has developed a strong skill set towards application security as a result of both working in the development and security fields, reviewing the security of applications in both roles. Travis enjoys teaching at local professional groups and conferences when he can and building tools to make security testing faster and easier.

Jon Knepp is a dedicated Senior Security Consultant at Secure Ideas, bringing over two decades of experience in systems administration, infrastructure architecture, and technical leadership. His extensive career has spanned sectors including Financial Services, Healthcare, Big Data Analytics, and the Oil & Gas industry, and has encompassed roles in organizations of all sizes, from agile startups to multinational corporations.

With a professional background that embraces both technical proficiency and business acumen, Jon has a comprehensive perspective on how an organization's scale and complexity can influence risk management. Understanding the importance of process and repeatability, Jon adeptly uses this knowledge to develop strategies tailored to address the unique security needs of each organization. An accomplished scripter, he has refined his skills in PowerShell since its emergence, creating key process integration automations essential to various roles throughout his career.

Jon is particularly passionate about supporting small to medium-sized businesses in their cybersecurity endeavors. In this vein, he has produced numerous webcasts specifically tailored for these organizations, offering valuable insights into building robust cybersecurity programs. By sharing his expertise and insights, Jon aims to empower these businesses to build stronger, more secure digital environments.

Cory Sabol is a Senior Security Consultant with a background in Artificial Intelligence, web development, and game development.

Cory has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals.  Cory also has considerable experience with API security.  He has developed custom API security testing frameworks and tooling.

Currently he is researching Artificial Intelligence security, and developing techniques and content on this subject.

Jennifer is a Senior Security Consultant with Secure Ideas with a background in malware analysis, penetration testing, and teaching. She graduated with honors from Florida State College at Jacksonville’s networking program. An avid computer geek for most of her life, she began her journey in cybersecurity as a SOC Analyst where she showed an aptitude for both penetration testing and malware analysis. She was quickly promoted into a role that capitalized on her abilities. She has experience performing penetration tests against web applications, mobile software and platforms, and social engineering.

Jennifer discovered a passion for computers and problem solving at a young age. She bought Steal This Computer Book 2.0, by Wallace Wang, with one of her first paychecks, and became enamored with hacking and cyber security. While pursuing her degree she dedicated time to teaching computing skills to underrepresented minorities. She is the co-leader for the TOOOL chapter in Jacksonville, FL. Jennifer continues to be passionate about teaching and is eager to share her knowledge with anyone who will listen.

In her free time, she likes gaming, playing around with SDR’s, and painting.

Aaron Moss is a Senior Consultant for Secure Ideas.  With almost 20 years in various technical roles ranging from Helpdesk to IT Consultant to Director of IT Operations, he has expertise in multiple areas and disciplines.  He particularly enjoys network pentesting, an area he specializes in.  

Aaron is excited to be one of the co-founders and organizers for Oklahoma’s largest Information Security/Hacker conference, BSides Oklahoma.  Participating in BSidesOK is a humbling and rewarding experience which allows him to connect with other IT and Security experts in Oklahoma and the surrounding states. 

Outside of hacking all the things, he loves spending time with Jade (his wife) and family playing games of all kinds, watching Horror movies (especially slashers!), air drumming to Cannibal Corpse and Slayer, or making random gory and grotesque horror movie/haunted house props and masks. 

With more than 20 years of experience in information security, Jordan is passionate about helping companies and clients protect their data and applications from threats and vulnerabilities.  As a Principal Security Researcher he had led teams in conducting vulnerability management, risk assessments, penetration tests, and setting up boundaries to be compliant with standards for companies in different segments.

He contributed to significant projects, such as developing an integrated GNSS positioning system and an encryption communication protocol between ground and satellite at the Brazilian National Institute of Space Research. He also had the opportunity to speak at important security conferences around the globe, be a Professor and course coordinator at colleges, and also a consultant for the Brazilian police in crime solving.

Kathy Collins  is a Security Consultant at Secure Ideas.  She performs penetration testing, Scout services, and produces the bi-weekly Professionally Evil Podcast.  Kathy studied Cybersecurity at Fullstack Academy New York, holds a CompTia Security+ certification, and she also holds the CISSP certification. Kathy’s background consists of 20 years of non-profit, education and corporate  experience in the hospitality industry.  She enjoys writing, 80’s horror movies, the outdoors, hands-on projects, cooking, and building and modifying mechanical keyboards.

Alex Rodriguez is a security consultant with experience in Linux systems administration, Infrastructure as Code development, container platforms, automation development, and various CI/CD platforms. In his roles at Secure Ideas, he is one of the main admins of their production systems and all things automation. He utilizes Amazon Web Services, terraform, packer, vagrant, ansible, and also gets to work with clients on improving their infrastructure through penetration tests. Besides client work and system administration, he loves giving workshops and presenting on his various projects to the community. When he is not working, he is listening to as many podcasts as he can while continually improving in security, blogging, and coding.

Doug Bigalke is a seasoned security consultant with Secure Ideas, with experience performing penetration tests, security architecture reviews, and vulnerability assessments.  In addition to this, Doug leverages a broad knowledge base in cloud infrastructure, including AWS and Azure, to support and maintain Secure Ideas internal infrastructure.

His tenure at Secure Ideas has been marked by his ability to streamline technical processes, which has led to significant improvements in the company's workflow and efficiency.  Beyond this, Doug oversees the management of hardware assets, ensuring that each component of Secure Ideas' operations performs at optimal capacity.

Doug's industry experience extends beyond Secure Ideas.  With a solid 15 years in the healthcare and financial sectors, Doug spent time developing data warehousing solutions and providing business intelligence insights.  These experiences and his current role have afforded Doug a unique perspective on security needs across diverse sectors.

Doug's colleagues often describe him as the "salt of the earth," noting his down-to-earth nature and strong work ethic.  Outside the confines of his professional life, Doug is an avid robotics enthusiast.  His passion for building robots is peppered with a fascination for machine learning, a testament to his curiosity and eagerness to learn and grow continuously.

Josh Kemp is a dynamic and vibrant addition to the Secure Ideas team, where he takes on the role of a Security Consultant in Scout Services. His unconventional journey into cybersecurity started in the service industry, where he honed his expertise as a DJ and Bar Manager. Amid the melodies and mixes, Josh found a fascination with computers and information systems, revealing a natural inclination toward technology. This newfound passion sparked a career pivot, leading him to pursue a degree in Computer Information Technology. His background in the service industry and education have endowed him with a unique blend of skills to perform security assessments.

When Josh isn't meticulously inspecting systems for security vulnerabilities or studying to broaden his technical knowledge, he finds solace in his affinity for electronics. He enjoys delving into the intricate world of turntables and other small electronics, repairing and modifying them. This hobby not only exhibits his deep-rooted fascination for technology but also serves as a testament to his patience and meticulous attention to detail.

Meet Pablo Vergara, newest member of the Secure Ideas team. He comes to us from a unique and interesting background, having acquired degrees in English Literature and Professional Studies - with a core concentration in Information Security.

With over fifteen years as a quality assurance analyst and engineer, he brings a "tester's mindset" to the role and is well-versed in being a voice for the client. As a Quality Assurance Engineer, he learned the fundamentals of testing, from functionality through accessibility, and applied automation frameworks to his manual testing process, serving to provide immediate feedback to found issues. As a result, he developed an affinity for coding, especially in python. He tested front-end and APIs, but always kept Security top-of-mind, being the champion for ensuring the app was secured as much as it was of sound quality.

His previous experience in the food service industry has fostered a drive to work in a collaborative manner as part of a team towards a common goal. Hospitality is in his blood and is a trait that will be of a tremendous benefit to any engagement.

Pablo's passion for security testing coupled with a verve for continuous learning will prove advantageous as he progresses in his career. He live to share what he's learned and is enthusiastic to pass on what he's learned, by way of blogging or contributing to internal documentation.

When he's not writing a test script, or blog post, he's writing fiction and has a few projects in the works.

DJ is a security consultant who has worked in IT for over 24 years. As a kid, he was always interested in electronics and tinkering with the hardware his dad would leave lying around. His curiosity with technology and his desire to help others with tech would culminate in him starting a small PC repair business during his late teens, eventually working as a systems administrator for the majority of his career. During that time he often took on multiple roles at once, including help desk support, network and systems administration, embedded systems engineering, automation and internal software QA work. Exposure to such a diverse set of technologies and disciplines throughout his IT career resulted in DJ’s well-rounded generalist approach to solving issues and creating solutions.

In addition to his IT work, DJ actively assisted in local maker communities by teaching soldering and Linux introductory courses. He also participated in his local DefCon chapter, DC407, where his passion for information security would exponentially grow. 

Shortly after the pandemic, DJ made the decision to pivot into information security, finding that his generalist approach to IT perfectly overlapped with solving and addressing security issues. He would go on to become actively involved in various CTFs and the infosec community at large, working to help encourage others into joining the field regardless of their background.

When not working, DJ enjoys playing the piano, speed-running video games, and performing gaming or information security-related streams on platforms like Twitch.  Just like when he was a kid, he still loves poking at electronics to see what he can make them do.

Meet Simon Bremner, a full-stack developer and an expert in user experience design (UX). With a keen focus on human/machine interfacing and data consumption patterns, Simon creates seamless and visually captivating digital experiences.

As a full-stack developer, Simon's expertise spans the entire web development spectrum, enabling him to craft feature-rich and intuitive applications. His extensive knowledge of various programming languages and frameworks empowers him to deliver exceptional user experiences.

With almost a decade of Graphic/Product Design experience, Simon's unique strength lies in understanding user behavior and psychology, shaping his user-centric approach to interface design. By prioritizing user needs and preferences, he ensures that his creations are not only aesthetically pleasing but also intuitive.

When Simon isn't working, you'll find him building guitar pedals, capturing moments through his photography, immersing himself in a new JavaScript framework, or kicking a soccer ball around.