Background
I help clients understand what their attack surface is, how attackers can target the various aspects of it, and what they can do to minimize some of the threats they are faced with. While I have spent the entirety of my professional career in cybersecurity, I was initially drawn to the industry because of my obsession with learning and understanding how computers and networks work at a deeper level—and in turn, how to break them.
My Approach
I take a scientific approach to my work, which seemingly creates good outcome-based results in an industry that needs to be driven by facts. The majority of my experience has been in performing in-depth penetration testing—identifying vulnerabilities and risks within different networks, systems, and identity systems, demonstrating the impact of these items through exploitation, and advising on strategies to remediate, mitigate, and/or compensate for those risks.
Current Focus
I now work closely with clients to implement controls that decrease risk around different areas of their attack surfaces. This includes building programs and implementing controls within the following areas for clients across industries and of varying sizes:
- Identity and Access Management (IAM) – Securing authentication and authorization
- Vulnerability Management (VM) – Continuous identification and remediation
- Application Security – Building security into the development lifecycle
- Cloud Security – Protecting cloud infrastructure and workloads
Why This Work Matters
I used to think it was powerful to be able to take over organizations again and again. After having conversations with more and more clients, I realized over time the difficulty and intricacies there are to continuously identify these problems and fix them at scale.
While there may be technical solutions to mitigating cyber risks, there are resource constraints, business considerations, and other priorities that increase the complexity dramatically. This is a much harder and complex problem to solve for, which is why I am focusing on building off of established foundations of preventative cybersecurity to help organizations keep taking steps in the right direction.
Credentials & Background
OSCP
Offensive Security
Indiana University
Bloomington
Let's Connect
Have questions about cybersecurity or risk management? I'd love to hear from you.
Subscribe to my newsletter
Get notified when I publish new articles and share exclusive insights on cybersecurity.
No spam, unsubscribe anytime. Powered by Buttondown.