Welcome to my new blog! The intent of this page is to post on security issues that I’m researching or witness during penetration testing engagements. I hope this page will serve as a reference for other penetration testers as well as system administrators (as I will often propose mitigation strategies for issues presented). Please feel free to leave any constructive feedback as I begin posting.
I’m an penetration tester who got his start as a government employee working for the Department of Defense (DOD) in a five-sided building. During this time, I got hands-on experience building, growing and “selling” proactive security services (IT Auditing, Penetration Testing, Software Assurance) to a variety of DOD customers that utilized our network. While this work was centered around the management of these programs (as is the life of a IT government employee), I began to thoroughly understand the underlying security methodologies utilized, from checklist-based compliance auditing through highly-technical security assessments and penetration tests. I had the pleasure of working with very talented security folks, some of which are leaders in their respective areas.
Slowly but surely, my technical competency built up as I snuck in hands-on experience, working on projects for my programs. In 2014, I decided that enough was enough, and that I wanted to graduate from managing security programs to actually banging on the keyboard and becoming a penetration tester. I sat for and passed my Offensive Security Certified Professional (OSCP) in February 2015, after four grueling months slaving away in the Penetration Testing with Kali (PWK) labs.
I ended up leaving government service and now I work full-time as a penetration testing consultant. Hopefully, you enjoy the journey through this blog as much as I enjoy writing it!