About

Kevin Johnson

Chief Executive Officer

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Kevin has performed a large number of trainings, briefings and presentations for both public events and internal trainings. He is the author of three SANS Institute classes: SEC542: Web Application Penetration Testing and Ethical Hacking, SEC642: Advanced Web Application Penetration Testing and SEC571: Mobile Device Security. Kevin has also presented at a large number of conventions, meetings and industry events. Some examples of these are: DerbyCon, ShmooCon, DEFCON, Blackhat, ISACA, Infragard and ISSA.

Kevin is also very involved in the open source community. He runs a number of open source projects. These include SamuraiWTF; a web pen-testing environment, Laudanum; a collection of injectable web payloads, Yokoso; an infrastructure fingerprinting project and a number of others. Kevin is also involved in MobiSec and SH5ARK. Kevin was the founder and lead of the BASE project for Snort before transitioning that to another developer.

In his free time, Kevin enjoys spending time with his family and is an avid Star Wars fan and member of the 501st Legion (Star Wars charity group).

About

Denise Johnson

President

Denise Johnson is the President of Secure Ideas. She has over fifteen years of experience in business and organizational administration. Denise comes from a career in financial services and customer relations. She is responsible for the day to day operations of Secure Ideas and ensuring this team runs well together.

About

Jason Gillam

Chief Information Officer

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

Jason co-built and managed an award-winning application security design and testing program at one of the world's largest financial institutions. He also provided numerous application security training and awareness briefings to large internal technical audiences and led the development of best practices code and documentation for the same. Jason is especially passionate about integration of security best practices with the SDLC.

Jason holds his CISSP and has conducted training and talks at numerous information security conferences including OWASP AppSecUSA, Charlotte-Metro ISSA Summit, multiple BSides events (CLT, CHS, AVL, OKC), Hackfest (Canada), Carolinacon, and more. He is also the author of several Burp extensions including CO2 and Paramalizer, and an active contributor to other open-source projects with a current focus on SamuraiWTF.

About

Nathan Sweaney

Senior Security Consultant

Nathan Sweaney is a Senior Security Consultant with Secure Ideas. He has a wide range of experience in networking, systems administration, and development spanning 18 years in IT and more than 10 in information security. Nathan has a considerable amount of experience with point-of-sale environments and managing compliance regulations such as PCI. He excels at finding practical, operationally feasible approaches for businesses to mitigate threats and minimize compliance obligations such as HIPAA and PCI.

Nathan regularly conducts security training, both publicly and privately, including secure coding techniques, network and application penetration testing, and more. He has spoken at security events such as DEFCON, BSidesLV, ShowMeCon, and the FBI’s Information Warfare Summit, as well as a wide variety of industry-specific events. He’s one of the core organizers of BSidesOK and serves on the board of directors for ISSA Oklahoma, OWASP Tulsa, and the Hackers of Oklahoma Enterprises Syndicate.

He has held the GPEN, GWAPT, and GAWN certifications.

About

Mic Whitehorn-Gillam

Senior Security Consultant

Mic Whitehorn-Gillam is a senior security consultant for Secure Ideas. Before entering the information security field he spent about a decade in web application architecture and development, and nearly five years in systems integration consulting. He possesses broad knowledge across many programming languages ranging from legacy COBOL to enterprise Java and C# to modern Ruby, Python, and JavaScript.

Mic is a perennial open-source contributor, having guided the Musashi and the Client Script Injection Kit (CSIK) projects, in addition to his contributions on SamuraiWTF and Arrrspace. He also strongly believes in providing quality developer training, having provided accessible public classes at a number of conferences. Mic’s class topics have included secure coding, advanced web proof-of-concept development, and attacking and securing microservice API architecture.

When he finds a moment spare time, Mic enjoys experimenting with sophisticated cross-site scripting payloads, building computers, and trail running.

About

Eric Kuehn

Senior Security Consultant

Before coming to Secure Ideas, Eric spent close to 20 years working with Microsoft infrastructures for large Fortune 100 companies. Since its release, his core focus has been Active Directory. He was the technical leader and responsible for the engineering and architecture of one of the most complex and largest AD infrastructures used by one of the world’s largest banks. This included ongoing maintenance and major enhancements of not only a highly secure authentication environment, but also of all the supporting tool sets required to monitor its health and integrity.

This experience has given Eric a very strong knowledge of a variety of Microsoft products and best practices.

About

Bill McCauley

Senior Security Consultant

Bill McCauley is a Senior Security Consultant with Secure Ideas. He is a USAF Veteran and has worked with various electronics and IT systems over the past 18 years. His background covers a wide variety of industries including DoD, Healthcare, Education, Energy, and Security.

Bill has a strong interest in security, system administration, and training. His work experience includes system administration of various DoD and Healthcare systems within both Unix and Windows environments. He taught several Health IT classes for Lake Region State College. He has also spent a few years working with NERC CIP Compliance.

Bill holds a Bachelor of Science in Management/Computer Information Systems from Park University.

About

Larry Franklin

Security Consultant

Larry Franklin is a 20 year US Navy Veteran with a reputation for attention to detail and high quality workmanship standards. His work history and life includes a personal demand for integrity, safety, quality standards and worthiness. Larry bring to Secure Ideas a strong background in electronics, physical security and operation of encryption embedded devices. He also has experience and skills in interpreting and compliance with blueprints, engineering drawings, technical directives and is proficient in multiple computer platforms.

He has hands on experience with electronics troubleshooting, network, wireless testing, web app testing, network vulnerability assessment and configuration of network servers running in a virtual environment.

About

Andrew Kates

Account Manager

Andrew Kates is an account manager for Secure Ideas. He has extensive experience as a project coordinator, effectively managing client expectations across multiple industries. His management experience, coupled with his research background, brings a unique perspective to the Secure Ideas team.

Andrew works with clients and analysts to test, report, and provide support for Secure Ideas Scout Services, including web testing, network scanning, and social engineering campaigns. Always trying to stay ahead of the curve, Andrew also works to grow the Scout brand through advertising and marketing.

Andrew earned a Bachelor of Arts degree in History from The University of North Florida. He is a Jacksonville native, die hard Jaguars fan, and resident dance enthusiast at Secure Ideas.

About

Ben Faircloth

Security Consultant

Ben Faircloth is a Security Training Specialist, Graphic Artist, and Scout Analyst for Secure Ideas.

He has a background in physical security from working Law Enforcement for nearly a decade. During this time, he ran control rooms, managed secure facilities, and processed sensitive information. Ben also has a Bachelors of Science degree in Information Technology and Criminal Justice, which he graduated Summa Cum Laude in his class.

His passion is to combine his experience, the knowledge that he has learned, and his ability to adapt to the needs of technology to provide a safe and secure environment for Secure Ideas. In his time at Secure Ideas, Ben was a big part of creating our animated User Awareness and testing program. Ben is also responsible for many of the graphics that Secure Ideas uses in their logos, promotional materials, and social media. As an Analyst, he provides Scout services such as Network, Web, and User testing and reporting for many of Secure Idea’s clients.

About

Doug Bigalke

Security Consultant

Doug Bigalke is a Security Consultant with Secure Ideas. He performs penetration testing, architecture reviews, and Scout services. Doug has earned a Bachelors of Science in Information Technology. He has performed business analytics and process improvement via Business Intelligence and is currently exploring machine learning. Doug comes to Secure Ideas from 15 years in the healthcare and financial industries and has spent several years developing data warehousing and business intelligence solutions.

About

Greg Stanley

Security Training Coordinator

Gregory Stanley is the Training Coordinator for Secure Ideas. He retired from the United States military after serving 22 years in both the Army and the Air Force. As a Soldier he served in Military Intelligence as a tactical morse code interceptor/analyst, he then exited active duty and became a corrections officer while also serving in the Army Reserves as Military Police officer. He decided to continue his career in the military and joined the U.S. Air Force as a Security Force specialist. He held many positions throughout his career specializing in Law Enforcement, Anti-Terrorism, Physical Security and Personal Security. It was in this time he discovered his passion for training attending DoD and USAF instructor courses. While being a trainer he has written and taught hundreds of courses from basic Law Enforcement skills to the protection of USAF Priority Level one assets.

About

Cassie Faircloth

Security Consultant

Cassie Faircloth is a Scout Analyst with Secure Ideas. She has a Bachelors of Science degree in Computer Animation, graduating with ‘Advanced Achievement’, an award presented to one student per graduating class. Her eagerness to learn new things, her love for technology, and her ability to process data brought her to branch out into the technical side of Secure Ideas’ Scout program. As an Analyst, Cassie provides Scout services to our clients such as Network, Web, and User testing and reporting.

About

Cory Sabol

Security Consultant

Cory Sabol is a consultant with a background in web development, web research, and machine learning research. He has several published academic research papers on user identification using WebID. In addition to web research he has conducted research work on botnet detection using machine learning.

Cory has done substantial research on the topic of container security, focused primarily on Docker and Kubernetes. In addition to using these skills to identify and exploit misconfigurations during penetration testing engagements, Cory has taught workshops on this topic to other security professionals. He has developed the Harpoon open-source tool for fingerprinting and escaping containers, and led the development efforts on the Arrrspace containerized microservice training target.

He also dabbles in video game development and video game related security.

About

Alex Rodriguez

Security Consultant

Alex Rodriguez is a consultant who is passionate about Linux, systems automation, and networking. He is part of several security groups in the Charlotte area that have been paramount to his experiences in security. He loves new challenges, security conferences, and helping out the community and its members in any way that he can.

About

Ochaun Marshall

Security Consultant

Ochaun Marshall is a consultant with a background in education, big data, and machine learning. He has presented findings for the National Science Foundation on automated network intrusion detection, and taught courses on computer science and software development at the secondary and collegiate levels. He is passionate about software engineering instruction, computational ethics and secure software design in the SDLC.

In his spare time, he enjoys reading and listening to podcasts at x1.75 speed.

About

Nevil the Devil

Mascot, Professionally Evil

Nevil, whose name is a portmanteau of the words 'Nerdy' and 'Devil,' is the mascot of Secure Ideas' Professionally Evil brand. Nevil has been around ever since the first vulnerability was exploited, and he found work at Secure Ideas several years ago, because he has embodied the spirit of the Professional Ethical Hacker.

Dr. Faustus, the titular character in Goethe's famous drama, once asked Nevil, "Who are you, then?", to which Nevil resolutely replied, "I am part of that Force, which unwaveringly wills Evil, and which resultantly creates Good!"

It is this sentiment of 'Thinking Evil in order to Prevent Evil' that has become part of Secure Ideas' motto.

Interested in a

Career?