hero image
Jerod Brennen - Brennen Consulting. Columbus, OH, US

Jerod Brennen Jerod Brennen

Founder and Principal Consultant | Brennen Consulting

Columbus, OH, UNITED STATES

Storyteller, Teacher, Speaker, Advisor, & Security Architect (@slandail)

Media

Publications:

Documents:

Hacking Identity: A Pen Tester's Guide to IAM What you need to know about OSINT Implementing an Effective Third Party Risk Management Program Common Sense Security Framework Information Security Management 101

Photos:

Videos:

Audio:

Social

Biography

By day, I'm a storyteller, teacher, speaker, advisor, & security architect.

By night, I'm a husband, father, writer, filmmaker, martial artist, musician, and gamer.

I think it's fair to say that I've earned every gray hair in my beard, having spent my career fulfilling information security leadership roles in consulting, higher education, retail, and public utilities.

I like to share what I've learned over the years with local and regional information security professional organizations, at larger information security conferences, and online via blogs and podcasts. I also teach information security courses, online and in person, domestically and internationally.

At the end of the day, I just want to help folks get one step closer to doing what they want to do securely.

Industry Expertise (3)

Security

Computer/Network Security

Information Technology and Services

Areas of Expertise (4)

Cyber Security

Information Security

Identity and Access Management

Web Application Security

Education (2)

Franklin University: Post-Secondary Study, Computer Science

Capital University: Bachelor of Music, Music Education

Affiliations (2)

  • ISSA
  • (ISC)2

Languages (1)

  • English

Media Appearances (2)

Experts give advice on how to prevent baby monitor hacking

10TV  tv

2019-07-15

Interviewed regarding security advice for consumer-based technology

Media Appearance Image

view more

What it takes to be a security architect

CSO Online  online

2019-06-10

While the path to security architect varies, anyone considering the role should have a passion for IT infrastructure and protecting data.

view more

Event Appearances (123)

Enterprise Log Management

Central Ohio InfoSec Forum  Columbus, OH

2006-05-17

Sustainable PCI Compliance

Central Ohio InfoSec Summit  Columbus, OH

2008-05-13

How to Pwn the Data Center

Ohio Information Security Conference  Dayton, OH

2009-03-12

The Impact of PCI 2.0

Ohio Information Security Conference  Dayton, OH

2011-02-09

Security Outlook: The Next Five Years

Technology First Landscape  Dayton, OH

2011-05-11

Yes You Can: Securing the Mobile Enterprise

Central Ohio InfoSec Summit  Columbus, OH

2011-05-12

How to Securely Deploy and Manage Mobile Devices

Central Ohio ISACA Meeting  Columbus, OH

2011-05-19

How to Securely Deploy and Manage Mobile Devices

Mountaineer ISSA Meeting  Morgantown, WV

2011-07-12

Application Security 101: Back to the Basics

BrightTalk  online

2011-08-23

DDoS Attack Preparation and Mitigation

Ohio Information Security Forum  Dayton, OH

2011-09-08

How to Securely Deploy and Manage Mobile Devices

(ISC)2 Security Congress  Orlando, FL

2011-09-19

How to Securely Deploy and Manage Mobile Devices

Mobile & Smart Device Security Conference  Atlanta, GA

2011-10-04

Identity and Access Management 101

Central Ohio ISSA Meeting  Columbus, OH

2011-10-19

How to Securely Deploy and Manage Mobile Devices

BrightTalk  online

2011-10-27

How to Securely Deploy and Manage Mobile Devices

MDECA Meeting  Dayton, OH

2011-10-27

Application Security 101: Back to the Basics

Central Ohio ISACA Meeting  Columbus, OH

2011-11-10

The Impact of PCI 2.0

BrightTalk  online

2011-12-01

Bridging the Social Media Implementation / Audit Gap

Pittsburgh ISACA Meeting  Pittsburgh, PA

2011-12-05

Everything You Need to Know About PCI

CASE V Regional Conference  Chicago, IL

2011-12-11

Managing Mobile Risks

BrightTalk  online

2012-02-28

Identity and Access Management 101

Greater Cincinnati ISSA Meeting  Cincinnati, OH

2012-03-21

Mobile Device Security Workshop (full day)

InfoSec World Security Conference  Orlando, FL

2012-04-01

Security Architecture

Central Ohio ISSA, CISSP Preparation Class  Columbus, OH

2012-05-01

Mobile Security Panel Discussion

Central Ohio ISACA Meeting  Columbus, OH

2012-05-10

Information Security Management 101: The Fundamentals

Central Ohio InfoSec Summit  Columbus, OH

2012-05-18

Mobile Threats

The Ohio State University Security Working Group Meeting  Columbus, OH

2012-05-21

Defending Mobile Applications

Central Ohio OWASP Meeting  Columbus, OH

2012-06-14

Consumerization Panel

TechTomorrow  Columbus, OH

2012-09-26

DDoS Attack Preparation and Mitigation

GrrCON  Grand Rapids, MI

2012-09-28

Defending Mobile Applications

M3 Conference  Columbus, OH

2012-10-26

Mobile Device Security Workshop (full day)

Mobile & Smart Device Security Conference  Scottsdale, AZ

2012-10-29

Conducting a Risk Assessment for Mobile Devices

Mobile & Smart Device Security Conference  Scottsdale, AZ

2012-10-30

Information Security Management 101: The Fundamentals

Central Indiana ISSA Meeting  Indianapolis, IN

2013-01-12

Information Security Management 101: The Fundamentals

Greater Cincinnati ISSA Meeting  Cincinnati, OH

2013-02-20

Information Security Management 101: The Fundamentals

Ohio Information Security Conference  Dayton, OH

2013-03-13

Information Security Management 101: The Fundamentals

Ohio Information Security Forum  Dayton, OH

2013-03-14

Information Security Management 101: The Fundamentals

Northeast Ohio ISSA Meeting  Garfield Heights, OH

2013-04-11

Security Project Management Workshop (full day)

InfoSec World Security Conference  Orlando, FL

2013-04-06

Mobile Device Security Workshop (full day)

InfoSec World Security Conference  Orlando, FL

2013-04-07

Information Security Management 101: The Fundamentals

InfoSec World Security Conference  Orlando, FL

2013-04-08

Attacking (and Defending) Mobile Devices

Central Ohio ISSA Meeting  Columbus, OH

2013-04-17

Mitigating the Risks of BYOD

Central Ohio InfoSec Summit  Columbus, OH

2013-05-02

Information Security Management 101: The Fundamentals

Central Ohio ISACA Meeting  Columbus, OH

2013-05-09

Information Security Management 101: The Fundamentals

Secure360 Conference  Saint Paul, MN

2013-05-15

Auditing Mobile Devices

InSPN Meeting  Indianapolis, IN

2013-08-08

Information Security Management 101: The Fundamentals

Hacker Hotshots  online

2013-08-20

Attacking and Defending Mobile Applications

M3 Conference  Columbus, OH

2013-10-25

Common Sense Security Framework

BSides Columbus  Columbus, OH

2015-01-19

Running Your Apps Through the Gauntlt

Columbus OWASP  Columbus, OH

2016-01-28

What You Need to Know About OSINT

Central Ohio InfoSec Summit  Columbus, OH

2016-03-30

Implementing an Effective Third Party Risk Management Program (Workshop)

Cloud Security World  Boston, MA

2016-06-16

Implementing an Effective Third Party Risk Management Program

Central Ohio InfoSec Summit  Columbus, OH

2017-04-21

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)

Central Ohio ISSA  Columbus, OH

2017-05-17

A Common Sense Approach to Information Security

Cybersecurity Leadership Forum  Columbus, OH

2017-09-28

Cyber Security: Assuring Resilience in a World of Cyber Crime

11th Annual Nonprofit Perspectives  Columbus, OH

2017-10-25

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)

GrrCON  Grand Rapids, MI

2017-10-26

Managing the Risk of Smart Technologies

16th Annual Information Assurance Forum  Findlay, OH

2017-11-01

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)

Information Security Summit  Independence, OH

2017-11-02

Automating Security Testing with the OWTF

CodeMash  Sandusky, OH

2018-01-11

Implementing an Effective Vulnerability Management Program

Central Ohio ISSA Meeting  Columbus, OH

2018-01-17

Automating Security Testing with the OWTF

Central Ohio OWASP Meeting  Columbus, OH

2018-01-25

Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)

Ohio Information Security Conference  Dayton, OH

2018-02-07

Automating Security Testing with the OWTF

BSides Columbus  Columbus, OH

2018-03-02

Open Source Intelligence (OSINT) Gathering Workshop

InfoSec World  Orlando, FL

2018-03-17

Developing a Cybersecurity Strategy

2018 Risk & Cybersecurity Summit  Toledo, OH

2018-03-21

Simplifying Cybersecurity

FFIEC Supervisory Updates and Emerging Issues for Large, Complex Financial Institutions  Arlington, VA

2018-04-04

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Columbus, OH

2018-04-26

Hacking Identity: A Pentester's Guide to IAM

Converge  Detroit, MI

2018-05-11

Hacking Identity: A Pentester's Guide to IAM

BSides Cincinnati  Cincinnati, OH

2018-05-12

Automating Security Testing with the OWTF

Central Ohio InfoSec Summit  Columbus, OH

2018-05-15

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Lyndhurst, OH

2018-05-24

Hacking Identity: A Pentester's Guide to IAM

Central Ohio ISSA  Columbus, OH

2018-06-20

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Cincinnati, OH

2018-06-21

Hacking Identity: A Pentester's Guide to IAM

BSides Cleveland  Cleveland, OH

2018-06-23

Hacking Identity: A Pentester's Guide to IAM

Ohio Information Security Forum (OISF) Anniversary Conference  Dayton, OH

2018-07-14

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Southfield, MI

2018-07-26

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Beavercreek, OH

2018-08-30

Hacking Identity: A Pen Tester's Guide to IAM

InfoSec Nashville  Nashville, TN

2018-09-07

Hacking Identity: A Pen Tester's Guide to IAM

Pittsburgh ISSA Chapter Meeting  Pittsburgh, PA

2018-09-11

Hacking Identity: A Pen Tester's Guide to IAM

NeoISSA Chapter Meeting  Brecksville, OH

2018-09-13

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Columbus, OH

2018-09-26

A Common Sense Approach to Information Security

Northwest Arkansas ISACA/IIA Training Symposium  Bentonville, AR

2018-09-27

A Tour Behind the Dark Curtain: Your Identity in the Dark Web

Ohio State University Cybersecurity Day  Columbus, OH

2018-10-02

Hacking Identity: A Pen Tester's Guide to IAM

INTERFACE-Alabama  Birmingham, AL

2018-10-04

Hacking Identity: A Pen Tester's Guide to IAM

Three Rivers Information Security Symposium  Monroeville, PA

2018-10-19

Simplifying Cybersecurity

FFIEC Supervisory Updates and Emerging Issues for Large, Complex Financial Institutions  Arlington, VA

2018-10-24

Hacking Identity: A Pen Tester's Guide to IAM

Information Security Summit  Cleveland, OH

2018-10-26

Hacking Identity: How Attackers Really Operate

Midwest Healthcare and Public Health Summit  Hebron, KY

2018-11-05

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Birmingham, MI

2018-11-08

Zen and the Art of Cybersecurity

Data Connectors  Nashville, TN

2018-11-15

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Toledo, OH

2018-12-14

Simplifying Cybersecurity

North Carolina Office of the Commissioner of Banks - Professional Development Seminar  Raleight, NC

2019-01-11

The Path to IAM Maturity

Data Connectors  Columbus, Ohio

2019-01-17

Hacking Identity: A Pentester's Guide to IAM

Kentuckiana ISACA  Louisville, KY

2019-01-18

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Columbus, Ohio

2019-01-24

Hacking Identity: A Pentester's Guide to IAM

Data Connectors  Indianapolis, IN

2019-02-14

What I Wish I Knew Then: Distilling Decades of InfoSec Experience

Central Ohio ISSA  Columbus, OH

2019-02-20

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Lyndhurst, OH

2019-02-21

The Path to IAM Maturity

BSides Columbus  Columbus, OH

2019-03-01

The Path to IAM Maturity

Ohio Information Security Conference  Dayton, OH

2019-03-13

The Path to IAM Maturity

Northwest Ohio ISSA Meeting  Toledo, OH

2019-03-20

Securing Mobile Devices and Mobile Applications

Infosec World  Orlando, FL

2019-03-31

If You Train Them...

The Ohio State University - Guest Lecturer  Columbus, Oh

2019-04-02

The Path to IAM Maturity

HIMSS – Kentucky Bluegrass Chapter  Florence, IN

2019-04-04

The Path to IAM Maturity

Northern Ohio InfoSec Awareness Day  Wadsworth, OH

2019-04-10

What I Wish I Knew Then: Distilling Decades of InfoSec Experience

Central Ohio InfoSec Summit  Columbus, OH

2019-05-23

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Columbus, OH

2019-07-18

Application Security: Vetting the Security of Web and Mobile apps

IT Audit & Controls Conference  Arlington, VA

2019-07-19

Simplifying Cybersrecurity

Emerging Issues Forum for Bank Directors  Raleigh, NC

2019-08-16

Simplifying Cybersecurity

NCUA Credit Examiner Conference  Charlotte, NC

2019-08-28

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Columbus, OH

2019-08-29

Building Your IAM Program

Detroit Area IAM User Group  Plymouth, MI

2019-09-10

Building Your IAM Program

Indianapolis IAM User Group  Indianapolis, IN

2019-09-12

Building Your IAM Program

Northwest Ohio Cyber & Risk Summit  Toledo, OH

2019-09-25

An Introduction to Penetration Testing

OSU CyberSecurity Club Meeting  Columbus, OH

2019-10-01

Building Your IAM Program

Three Rivers Information Security Symposium  Monroeville, PA

2019-10-11

OSINT Gathering Essential Training (Workshop)

Information Security Summit  Cleveland, OH

2019-10-21

We Are What’s in Our Pockets: Taking Command of Your Digital Life

OSU Cybersecurity Day  Columbus, OH

2019-10-28

Current Events in Privacy and Security (roundtable moderator)

Cybersecurity Leadership Forum  Cleveland, OH

2019-11-01

Building Your IAM Program

Louisville Metro InfoSec Conference  Louisville, KY

2019-11-18

Building Your IAM Program

CiNPA Security Meeting  Cincinnati, OH

2019-11-21

Hacking Identity: A Pentester's Guide to IAM

BSides Dayton  Dayton, OH

2019-11-23

Simplifying Cybersecurity Workshop

Central Ohio ISACA 2019 DEcember CPE Bonanza  Columbus, Ohio

2019-12-02

Sample Talks (1)

Information Security Management 101: The Fundamentals

Information security professionals interact with every facet of the business, and the information security manager is expected to demonstrate the proverbial “mile wide, inch deep” understanding of all things security-related. We can do more with less by implementing and maintaining an ISO-based information security program. This presentation will give you the tools and knowledge you need to be successful in any organization.

Style

Availability

  • Keynote
  • Panelist
  • Workshop Leader

Fees

0 to 5000 *Will consider certain engagements for no fee

Courses (5)

Security Testing Essential Training

To provide your organization with confidence, you need to perform testing to prove it's secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to have an understanding of the many different types of security testing and know when and how to implement them. This course provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Instructor Jerod Brennen also helps you analyze test results and draft a report of your findings. Plus, see popular testing frameworks tools in action, include Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.

view more

Online Application Security Testing

Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on online testing, using security scanning, penetration testing, and vulnerability testing to validate code and uncover vulnerabilities. He explains the difference between positive and negative, manual and automated, and production and non-production testing, so you can choose the right kind for your workflow. The hands-on sections—with demos of popular tools such as Fiddler, Burp Suite, and OWASP OWTF—prepare you to apply the lessons in the real world.

view more

Offline Application Security Testing

Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections—with demos of popular tools such as Codacy and SonarQube—prepare you to apply the lessons in the real world.

view more

Performing OSINT Gathering on Corporate Targets

Open Source Intelligence (OSINT) gathering is a critical component of penetration testing. This course will teach you how to gather various forms of corporate OSINT, including physical, logical, org chart, electronic, infrastructure, and financial.

view more

Performing OSINT Gathering on Employee Targets

Open Source Intelligence (OSINT) gathering applies to not only companies but to employees as well. This course will teach you how to gather various forms of employee OSINT, including historical, social, mobile, and physical information.

view more

Articles (2)

The Curse of the Information Security Professional Medium

Jerod Brennen

2018-04-04

Insights into some of challenges we face as information security professionals.

view more

It’s time for a common sense security framework Help Net Security

Jerod Brennen

2017-06-05

An introduction to the Common Sense Security Framework (CSSF)

view more