Media
Publications:
Photos:
Videos:
Audio/Podcasts:
Biography
By day, I'm a strategic advisor, virtual CISO, public speaker, & storyteller.
By night, I'm a husband, father, writer, filmmaker, martial artist, musician, and gamer. I've earned every gray hair in my beard, having spent my career serving as a cybersecurity leader in public utilities, retail, higher education, consulting, and technology.
I love to share what I've learned over the years every chance I get: at local and regional professional meetings, at larger conferences, and online via blogs and podcasts. I've published multiple online information security courses with Pluralsight and LinkedIn Learning, and I teach courses in person, both domestically and internationally.
I bring a unique combination of perspective and experience to the table when helping organizations improve their cybersecurity programs, and I'd love to help you make those same improvements, focusing on the business value of an effective, efficient, forward-thinking cybersecurity program.
At the end of the day, I just want to help folks get one step closer to doing what they want to do securely.
Industry Expertise (3)
Security
Computer/Network Security
Information Technology and Services
Areas of Expertise (4)
Cyber Security
Information Security
Identity and Access Management
Web Application Security
Education (2)
Franklin University: Post-Secondary Study, Computer Science
Capital University: Bachelor of Music, Music Education
Affiliations (2)
- ISSA
- (ISC)2
Links (7)
Languages (1)
- English
Media Appearances (3)
Experts give advice on how to prevent baby monitor hacking
10TV tv
2019-07-15
Interviewed regarding security advice for consumer-based technology
What it takes to be a security architect
CSO Online online
2019-06-10
While the path to security architect varies, anyone considering the role should have a passion for IT infrastructure and protecting data.
A Practical Approach to OSINT Gathering
PenTest Magazine print
2019-09-01
Social engineering is (and will continue to be) an excellent technique to use during your pentests. If social engineering attacks are in-scope, then knowing the names and titles of your targets will help you craft more effective phishing campaigns. If social engineering isn’t in-scope, you can still use this OSINT to collect valid email addresses (for login usernames), to build out possible password lists, and to answer secret questions in password management portals.
Event Appearances (205)
Enterprise Log Management
Central Ohio InfoSec Forum Columbus, OH
2006-05-17
Sustainable PCI Compliance
Central Ohio InfoSec Summit Columbus, OH
2008-05-13
How to Pwn the Data Center
Ohio Information Security Conference Dayton, OH
2009-03-12
The Impact of PCI 2.0
Ohio Information Security Conference Dayton, OH
2011-02-09
Security Outlook: The Next Five Years
Technology First Landscape Dayton, OH
2011-05-11
Yes You Can: Securing the Mobile Enterprise
Central Ohio InfoSec Summit Columbus, OH
2011-05-12
How to Securely Deploy and Manage Mobile Devices
Central Ohio ISACA Meeting Columbus, OH
2011-05-19
How to Securely Deploy and Manage Mobile Devices
Mountaineer ISSA Meeting Morgantown, WV
2011-07-12
Application Security 101: Back to the Basics
BrightTalk online
2011-08-23
DDoS Attack Preparation and Mitigation
Ohio Information Security Forum Dayton, OH
2011-09-08
How to Securely Deploy and Manage Mobile Devices
(ISC)2 Security Congress Orlando, FL
2011-09-19
How to Securely Deploy and Manage Mobile Devices
Mobile & Smart Device Security Conference Atlanta, GA
2011-10-04
Identity and Access Management 101
Central Ohio ISSA Meeting Columbus, OH
2011-10-19
How to Securely Deploy and Manage Mobile Devices
BrightTalk online
2011-10-27
How to Securely Deploy and Manage Mobile Devices
MDECA Meeting Dayton, OH
2011-10-27
Application Security 101: Back to the Basics
Central Ohio ISACA Meeting Columbus, OH
2011-11-10
The Impact of PCI 2.0
BrightTalk online
2011-12-01
Bridging the Social Media Implementation / Audit Gap
Pittsburgh ISACA Meeting Pittsburgh, PA
2011-12-05
Everything You Need to Know About PCI
CASE V Regional Conference Chicago, IL
2011-12-11
Managing Mobile Risks
BrightTalk online
2012-02-28
Identity and Access Management 101
Greater Cincinnati ISSA Meeting Cincinnati, OH
2012-03-21
Mobile Device Security Workshop (full day)
InfoSec World Security Conference Orlando, FL
2012-04-01
Security Architecture
Central Ohio ISSA, CISSP Preparation Class Columbus, OH
2012-05-01
Mobile Security Panel Discussion
Central Ohio ISACA Meeting Columbus, OH
2012-05-10
Information Security Management 101: The Fundamentals
Central Ohio InfoSec Summit Columbus, OH
2012-05-18
Mobile Threats
The Ohio State University Security Working Group Meeting Columbus, OH
2012-05-21
Defending Mobile Applications
Central Ohio OWASP Meeting Columbus, OH
2012-06-14
Consumerization Panel
TechTomorrow Columbus, OH
2012-09-26
DDoS Attack Preparation and Mitigation
GrrCON Grand Rapids, MI
2012-09-28
Defending Mobile Applications
M3 Conference Columbus, OH
2012-10-26
Mobile Device Security Workshop (full day)
Mobile & Smart Device Security Conference Scottsdale, AZ
2012-10-29
Conducting a Risk Assessment for Mobile Devices
Mobile & Smart Device Security Conference Scottsdale, AZ
2012-10-30
Information Security Management 101: The Fundamentals
Central Indiana ISSA Meeting Indianapolis, IN
2013-01-12
Information Security Management 101: The Fundamentals
Greater Cincinnati ISSA Meeting Cincinnati, OH
2013-02-20
Information Security Management 101: The Fundamentals
Ohio Information Security Conference Dayton, OH
2013-03-13
Information Security Management 101: The Fundamentals
Ohio Information Security Forum Dayton, OH
2013-03-14
Information Security Management 101: The Fundamentals
Northeast Ohio ISSA Meeting Garfield Heights, OH
2013-04-11
Security Project Management Workshop (full day)
InfoSec World Security Conference Orlando, FL
2013-04-06
Mobile Device Security Workshop (full day)
InfoSec World Security Conference Orlando, FL
2013-04-07
Information Security Management 101: The Fundamentals
InfoSec World Security Conference Orlando, FL
2013-04-08
Attacking (and Defending) Mobile Devices
Central Ohio ISSA Meeting Columbus, OH
2013-04-17
Mitigating the Risks of BYOD
Central Ohio InfoSec Summit Columbus, OH
2013-05-02
Information Security Management 101: The Fundamentals
Central Ohio ISACA Meeting Columbus, OH
2013-05-09
Information Security Management 101: The Fundamentals
Secure360 Conference Saint Paul, MN
2013-05-15
Auditing Mobile Devices
InSPN Meeting Indianapolis, IN
2013-08-08
Information Security Management 101: The Fundamentals
Hacker Hotshots online
2013-08-20
Attacking and Defending Mobile Applications
M3 Conference Columbus, OH
2013-10-25
Common Sense Security Framework
BSides Columbus Columbus, OH
2015-01-19
Running Your Apps Through the Gauntlt
Columbus OWASP Columbus, OH
2016-01-28
What You Need to Know About OSINT
Central Ohio InfoSec Summit Columbus, OH
2016-03-30
Implementing an Effective Third Party Risk Management Program (Workshop)
Cloud Security World Boston, MA
2016-06-16
Implementing an Effective Third Party Risk Management Program
Central Ohio InfoSec Summit Columbus, OH
2017-04-21
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Central Ohio ISSA Columbus, OH
2017-05-17
A Common Sense Approach to Information Security
Cybersecurity Leadership Forum Columbus, OH
2017-09-28
Cyber Security: Assuring Resilience in a World of Cyber Crime
11th Annual Nonprofit Perspectives Columbus, OH
2017-10-25
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
GrrCON Grand Rapids, MI
2017-10-26
Managing the Risk of Smart Technologies
16th Annual Information Assurance Forum Findlay, OH
2017-11-01
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Information Security Summit Independence, OH
2017-11-02
Automating Security Testing with the OWTF
CodeMash Sandusky, OH
2018-01-11
Implementing an Effective Vulnerability Management Program
Central Ohio ISSA Meeting Columbus, OH
2018-01-17
Automating Security Testing with the OWTF
Central Ohio OWASP Meeting Columbus, OH
2018-01-25
Stealing Domain Admin (or How I Learned to Stop Worrying and Love the CSSF)
Ohio Information Security Conference Dayton, OH
2018-02-07
Automating Security Testing with the OWTF
BSides Columbus Columbus, OH
2018-03-02
Open Source Intelligence (OSINT) Gathering Workshop
InfoSec World Orlando, FL
2018-03-17
Developing a Cybersecurity Strategy
2018 Risk & Cybersecurity Summit Toledo, OH
2018-03-21
Simplifying Cybersecurity
FFIEC Supervisory Updates and Emerging Issues for Large, Complex Financial Institutions Arlington, VA
2018-04-04
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Columbus, OH
2018-04-26
Hacking Identity: A Pentester's Guide to IAM
Converge Detroit, MI
2018-05-11
Hacking Identity: A Pentester's Guide to IAM
BSides Cincinnati Cincinnati, OH
2018-05-12
Automating Security Testing with the OWTF
Central Ohio InfoSec Summit Columbus, OH
2018-05-15
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Lyndhurst, OH
2018-05-24
Hacking Identity: A Pentester's Guide to IAM
Central Ohio ISSA Columbus, OH
2018-06-20
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Cincinnati, OH
2018-06-21
Hacking Identity: A Pentester's Guide to IAM
BSides Cleveland Cleveland, OH
2018-06-23
Hacking Identity: A Pentester's Guide to IAM
Ohio Information Security Forum (OISF) Anniversary Conference Dayton, OH
2018-07-14
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Southfield, MI
2018-07-26
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Beavercreek, OH
2018-08-30
Hacking Identity: A Pen Tester's Guide to IAM
InfoSec Nashville Nashville, TN
2018-09-07
Hacking Identity: A Pen Tester's Guide to IAM
Pittsburgh ISSA Chapter Meeting Pittsburgh, PA
2018-09-11
Hacking Identity: A Pen Tester's Guide to IAM
NeoISSA Chapter Meeting Brecksville, OH
2018-09-13
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Columbus, OH
2018-09-26
A Common Sense Approach to Information Security
Northwest Arkansas ISACA/IIA Training Symposium Bentonville, AR
2018-09-27
A Tour Behind the Dark Curtain: Your Identity in the Dark Web
Ohio State University Cybersecurity Day Columbus, OH
2018-10-02
Hacking Identity: A Pen Tester's Guide to IAM
INTERFACE-Alabama Birmingham, AL
2018-10-04
Hacking Identity: A Pen Tester's Guide to IAM
Three Rivers Information Security Symposium Monroeville, PA
2018-10-19
Simplifying Cybersecurity
FFIEC Supervisory Updates and Emerging Issues for Large, Complex Financial Institutions Arlington, VA
2018-10-24
Hacking Identity: A Pen Tester's Guide to IAM
Information Security Summit Cleveland, OH
2018-10-26
Hacking Identity: How Attackers Really Operate
Midwest Healthcare and Public Health Summit Hebron, KY
2018-11-05
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Birmingham, MI
2018-11-08
Zen and the Art of Cybersecurity
Data Connectors Nashville, TN
2018-11-15
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Toledo, OH
2018-12-14
Simplifying Cybersecurity
North Carolina Office of the Commissioner of Banks - Professional Development Seminar Raleight, NC
2019-01-11
The Path to IAM Maturity
Data Connectors Columbus, Ohio
2019-01-17
Hacking Identity: A Pentester's Guide to IAM
Kentuckiana ISACA Louisville, KY
2019-01-18
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Columbus, Ohio
2019-01-24
Hacking Identity: A Pentester's Guide to IAM
Data Connectors Indianapolis, IN
2019-02-14
What I Wish I Knew Then: Distilling Decades of InfoSec Experience
Central Ohio ISSA Columbus, OH
2019-02-20
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Lyndhurst, OH
2019-02-21
The Path to IAM Maturity
BSides Columbus Columbus, OH
2019-03-01
The Path to IAM Maturity
Ohio Information Security Conference Dayton, OH
2019-03-13
The Path to IAM Maturity
Northwest Ohio ISSA Meeting Toledo, OH
2019-03-20
Securing Mobile Devices and Mobile Applications
Infosec World Orlando, FL
2019-03-31
If You Train Them...
The Ohio State University - Guest Lecturer Columbus, Oh
2019-04-02
The Path to IAM Maturity
HIMSS – Kentucky Bluegrass Chapter Florence, IN
2019-04-04
The Path to IAM Maturity
Northern Ohio InfoSec Awareness Day Wadsworth, OH
2019-04-10
What I Wish I Knew Then: Distilling Decades of InfoSec Experience
Central Ohio InfoSec Summit Columbus, OH
2019-05-23
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Columbus, OH
2019-07-18
Application Security: Vetting the Security of Web and Mobile apps
IT Audit & Controls Conference Arlington, VA
2019-07-19
Simplifying Cybersrecurity
Emerging Issues Forum for Bank Directors Raleigh, NC
2019-08-16
Simplifying Cybersecurity
NCUA Credit Examiner Conference Charlotte, NC
2019-08-28
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Columbus, OH
2019-08-29
Building Your IAM Program
Detroit Area IAM User Group Plymouth, MI
2019-09-10
Building Your IAM Program
Indianapolis IAM User Group Indianapolis, IN
2019-09-12
Building Your IAM Program
Northwest Ohio Cyber & Risk Summit Toledo, OH
2019-09-25
An Introduction to Penetration Testing
OSU CyberSecurity Club Meeting Columbus, OH
2019-10-01
Building Your IAM Program
Three Rivers Information Security Symposium Monroeville, PA
2019-10-11
OSINT Gathering Essential Training (Workshop)
Information Security Summit Cleveland, OH
2019-10-21
We Are What’s in Our Pockets: Taking Command of Your Digital Life
OSU Cybersecurity Day Columbus, OH
2019-10-28
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Cleveland, OH
2019-11-01
Building Your IAM Program
Louisville Metro InfoSec Conference Louisville, KY
2019-11-18
Building Your IAM Program
CiNPA Security Meeting Cincinnati, OH
2019-11-21
Hacking Identity: A Pentester's Guide to IAM
BSides Dayton Dayton, OH
2019-11-23
Simplifying Cybersecurity Workshop
Central Ohio ISACA 2019 December CPE Bonanza Columbus, Ohio
2019-12-02
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Cincinnati, OH
2020-01-13
Identity Governance Workshop
Cincinnati Identity Governance Workshop Cincinnati, OH
2020-02-18
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Louisville, KY
2020-02-19
Privacy Please
Privacy Please Podcast Podcast
2020-02-22
Current Events in Privacy and Security (roundtable moderator)
Keeping Your IAM Program Afloat Columbus, OH
2020-03-04
Building a Career in InfoSec
Dark Rhino Security Twitch Stream https://www.twitch.tv/darkrhinosecurity/
2020-03-13
If You Train Them...
The Ohio State University - Guest Lecturer Columbus, OH
2020-04-09
Developing Your Identity Strategy
Data Connectors Detroit, MI
2020-04-14
Developing Your Identity Strategy
Central Ohio ISSA Columbus, OH
2020-04-15
Building Your Identity Program
FutureCon Online
2020-04-21
Developing Your Identity Strategy
Data Connectors Chicago, IL
2020-04-30
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Online
2020-04-30
Remote Workforce: Securing the Next Normal
ISMG Executive Roundtable Online
2020-05-13
Automating Your Identity Management Activities
Mid-Ohio HDI Chapter Meeting Online
2020-05-15
Developing Your Identity Strategy
Data Connectors (Tampa) Online
2020-05-19
Hacking Identity: A Pentester's Guide to IAM
SailPoint/Optiv Identity Governance Webinar Online
2020-05-20
Hacking Identity: A Pentester's Guide to IAM
Online Nashville IAM Meetup
2020-05-21
The Path to Identity Maturity
SailPoint/Optiv Identity Governance Webinar Online
2020-05-27
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum Online
2020-06-02
Building Your Identity Program
SailPoint/Optiv Identity Governance Webinar Online
2020-06-03
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - IN/KY Online
2020-06-09
Developing Your Identity Strategy
SailPoint/Optiv Identity Governance Webinar Online
2020-06-10
CIO Roundtable Moderator
Indianapolis Digital Roundtables Online
2020-06-16
The Path to Identity Maturity
(ISC)2 Greater Detroit Online
2020-06-23
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - MI Online
2020-06-25
Identity with Jerod Brennen
CSA West Michigan Podcast Online
2020-06-26
Developing Your Identity Strategy
Carolinas Virtual Cybersecurity Summit (Data Connectors) Online
2020-07-09
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - IN/KY Online
2020-07-14
Understanding Identity
New Cyber Frontier Podcast
2020-07-22
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - TN Online
2020-07-23
Virtual CISO/CIO Roundtable Discussion
CxO InSyte Online
2020-07-15
Identity Threat Modeling
Indentiverse Online
2020-07-28
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2020-07-30
The Path to Identity Maturity
CloudCon Online
2020-08-19
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - IN/KY Online
2020-08-18
Identity Threat Modeling
BSides Columbus Online
2020-08-21
Building Your Identity Program
SailPoint Navigate Online
2020-08-27
Virtual CISO/CIO Roundtable Discussion
CxO InSyte Online
2020-08-26
Hacking Identity
IDSA BrightTALK Online
2020-09-03
Identity-Centric Security
Identity at the Center Podcast
2020-09-07
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - MI Online
2020-09-17
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2020-09-24
Building Your Identity Program
Central Ohio InfoSec Summit Online
2020-09-30
Developing Your Identity Strategy
Central Ohio InfoSec Summit Online
2020-09-30
Taking Ownership of Your Digital Identity
OSU Cybersecurity Days 2020 Online
2020-10-14
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum (TN) Online
2020-10-15
Using OSINT to Combat Human Trafficking
Northern Ohio Infragard Online
2020-10-16
Roundtable moderator
The A to Z's of IGA Online
2020-10-21
Cyber Insurance and Risk (roundtable moderator)
Cybersecurity Leadership Forum Online
2020-10-22
Developing Your Identity Strategy
Information Security Summit Online
2020-10-29
Using OSINT to Combat Human Trafficking
Northwest Ohio ISSA Online
2020-10-29
Developing Your Identity Strategy
Data Connectors (St. Louis / Oklahoma) Online
2020-10-29
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2020-11-18
Roundtable moderator
Holiday Virtual Roundtable Online
2020-12-02
Building Your Identity Program
4th Annual Identity Governance Forum Online
2020-12-08
Achieving Cloud Governance
Nashville ISSA Online
2020-12-11
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2020-12-15
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - TN Online
2021-01-27
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - IN/KY Online
2021-02-03
Achieving Cloud Governance
Detroit Cloud Security Alliance Online
2021-02-02
Guest Lecturer
The Ohio State University - Info Sec Mgmt (28243) Columbus, OH
2021-02-04
Identity Security: When Two Worlds Collide
Wine Down Wednesday Online
2021-04-28
The Path to Identity Program Maturity
Optiv & SailPoint Identity Management Series Online
2021-05-19
Achieving Cloud Governance
Central Ohio InfoSec Summit Online
2021-05-24
OSINT Panel Discussion
Central Ohio InfoSec Summit Online
2021-05-25
Building Your Identity Program
Optiv & SailPoint Identity Management Series Online
2021-05-26
Developing Your Identity Strategy
Optiv & SailPoint Identity Management Series Online
2021-06-02
Achieving Cloud Governance
Optiv & SailPoint Identity Management Series Online
2021-06-09
A Practical Approach for Achieving Cloud Governance
CIO's Future of Cloud and Digital Infrastructure Summit Online
2021-06-16
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2021-07-29
A Practical Approach for Achieving Cloud Governance
SailPoint Navigate Online
2021-08-17
A Hacker’s View of Your Identity Program
SailPoint Navigate Online
2021-08-18
Current Events in Privacy and Security (roundtable moderator)
Cybersecurity Leadership Forum - OH Online
2021-08-27
Successful Organizations Lean Into Our Remote Future
OSU Cybersecurity Days 2021 Online
2021-10-06
You Don't Need to Lie to Your Auditors
Information Security Summit Cleveland, OH
2021-10-27
You Are a Target: The Mindset of a Modern Cybercriminal
OSU Cybersecurity Days 2021 Online
2021-10-13
There's Gold in Them There Hacks
Hackers Teaching Hackers Columbus, OH
2021-11-05
Embracing Online Collaboration Tools While Reducing Risk
RTM Higher Ed Congress San Antonio, TX
2021-11-09
You Don't Need to Lie to Your Auditors
Northwest Ohio ISACA and IIA Cybersecurity and Risk Management Summit Online
2021-11-16
A Practical Guide to IAM
Central Ohio ISACA Chapter Training Online
2021-12-06
There's Gold in Them There Hacks
Central Ohio ISSA Chapter Meeting Online
2021-11-17
Securing Your Organization by Protecting the Human
CISO Chicago Summit Chicago, IL
2021-12-09
Sample Talks (1)
Information Security Management 101: The Fundamentals
Information security professionals interact with every facet of the business, and the information security manager is expected to demonstrate the proverbial “mile wide, inch deep” understanding of all things security-related. We can do more with less by implementing and maintaining an ISO-based information security program. This presentation will give you the tools and knowledge you need to be successful in any organization.
Style
Availability
- Keynote
- Panelist
- Workshop Leader
Fees
Courses (5)
Security Testing Essential Training
To provide your organization with confidence, you need to perform testing to prove it's secure. However, not all security testing is the same. A risk assessment is not a vulnerability assessment; a penetration test won't measure compliance. For a successful career, a security analyst needs to have an understanding of the many different types of security testing and know when and how to implement them. This course provides the resources you need to set up a testing environment, plan assessments, identify targets, and begin executing security tests. Instructor Jerod Brennen also helps you analyze test results and draft a report of your findings. Plus, see popular testing frameworks tools in action, include Nmap, Nessus, Wireshark, Lynis, OWASP ZAP, Aircrack-ng, and hashcat, as run on a Kali Linux virtual machine.
Online Application Security Testing
Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on online testing, using security scanning, penetration testing, and vulnerability testing to validate code and uncover vulnerabilities. He explains the difference between positive and negative, manual and automated, and production and non-production testing, so you can choose the right kind for your workflow. The hands-on sections—with demos of popular tools such as Fiddler, Burp Suite, and OWASP OWTF—prepare you to apply the lessons in the real world.
Offline Application Security Testing
Building security testing into the software development life cycle is the best way to protect your app and your end users. This course identifies tools and techniques that developers can use to minimize the cost and impact of security testing—while maximizing its impact and effectiveness. In this course, instructor Jerod Brennen focuses on offline testing activities: preparing test plans, policies, and other documentation and conducting offline source code reviews. He also explains how to conduct offline testing for the OWASP Top Ten vulnerabilities. Along the way, you can become familiar with best practices around security in the SDLC. The hands-on sections—with demos of popular tools such as Codacy and SonarQube—prepare you to apply the lessons in the real world.
Performing OSINT Gathering on Corporate Targets
Open Source Intelligence (OSINT) gathering is a critical component of penetration testing. This course will teach you how to gather various forms of corporate OSINT, including physical, logical, org chart, electronic, infrastructure, and financial.
Performing OSINT Gathering on Employee Targets
Open Source Intelligence (OSINT) gathering applies to not only companies but to employees as well. This course will teach you how to gather various forms of employee OSINT, including historical, social, mobile, and physical information.
Articles (2)
The Curse of the Information Security Professional
MediumJerod Brennen
2018-04-04
Insights into some of challenges we face as information security professionals.
It’s time for a common sense security framework
Help Net SecurityJerod Brennen
2017-06-05
An introduction to the Common Sense Security Framework (CSSF)
Social