Welcome! This page started as an extension of my Twitter profile. I found it very frustrating that you couldn’t put much in the field associated with your Twitter account. As with most things that start small, this page continues to evolve as my interests and experiences in information security have grown over the years. Now a little about me… At this point I have almost two decades of experience, undergraduate and graduate engineering degrees, and a really well known security certification. Despite my formal engineering training, I have always been more of a CS person at heart going back to my VIC-20, Commodore 64, and high school computer club days. After doing the IT grind for five years, I discovered my love of infosec and have been pursuing this career ever since. Currently, I spend my days doing cybersecurity paperwork drills in building multi-billion dollar government systems. At night I run this small infosec website and try to get some hands-on skillz.
Also welcome to NovaInfosec.com if this is your first time here. The goal of this site is to centralize security news, events, and resources for infosec professionals in Northern Virginia (NoVA) and beyond. There are a lot of excellent general security sites, but we wanted to create a space where professionals in our geographical area could share information and meet face-to-face periodically. Here you’ll find industry and local news, local infosec conference and meetup events, security blogs/podcasts, training, and networking resources as well as career advice.
I generally tweet and blog about stuff that I think infosec professionals would be interested in. Some of the areas I cover include industry and general security news, various conferences and meetups that take place, and other interesting infosec resources. You may also find me posting about some of my other security interests, including security tools, education and training, career progression, application security, and helping lay people be secure in their daily Internet wanderings.
I’ll have other stuff to add here with time, ideas, suggestions, and requests. What would you like to see on a page like this? What questions do you have? Thanks for reading.
See below for some more stuff I’ve done through the years.
- BSidesCharm, April 11 – 12, 2015, in Baltimore, MD, “Project KidHack – Teaching Kids (and even some adults) Security through Gaming” (slides)
- BSidesOrlando, April 11 – 12, 2015 in Orlando, FL, “Project KidHack – Teaching the Next Next Generation Security through Gaming” (slides)
- HackMiami, May 15 – 17, 2015 in Miami, FL, “Malware Analysis – N00b to Ninja in 60 Minutes” (slides)
- SourceBoston, May 25 – 26, 2015 in Boston, MA, “Defending the Enterprise with Evernote” (slides)
- TakeDownCon Capital Area, Jun 1 – 2, 2015 in Washington, DC, “Creating REAL Threat Intelligence…with Evernote” (slides)
- (ISC)2 World Congress, September 29 – October 2, 2014 in Atlanta, GA, “Malware Analysis 101 – N00b to Ninja in 60 Minutes”
- BSidesLV, August 5 – 6, 2014 in Las Vegas, NV, ” Malware Analysis 101 – N00b to Ninja in 60 Minutes” (slides)
- NolaCon, June 20 – 22, 2014 in New Orleans, LA, “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (no slides posted)
- BSidesCT, June 14, 2014 in Hamden, CT, “Think Different – A Jobsonian Look at Information Security” (no slides posted)
- BSidesPGH, June 6, 2014 in Pittsburgh, PA, “Think Different – A Jobsonian Look at Information Security” (no slides posted)
- Notacon, April 10 – 13, 2014 in Cleveland, OH, “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (slides)
- Cactuscon, April 4, 2014 in Chandler, AZ; “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (slides)
- Shmoocon Epilogue, January 20, 2014 in Reston, VA; “Project KidHack” (no slides posted)
- BSidesDC, October 19, 2013 in Washington, DC; “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (abstract/slides)
- BSidesLV, July 31, 2013 in Las Vegas, NV; “EC2 or Bust – How to Build Your Pwn Pen Testing Lab in Amazon EC2” (abstract/slides)
- TakeDownCon, June 3, 2013 in St. Louis, MO; “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (abstract/slides)
- AIDE, April 19, 2013 in Huntington, WV; “Malware Analysis 101 – N00b to Ninja in 60 Minutes” (abstract/slides)
- Shmoocon Epilogue, February 18, 2013 in Reston, VA; “Malware Analysis in 3 Steps” (slides not posted)
- BSidesDE, November 10, 2012 in New Castle, DE; “PHP Website Security, Attack Analysis, & Mitigations – Crowdsourcing PHP Security” (slides not posted)
- BSidesDE, November 9, 2012 in New Castle, DE; “Disruptive Security Chaos… for Good” (slides not posted)
- PumpCon, October 20, 2012 in Philidelphia, PA; “Disruptive Security Chaos… for Good” (slides not posted)
- DerbyCon, September 30, 2012 in Louisville, KY; “PHP Website Security, Attack Analysis, & Mitigations” (slides not posted)
- AppSecDC 2012, “Using PHPIDS to Understand Attacks Trends” (abstract/slides)
- AppSecDC 2012, “The ‘Easy’ Button for Your Web Application Security Career” (abstract/slides/career exploit kit)
- RVASec 2012, “PHP Website Security, Attack Analysis, & Mitigations” (abstract/slides)
- RSCon, “How to Win Followers & Influence Friends” (abstract/slides)
Media/Appearances (e.g., quotes, podcasts, …)
- “I spent the week with over 20,000 hackers in Las Vegas — here’s what I saw” by Darien Acosta on TechInsider.io (8/13/2015)
- “Games that teach you how to hack” by Patrick Howell O’Neill (@HowellONeill) on DailyDot.com (4/16/2015)
- “The privacy implications of Facebook Graph Search” by Mirko Zorz on Help Net Security