Adam Compton

1514 Ridgeview Drive

Clinton, TN 37716

p: 865 686 6827

e: adam_compton@rapid7.com

SUMMARY

Diversely skilled Information Systems Security Professional with well over a decade of progressive experience in network design, systems administration, infrastructure design, risk assessment, vulnerability assessment, penetration testing, and host/network security.

Specialties

  • System, network, and application vulnerability discovery and penetration testing.
  • Programming/Scripting: C, C++, C#, Java, Bash, Perl, PHP, Python

EXPERIENCE

Senior Security Consultant, Rapid7

Knoxville, TN — 08/2015 - Present

  • Conducts a variety of penetration tests for high-end commercial clients.
  • Prepares and delivers quality reports that comprehensively and clearly explain risk, demonstrate findings, and offer tactical and strategic recommendations to clients.
  • Delivers debriefing presentations to key stakeholders.
  • Developed scripts in Python, BAsh/SH, and Perl to automate routine tasks.
  • Researches the latest exploit methodologies and transfer knowledge to other team members.
  • Delivers course content to technical personnel.

Senior Penetration Tester, Mantech International Corporation (Formerly: Knowledge Consulting Group)

Knoxville, TN — 02/2014 - 08/2015

  • Conducts a variety of penetration tests for high-end commercial clients.
  • Prepares and delivers quality reports that comprehensively and clearly explain risk, demonstrate findings, and offer tactical and strategic recommendations to clients.
  • Delivers debriefing presentations to key stakeholders.
  • Developed scripts in Python and Perl to automate routine tasks.
  • Researches the latest exploit methodologies and transfer knowledge to other team members.
  • Delivers course content to technical personnel.

Co-Founder, Seeds of Epiphany

Knoxville, TN — 2012 - Present

  • Design and develop various web applications, desktop applications, scripts, and programming libraries that hopefully improve the day-to-day lives of security professionals.

Senior Research Engineer, Tenable Network Security

Knoxville, TN/Columbia, MD — 09/2012 - 02/2014

  • As a member of the Research Department, help to keep track of all new publicized vulnerabilities and then develop "plugins" for the Nessus vulnerability scanner. This often involves being able to accurately test for the vulnerability by analyzing vendor-supplied security patches, manually configuring vulnerable targets in a virtual environment, analyzing the system or application to reliably understand the impact of the vulnerability then developing a method to test for the vulnerability remotely.

Senior Security Analyst, Sword & Shield Enterprise Security, Inc.

Knoxville, TN — 05/2006 - 09/2012

  • Active in professional and technical security services for commercial and government clientele.  Maintained expertise in state-of-the-art security technologies and skills. Experienced in working all aspects of the system security life cycle from planning and design to implementation and testing.
  • Performed security consulting and support for security technologies including firewalls, VPNs, intrusion detection/prevention systems, anti-virus systems, authentication systems and security architectures.
  • Performed network vulnerability assessments penetration testing utilizing a combination of commercial, open source, and custom software packages.
  • Experienced with many types of testing tools including ISS Internet Scanner, AppDetective, WebInspect, Nessus, nmap, MetaSploit Framework, and customized exploits.

Global Network Security Vulnerability Analyst, National Security Agency

Ft. Meade, MD — 05/1996 - 05/2006

2000-2006 Global Network Security Vulnerability Analyst with the Systems and Network Attack Center’s (SNAC) Operational Network Evaluations office

  • Perform security testing and analysis on US Government operational networks from both internal and external threat perspectives.
  • Research vulnerabilities focusing on UNIX products and other applications used on DoD systems.
  • Issue reports detailing the processes and results of the security analysis and advising the customer on strategies for mitigating vulnerabilities.
  • Educate both internal and external customers concerning network security issues.
  • Additional responsibilities as the Security Tools and Exploit Team Lead included:
  • Searching Internet for new attacks and/or different implementations of older attacks and gather all relevant information on attacks/tools.
  • Determine if the attack/tool does what it is supposed to do and  if there are any unforeseen side effects of the attack/tool.
  • Bundling all information (documents, source code, and binaries) in a presentable package.

 

1998 — College Cooperative Student (Intern), Software Support,

Defense Special Missile and Aerospace Center

Software Support for the Defense Special Missile and Aerospace Center 24-Hour Watch Center (DEFSMAC)

  • Developed and modified several Java, Perl, and C/C++ programs that aided the Watch Center in their daily activities.

1997 — College Cooperative Student (Intern), Software Support,

Forward Deployed Solutions

  • Migrated a large near-real time database application from a Unix based environment to a Windows NT based solution.  The application had to maintain a minimal throughput as well as work seamlessly with all other currently deployed applications.

1997 — College Cooperative Student (Intern), Software Support,

Computer/Network Damage Detection and Response

 Technology Evaluator and System Programmer for the Computer/Network Damage Detection and Response office

  • Performed extensive research and testing of new and old techniques freely available on the Internet.
  • Performed analysis of freely available tools and helped develop new techniques.

1996 — College Cooperative Student (Intern), Software Support,

Global Signals Technology and Combat Support

  • Installed a Linux based LAN for development of new software projects.
  • Performed code review and implemented code corrections and cleanup on mid-scale in-house developed database application.

PRESENTING / SPEAKING

  • Many presentations for the local Knoxville Defcon group (2013-2015)
  • BSidesLV (2015) "Phishing: Going From Recon to Credentials"
  • https://www.youtube.com/watch?v=TtgJ3DaMtAo
  • BlackHat Tool Arsenal (2015) "SpeedPhishing Framework (SPF)"
  • Defcon Demo Lab (2015) "SpeedPhishing Framework (SPF)"
  • Defcon Social Engineering Village (2015) "Phishing: Going From Recon to Creds With the SpeedPhishing Framework"
  • BSidesKnox (2015) "Phishing: Going From Recon to Credentials"
  • https://www.youtube.com/watch?v=85QQwOduH6A
  • BSidesNash (2014) "Learn From Your Mistakes"
  • https://www.youtube.com/watch?v=UTh_n62jsIY
  • BSidesAtl (2012) "Professional Pen Testing and Learning From Your Mistakes"
  • DerbyCon (2012) "Professional Pen Testing and Learning From Your Mistakes"
  • UPCOMMING
  • DerbyCon (2015) "Phishing: Going From Recon to Credentials"

EDUCATION

  • BS in Computer Science and Mathematics, University of Kentucky, 1999
  • All course work towards Masters Degree (missing Thesis) in Computer/Network Security, University of California at Davis, 2001
  • Various National Cryptographic School Courses related to System/Network security and Auditing.

REFERENCES

Available upon request.