Adam Compton

3245 Goshen Road

Stanford KY 40484

p: 865 686 6827

e: adam.compton@gmail.com

t: @tatanus

SUMMARY

Diversely skilled Information Systems Security Professional with close to two decades of progressive experience in network design, systems administration, infrastructure design, risk assessment, vulnerability assessment, penetration testing, and host/network security.

Specialties

  • System, network, and application vulnerability discovery and penetration testing.
  • Programming/Scripting: C, C++, C#, Java, Bash, Perl, PHP, Python

EXPERIENCE

Senior Security Consultant, TrustedSec

Stanford, KY — 07/2018 - Present

  • Conduct variety of penetration tests for clients: Network Penetration, Web Application, Wireless, Social Engineering, Physical, Red Team, …
  • Prepare and deliver high quality deliverables and presentations.

Senior Security Consultant, Rapid7

Stanford, KY — 08/2015 - 07/2018

  • Conduct variety of penetration tests for clients across the globe.
  • Prepare and deliver high quality deliverables and presentations to key stakeholders ranging from security analysts to the C-suite.
  • Network Penetration Testing
  • Web Application Penetration Testing
  • Wireless Penetration Testing
  • Social Engineering Assessments
  • Developed curriculum and labs for a Network and Application Penetration Testing Course covering everything from initial reconnaissance to Post Exploitation and Reporting.

Senior Penetration Tester, Mantech International Corporation (Formerly: Knowledge Consulting Group)

Knoxville, TN — 02/2014 - 08/2015

  • Conducted a wide variety of penetration tests, including social engineering, network, mobile, and wireless.
  • Prepared and delivered quality reports that comprehensively and clearly explain risk, demonstrate findings, and offer tactical and strategic recommendations to clients
  • Delivered debriefing presentations to key stakeholders
  • Researched the latest exploit methodologies and transfer knowledge to other team-members

Co-Founder, Seeds of Epiphany

Knoxville, TN — 2012 - Present

  • Designed and developed various web applications, desktop applications, scripts, and programming libraries that improve the day-to-day lives of security professionals.

Senior Research Engineer, Tenable Network Security

Knoxville, TN/Columbia, MD — 09/2012 - 02/2014

  • Helped to keep track of all new publicized vulnerabilities and then develop "plugins" for the Nessus vulnerability scanner
  • Accurately tested for the vulnerability by analyzing vendor-supplied security patches, manually configured vulnerable targets in a virtual environment, analyzed the system or application to reliably understand the impact of the vulnerability then developed a method to test for the vulnerability remotely.

Senior Security Analyst, Sword & Shield Enterprise Security, Inc.

Knoxville, TN — 05/2006 - 09/2012

  • Maintained expertise in state-of-the-art security technologies and skills
  • Performed security consulting and support for security technologies including firewalls, VPNs, intrusion detection/prevention systems, anti-virus systems, authentication systems and security architectures.
  • Performed network vulnerability assessments penetration testing utilizing a combination of commercial, open source, and custom software packages.

Global Network Security Vulnerability Analyst, National Security Agency

Ft. Meade, MD — 05/1996 - 05/2006

Global Network Security Vulnerability Analyst with the Systems and Network Attack Center’s (SNAC) Operational Network Evaluations office

  • Performed security testing and analysis on US Government operational networks from both internal and external threat perspectives.
  • Researched vulnerabilities focusing on UNIX products and other applications used on DoD systems.

PRESENTING / SPEAKING

OPENSOURCE DEVELOPMENT

  • SPF – Speed Phishing Framework
  • https://github.com/tatanus/SPF
  • APT2 – Automated Penetration Testing Toolkit
  • https://github.com/MooseDojo/apt2
  • Legion – Distributed computing environment that can be used for both academic and pen testing purposes.
  • https://github.com/MooseDojo/legion
  • FullAutoOSINT - Automated OSINT Toolkit
  • Metasploit Modules:
  • auxiliary/scanner/jenkins/jenkins_udp_broadcast_enum

EDUCATION

  • BS in Computer Science and Mathematics, University of Kentucky, 1999
  • All course work towards Masters Degree (missing Thesis) in Computer/Network Security, University of California at Davis, 2001
  • Various National Cryptographic School Courses related to System/Network security and Auditing.

REFERENCES

Available upon request.