Offensive security, team leadership, tool development, and AI-assisted pentesting.
I've been in the offensive security space for over 12 years. Started hands-on at FIS and Dell SecureWorks, moved into leading an internal Offensive Security team at Wells Fargo where I built enterprise security applications and taught internal teams cloud hacking techniques, and now provide mentorship as well as penetration testing consulting work at Black Hills Information Security.
More recently I've been working with AI in offensive security: building custom skills, writing programs, and orchestrating testing processes with AI assistance. I'm also building an open source attack surface management platform and speaking at conferences about practical AI use in pentesting. I was also honored to be nominated for SC Magazine's Women in Security award in 2018 by a former manager.
External, internal, cloud, web app, wireless, and physical assessments. Hundreds of engagements across Fortune 500 companies in multiple verticals.
Custom C2 and social engineering payload development. Purple team assessments tying offensive findings to defensive detection. Automated purple team cloud infrastructure.
Building custom AI skills for offensive workflows. Orchestrating pentesting processes with AI. Writing programs that use AI for recon, analysis, and reporting.
Managed teams of 7+ testers. Performance reviews, improvement plans, mentoring, onboarding. Project oversight from scoping through delivery with technical reviews of deliverables.
Built an Elastic/Kibana platform for automated misconfiguration discovery. Developed an ML-powered credential hunting tool. Currently building an open source ASM platform.
Built social engineering methodologies from scratch. Designed and maintained phishing infrastructure. OSINT gathering and spearphishing at scale.
Python, Go, Bash, Rust.
Cobalt Strike, Brute Ratel, Metasploit, Burp Suite, Bloodhound, Impacket, Responder/MITM6, NetExec, Nmap, Masscan, Nuclei, Hashcat, Aircrack-ng, Kismet.
Pacu, Prowler, ScoutSuite. Terraform, Ansible, Docker, Kubernetes. AWS, Azure, GCP.
Nessus, Tenable Security Center, Qualys. Wireshark. Elastic and Kibana.
Black Hills Information Security
Managed testing methodologies, tester enablement, and provide mentoring to the BHIS community and internal testing team. Perform external, internal, cloud, web app, SE, and wireless assessments. Stood up a new Adversarial Emulation offering for SOC clients. Technical QA on all client deliverables. Handled onboarding, mentoring, and internal documentation.
Wells Fargo
Lead a team of 5 FTEs and 7 contractors running threat assessments, red team ops, and purple team engagements. Built two enterprise-wide security applications: an Elastic/Kibana platform for automated misconfiguration discovery and a Python-based ML tool that finds credentials in open file shares. Developed custom C2 and SE payloads. Designed and taught classes on cloud hacking, purple team automation, and container security.
Nuix
Full lifecycle pentesting: scoping, execution, deliverables. Built methodology for physical, SE, and wireless assessments. Found strategic weaknesses and prior compromises in Fortune 500 environments that previous vendors missed. SME for the sales team, connecting offensive techniques with forensics, IR, and RE work. Maintained custom payloads for AV/EDR bypass.
Dell SecureWorks
Built and ran the social engineering methodology for the pentesting practice. External, internal, app, wireless, and physical assessments across Fortune 500 companies. Designated SE mentor for the team. Built and maintained phishing infrastructure. Wrote automated recon and discovery scripts. Managed the offensive lab environment.
DePaul University, 2021-2022
University of Wisconsin - Milwaukee, 2013
Enterprise Penetration Testing
AWS / Azure / GCP Cloud Red Team
Cloud Security: AWS Edition, Python for Pentesters, WiFi Security and Pentesting
Talks on practical AI use in penetration testing.
Contributor to BHIS blog posts, Zine magazine, Backdoors & Breaches card deck, Survival Guide, and PurpleCloud tooling.
Cybersecurity awareness and education work with local schools and community.
Nominated for SC Magazine's Women in Security award, 2018.