You will be seeing a couple of new names on the blog and throughout the site as we have added to our offensive security team.

Daniel Peck is joining us from SecureWorks, a MSSP, where he was a security researcher. He also is one of the two developers of CaffeineMonkey, a tool to detect and analyze malicious JavaScript.

Kevin Lackey comes to us from Idaho National Labs [INL] where he was a Senior Scientist in the control systems security area. He performed assessments and tool development for INL.

Most security professionals focus on defense - - protecting a system from attack and known vulnerabilities by implementing best practices. Our offensive team, or as a friend calls them our ‘vultures’, analyzes source code and binaries for undiscovered vulnerabilities and then develops proof of concept exploits. The offensive team is typically used on application and device assessments for vendors, as opposed to asset owner assessments of deployed control systems.

In addition to application assessments, our offensive team will be generating the attack data for a variety of research projects. For example, in Portaledge we want to be able to detect attacks. The offensive team will be generating the attacks from reconnaissance through exploit, and the defensive team will be looking at what evidence the attacks produced and how this could be used to increase detection and prevention.

We still have some openings for control system security tool developers and other research roles so send in a resume. We are looking for the right mix of IT security expertise, control system security expertise and control system expertise on the team.