Skip to Main Content

Drew Kirkpatrick

Senior Security Consultant

Drew Kirkpatrick has 25 years of experience designing and building complex systems, including application security, network policy management, machine learning, and transit and aerospace systems. These days, he works to improve Information Security by applying penetration testing and computer science to assess the security posture of TrustedSec clients. Before joining TrustedSec, he was a security researcher at NopSec and Secure Decisions as well as a senior computer scientist for the U.S. Navy.


  • Bachelor of Arts, Psychology/Economics, St. Mary’s College of Maryland
  • Master of Science, Computer Science, Florida Institute of Technology
  • Master of Science, Computer Information Systems, Florida Institute of Technology
  • Offensive Security Certified Professional (OSCP)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Mobile Device Security Analyst (GMOB)



Drew has developed and contributed to several open source projects, including OWASP Attack Surface Detector, JS-Tap, and various machine learning and penetration testing tool projects.

Drew’s love for building complex systems led to the discovery that he found tremendous joy in breaking complex systems—in a good way.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog February 08 2024

Content Security Policy: Mitigating Web Vulnerabilities by Controlling the Rules of the Game

Defining a Content Security Policy (CSP) for your web application can help harden the application against many common attacks. Mitigating XSS attacks is a…

Read about this article
Blog January 23 2024

ProxyHelper2: The Sequel

TL;DR VersionHak5 Pineapples changed their module system in Mark VII's, breaking module compatibility.ProxyHelper2 is a reimplementation of TrustedSec's…

Read about this article
Blog November 16 2023

Clickjacking: Not Just for the Clicks

tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: GitHub Repo:…

Read about this article
Blog November 02 2023

JS-Tap: Weaponizing JavaScript for Red Teams

How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…

Read about this article
Webinars November 01 2023

JS-Tap: Weaponizing JavaScript for Red Teamers

During this webinar, Senior Security Consultant, Drew Kirkpatrick will introduce a new open source tool, JS-Tap, that is designed to allow Red Teamers to…

Read about this article
Webinars December 18 2019

Popping Shells Instead of Alert Boxes: Weaponizing XSS for Fun and Profit

In this webinar, we will walk through the development of XSS payloads against a WordPress administrator and test that payload against a live WordPress server.

Read about this article
Webinars September 14 2022

Understanding What Burp Suite Brings to Your Application Assessment

Join Senior Security Consultant Drew Kirkpatrick as he demonstrates the core functionality of Burp Suite and learn how to get the most out of your engagements…

Read about this article
Training Resources May 02 2024

Actionable Purple Team Simulation Online Training (May 2-3)

Learn how to create specific detections to identify early Indicators of Compromise (IOCs) in our online course. Designed for those looking to improve their…

Read about this article
Events Kennedy Space Center, Florida | April 10 2024

Hack Space Con 2024

Founder and CEO David Kennedy is the keynote speaker at this year's Hack Space Con! We are also proud to sponsor this event.

Read about this article
Webinars March 06 2024

Ask Me Anything: Securing Defense Contracts Through CMMC Compliance

Join Chris Camejo, Practice Lead, Advisory's Compliance Services, and Rick Yocum, Managing Director of Advisory Services, for an ‘Ask Me Anything’ discussion…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.