EXPERIENCE
Drew Kirkpatrick has 25 years of experience designing and building complex systems, including application security, network policy management, machine learning, and transit and aerospace systems. These days, he works to improve Information Security by applying penetration testing and computer science to assess the security posture of TrustedSec clients. Before joining TrustedSec, he was a security researcher at NopSec and Secure Decisions as well as a senior computer scientist for the U.S. Navy.
EDUCATION & CERTIFICATIONS
- Bachelor of Arts, Psychology/Economics, St. Mary’s College of Maryland
- Master of Science, Computer Science, Florida Institute of Technology
- Master of Science, Computer Information Systems, Florida Institute of Technology
- Offensive Security Certified Professional (OSCP)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Mobile Device Security Analyst (GMOB)
PROFESSIONAL AFFILIATIONS
- OWASP
- TOOOL
INDUSTRY CONTRIBUTIONS
Drew has developed and contributed to several open source projects, including OWASP Attack Surface Detector, JS-Tap, and various machine learning and penetration testing tool projects.
PASSION FOR SECURITY
Drew’s love for building complex systems led to the discovery that he found tremendous joy in breaking complex systems—in a good way.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Content Security Policy: Mitigating Web Vulnerabilities by Controlling the Rules of the Game
Defining a Content Security Policy (CSP) for your web application can help harden the application against many common attacks. Mitigating XSS attacks is a…
ProxyHelper2: The Sequel
TL;DR VersionHak5 Pineapples changed their module system in Mark VII's, breaking module compatibility.ProxyHelper2 is a reimplementation of TrustedSec's…
Clickjacking: Not Just for the Clicks
tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…
JS-Tap: Weaponizing JavaScript for Red Teams
How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…
JS-Tap: Weaponizing JavaScript for Red Teamers
During this webinar, Senior Security Consultant, Drew Kirkpatrick will introduce a new open source tool, JS-Tap, that is designed to allow Red Teamers to…
Popping Shells Instead of Alert Boxes: Weaponizing XSS for Fun and Profit
In this webinar, we will walk through the development of XSS payloads against a WordPress administrator and test that payload against a live WordPress server.
Understanding What Burp Suite Brings to Your Application Assessment
Join Senior Security Consultant Drew Kirkpatrick as he demonstrates the core functionality of Burp Suite and learn how to get the most out of your engagements…
Preparing for NIST CSF 2.0: Practical Tips for Implementation
TrustedSec’s Senior Security Consultant Jared McWherter and Advisory Solutions Director Alex Hamerstone will provide actionable advice for aligning your…
ISC2 Cleveland Chapter Member Meeting April 2024
ISC2 Cleveland Chapter April MeetupCome join us for our April Meetup! Our Cleveland Chapter is hosting an exciting in-person event for all cybersecurity…
ILTA EVOLVE
TrustedSec is proud to sponsor ILTA EVOLVE!
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
