EXPERIENCE
Drew Kirkpatrick has 25 years of experience designing and building complex systems, including application security, network policy management, machine learning, and transit and aerospace systems. These days, he works to improve Information Security by applying penetration testing and computer science to assess the security posture of TrustedSec clients. Before joining TrustedSec, he was a security researcher at NopSec and Secure Decisions as well as a senior computer scientist for the U.S. Navy.
EDUCATION & CERTIFICATIONS
- Bachelor of Arts, Psychology/Economics, St. Mary’s College of Maryland
- Master of Science, Computer Science, Florida Institute of Technology
- Master of Science, Computer Information Systems, Florida Institute of Technology
- Offensive Security Certified Professional (OSCP)
- GIAC Web Application Penetration Tester (GWAPT)
- GIAC Mobile Device Security Analyst (GMOB)
PROFESSIONAL AFFILIATIONS
- OWASP
- TOOOL
INDUSTRY CONTRIBUTIONS
Drew has developed and contributed to several open source projects, including OWASP Attack Surface Detector, JS-Tap, and various machine learning and penetration testing tool projects.
PASSION FOR SECURITY
Drew’s love for building complex systems led to the discovery that he found tremendous joy in breaking complex systems—in a good way.
Featured Blogs And Resources
Discover the blogs, analysis, webinars, and podcasts by this team member.
Content Security Policy: Mitigating Web Vulnerabilities by Controlling the Rules of the Game
Defining a Content Security Policy (CSP) for your web application can significantly harden it against XSS attacks, packet sniffing, and clickjacking, while…
ProxyHelper2: The Sequel
ProxyHelper2 for Mark VII Pineapples allows device traffic to be forcibly routed into Burp Suite Proxy, intercepting traffic for Android applications.
Clickjacking: Not Just for the Clicks
Learn how to exploit drag-input clickjacking vulnerabilities in web applications to perform malicious actions, and see a proof-of-concept demonstration of this…
JS-Tap: Weaponizing JavaScript for Red Teams
Red teamers can use JS-Tap to collect user inputs, screenshots, and network data from web applications without prior knowledge, simplifying red teaming and…
JS-Tap: Weaponizing JavaScript for Red Teamers
Learn how JS-Tap, a new open-source tool, enables Red Teams to attack applications using generic JavaScript beyond XSS vulnerabilities, with expert Drew…
Popping Shells Instead of Alert Boxes: Weaponizing XSS for Fun and Profit
Discover how to exploit Cross-Site Scripting (XSS) vulnerabilities to gain system access, learn to weaponize payloads, and master debugging techniques with…
Understanding What Burp Suite Brings to Your Application Assessment
Join Senior Security Consultant Drew Kirkpatrick as he demonstrates the core functionality of Burp Suite and learn how to get the most out of your engagements…
Central Ohio ISSA InfoSec Summit 2025
Customize your Linux system with our expert guides and resources, ensuring maximum security and performance, backed by our team of experienced professionals.
ISC2 Cleveland Chapter Member Meeting - April 2025
ISC2 Cleveland Chapter April MeetupCome join us for our meetup! The ISC2 Cleveland Chapter is hosting an exciting in-person event for all cybersecurity…
ILTA EVOLVE 2025
Customize your Linux system with TrustedSec's advanced features and discover how our secret can help you optimize performance and security.
Empower your business through better security design.
Talk directly with our experienced advisory consultants to learn how we can help.
