Skip to Main Content

Geoff Walton

EXPERIENCE

Geoff Walton is the Practice Lead for Application Security at TrustedSec. Geoff’s expertise in penetration testing, network security, and software analysis comes from over 20 years' experience in a variety of IT roles including software development, network operations, InfoSec-specific functions, and consulting; Geoff brings a broad vision to assessments and penetration test engagements. Geoff has been part of diverse IT teams at organizations both large and small and has experience across retail, professional services, and manufacturing industries. Professionally, Geoff has had an active role in developing InfoSec practices and has been responsible for network operations and security architecture throughout his career.

EDUCATION & CERTIFICATIONS

  • Bachelor of Science, Information Science, minor Computer Science, Baldwin Wallace University
  • Certified Information Systems Security Professional (CISSP)

INDUSTRY CONTRIBUTIONS

Developer, DerbyCon CTF Administrator, DerbyCon CTF

PASSION FOR SECURITY

Geoff's professional accomplishments include having sole assessment responsibility for environments such as financial institutions, Internet companies, and universities. His assessment experience includes clients in multiple lines of business ranging from healthcare, finance, insurance, education, and software development.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog November 28 2023

What is Hackvertor (and why should I care)?

1.1      What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot…

Read about this article
Blog November 16 2023

Clickjacking: Not Just for the Clicks

tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…

Read about this article
Blog November 14 2023

Book Review - The Definitive Guide to PCI DSS Version 4

As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…

Read about this article
Blog November 07 2023

The Triforce of Initial Access

LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…

Read about this article
Blog November 02 2023

JS-Tap: Weaponizing JavaScript for Red Teams

How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…

Read about this article
Blog October 17 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 3)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this third and final…

Read about this article
Blog October 12 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 2)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionThis is a continuation of A…

Read about this article
Blog October 11 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this continuation to our first…

Read about this article
Blog October 10 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIf you were to collectively ask any…

Read about this article
Blog September 21 2023

Basic Authentication Versus CSRF

I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.