Skip to Main Content

Joe Sullivan

Senior Security Consultant

EXPERIENCE
Joe has over 20 years of experience in Information Security. He has worked in Incident Response, forensics, penetration testing, and security leadership as a CISO for a financial institution.

EDUCATION & CERTIFICATIONS

  • GIAC Penetration Tester (GPEN)
  • GIAC Strategic Planning, Policy, and Leadership (GSTRT)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Security Leadership (GSLC)
  • GIAC Cloud Penetration Tester (GCPN)
  • GIAC Public Cloud Security (GPCS)
  • GIAC Certified Web Application Penetration Tester (GWAPT)
  • Certified Information Systems Security Professional (CISSP)
  • CNSSI 4012 Senior Systems Manager
  • CNSSI 4013 System Administrator in Information Systems Security
  • CNSSI 4014 Information Systems Security Officer
  • NSTISSI 4011 Information Systems Security Professional
  • NSTISSI 4015 Systems Certifier

PROFESSIONAL AFFILIATIONS

  • GIAC Advisory Board, ISC2 

Joe also teaches leadership courses for the SANS Institute.

INDUSTRY CONTRIBUTIONS
Joe has presented at security conferences including Check Point CPX, Information Warfare Summit, and BSides.

PASSION FOR SECURITY
Joe’s passion for security started in Incident Response and forensics in the late ‘90s. Since then, he has developed a passion for offensive security, security leadership, and teaching others.

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog September 21 2023

Basic Authentication Versus CSRF

I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request…

Read about this article
Blog June 27 2023

Introducing CoWitness: Enhancing Web Application Testing With External Service Interaction

As a web application tester, I encounter a recurring challenge in my work: receiving incomplete responses from Burp Collaborator during DNS and HTTP response…

Read about this article
Webinars February 05 2025

2024 Conference Roundup

Join our panelists David Kennedy, Justin Elze, Jason Lang, and Oddvar Moe for their firsthand accounts and perspectives on what people were talking about at…

Read about this article
News January 21 2025

TrustedSec Tech Brief - January 2025

Carlos Perez walks us through several major vulnerabilities and patches from early January 2025, including a critical Fortinet FortiGate zero-day vulnerability.

Read about this article
Podcasts January 17 2025

Security Noise - Episode 7.9

On this episode of the Security Noise Podcast, we discuss user enumeration on Azure and "presence data" in Microsoft Teams with nyxgeek.

Read about this article
Webinars January 15 2025

DOD Contract Compliance: DFARS 7012 and CMMC

Advisory Compliance Practice Lead Chris Camejo will take a deep dive into the Department of Defense requirements for protecting FCI and CUI.

Read about this article
Blog January 14 2025

Command Line Underdog: WMIC in Action

My typical engagements are mostly Red Teams, so I do not often get a chance to play with terminal server application breakouts—but on a recent engagement, I…

Read about this article
Blog January 07 2025

Solving NIST Password Complexities: Guidance From a GRC Perspective

Not another password change! Isn’t one (1) extra-long password enough? As a former Incident Response, Identity and Access Control, and Education and Awareness…

Read about this article
Podcasts December 20 2024

Security Noise - Episode 7.8

Farewell 2024

Read about this article
Blog December 19 2024

Malware Series: Process Injection Mapped Sections

We're back with another post about common malware techniques. This time, we are talking about using shared memory sections to inject and execute code in a…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.