Skip to Main Content

David Kennedy

“Security expert, keynote speaker, avid gamer, and the go-to for protecting companies from threats.”

David is a subject matter expert in cybersecurity with over 19 years of experience, whose career has ranged from a Chief Security Officer (CSO) for a Fortune 1000 company, to testifying in front of Congress, and guest appearances on hundreds of national news and syndicated TV shows. With a mission of continuing to drive the cybersecurity industry forward and to make the world a better place, David has started several large-scale and successful cybersecurity businesses with employees all over the world.

TrustedSec and Binary Defense, David's 2 cybersecurity firms, work on a global scale to protect companies, people, and the world from hackers. TrustedSec provides InfoSec consulting services for organizations of all sizes, while Binary Defense is a leader in Managed Security Service Provider (MSSP), Managed Detection and Response (MDR), and software security that detects attackers in the early stages and prevents large-scale invasions.

Prior to creating TrustedSec and Binary Defense, David was a CSO for Diebold Incorporated, a Fortune 1000 company located in more than 80 countries with over 20,000 employees. During his tenure, he developed a global security program that tackled all aspects of InfoSec.

David is considered a forward thinker in the security field and has had the privilege of speaking at some of the nation’s largest conferences, including keynoting Microsoft’s BlueHat, DEF CON, Black Hat, DerbyCon, Grace Hopper, and a number of other widely popular conferences. In 2011, David founded DerbyCon, a large-scale InfoSec conference. David has had numerous guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, and other high-profile media outlets, while advising for other news organizations and TV shows. In addition, his tools have been featured on several TV shows and movies, and he assisted in developing the content for the popular Mr. Robot TV show.

As the security threats faced by the public and the government have grown, David has testified in front of Congress on multiple occasions. In an effort to advance the industry, David co-authored Metasploit: The Penetration Testers Guide, which was number one on Amazon in security for over a year, and co-founded the Penetration Testing Execution Standard (PTES), which is the industry-leading standard and guidelines around how penetration tests should be performed. The methodologies in PTES have been adopted by the Payment Card Industry (PCI) Data Security Standard (DSS) Guidelines for Penetration Testing.

David is the creator of several open-source tools, including The Social-Engineer Toolkit (SET), PenTesters Framework (PTF), Artillery, and Fast-Track. David has also released security advisories, including zero-days, and focuses on security research.

Prior to the private sector, David worked in the United States Marine Corps (USMC) for cyber warfare and forensics analysis activities for the intelligence community, including 2 tours to Iraq. David also served as board of director for the ISC2 organization, which is one of the largest security collectives and offers certifications such as the CISSP.

DK Bio Logos

Featured Blogs And Resources

Discover the blogs, analysis, webinars, and podcasts by this team member.

Blog December 05 2023

The SOCKS We Have at Home

IntroductionWhen performing penetration tests, we sometimes find that the systems or data we are targeting are not directly accessible from the network our…

Read about this article
Blog November 28 2023

What is Hackvertor (and why should I care)?

1.1      What’s Hackvertor and why should I care?Years ago, Gareth Heyes created a Burp Suite (Burp) extension called Hackvertor. It’s an extension with a lot…

Read about this article
Blog November 16 2023

Clickjacking: Not Just for the Clicks

tl;dr versionYou can trick users into "typing" inputs in a clickjacking attack.YouTube demo: https://www.youtube.com/watch?v=VIEZ1aByFvUPoC GitHub Repo:…

Read about this article
Blog November 14 2023

Book Review - The Definitive Guide to PCI DSS Version 4

As a PCI QSA, I have answered numerous questions about the new PC DSS Version 4. With over 500 total controls, and at least 100 of them unique to this version,…

Read about this article
Blog November 07 2023

The Triforce of Initial Access

LootWhile Red Teamers love to discuss and almost poetically describe their C2 feature sets, EDR evasion capabilities, and fast weaponizing of N-day exploits,…

Read about this article
Blog November 02 2023

JS-Tap: Weaponizing JavaScript for Red Teams

How do you use malicious JavaScript to attack an application you know nothing about?Application penetration testers often create custom weaponized JavaScript…

Read about this article
Blog October 17 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 3)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this third and final…

Read about this article
Blog October 12 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 2)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionThis is a continuation of A…

Read about this article
Blog October 11 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1B)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIn this continuation to our first…

Read about this article
Blog October 10 2023

A Hitch-hacker's Guide to DACL-Based Detections (Part 1A)

This blog series was co-authored by Security Consultant Megan Nilsen and TAC Practice Lead Andrew Schwartz.1    IntroductionIf you were to collectively ask any…

Read about this article

Empower your business through better security design.

Talk directly with our experienced advisory consultants to learn how we can help.