Senior Incident Response Consultant
Ashley has almost a decade of experience in the IT and DFIR fields. Prior to becoming a threat hunter, Ashley worked as a systems administrator where she oversaw security control implementations and enterprise vulnerability management programs.
She spent the past several years working in a Security Operations Center, focusing on Incident Response, threat hunting, malware analysis, and digital investigations.
She began her career as a member of the U.S. Air Force, and a majority of her experience is with the DoD.
Education & Certifications
BS – Cybersecurity and Information Assurance
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Forensic Analyst (GCFA)
GIAC Reverse Engineering Malware (GREM)
Certified Information Systems Security Professional (CISSP)
Passion for Security
Since a young age, Ashley has loved solving puzzles and figuring out how and why things work (or don’t work). While overwhelming at times, the ever-changing nature of the Information Security field is what continues to intrigue and engage her. For Ashley, there’s nothing more satisfying than being faced with a complex problem and spending hours (or days) taking a deep dive into a new issue to figure out the root cause and solution.
Recent Blog Posts
On March 29, 2022, a security researcher with the handle p1n93r disclosed a Spring Framework remote code execution (RCE) vulnerability, which was archived by vx-underground. This vulnerability, known as Spring4Shell, affects applications that use JDK v9 or above that run Apache Tomcat as the Servlet Container in a WAR package and use dependencies of the...
TrustedSec’s Incident Response Team sent urgent communications to all IR retainer clients after the discovery of the compromise of Okta. Below are the recommendations provided with additional updates after reviewing more information on 03/23/2022. On March 22, 2022, the threat group LAPSUS$ announced a successful compromise of Okta, a heavily used identity and access management...
Every day, new challenges, attacks, and vulnerabilities are publicized. Just as attackers and the threat landscape are constantly changing, adapting, and evolving, so too must the Blue Teams and defenders who protect organizations against these threats. While the old adage may have been that attacks are rare and unlikely to happen, a new mentality of...
Recorded on Tuesday, March 15th, 2022 at 1pm Eastern On February 27, 2022, a cache of chat logs from the notorious ransomware group Conti was anonymously leaked to the public. The leak revealed previously unpublished information about the group’s internal...
Threat Hunting is the process of proactively searching an organization’s network for malicious activity that evades existing security monitoring, detection, and alerting. If done properly, Threat Hunting can be one of the most effective ways to identify evidence of malicious...