Dave Kennedy

Founder, Senior Principal Security Consultant

Experience

Prior to starting TrustedSec, David was the Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company, with locations in over 80 countries. He developed a global security program that tackled all aspects of information security and risk management. Kennedy started his professional career as a member of the United States Marine Corps (USMC), and was deployed to Iraq twice for intelligence related missions.

Education & Certifications

QSA, CISSP, OSCP, OSCE, GSEC, MCSE, ISO 27001

Professional Affiliations

David started TrustedSec and Binary Defense Systems (BDS) with the vision in working with companies for information security.  TrustedSec provides information security consulting services for organizations all around the world. BDS is a global Managed Security Service Provider (MSSP) and software security company which detects attackers in the early stages and prevents large-scale attacks. Prior to TrustedSec and BDS, David was a Chief Security Officer (CSO) for Diebold Incorporated, a Fortune 1000 company located in over 80 countries with over 20,000 employees. David developed a global security program that tackled all aspects of information security. David is considered a forward thinker in the security field and has presented at several hundred conferences worldwide. David has had the privilege to speak and keynote at some of the nations largest conferences. This includes keynoting Microsoft’s Bluehat, DEF CON, Blackhat, DerbyCon, Grace Hopper, and a number of widely popular conferences. David has had numerous guest appearances on Fox News, CNN, CNBC, MSNBC, Huffington Post, Bloomberg, BBC, The Katie Show, and other high-profile media outlets. In addition, his tools have been featured on a number of TV shows including the History Channel, Mr. Robot, and movies. David has assisted in some of the content for the widely popular Mr. Robot TV show, and advises on other news organizations and TV shows. David is the founder of DerbyCon, a large-scale information security conference. David has testified in front of Congress on multiple occasions on the threats we face in security and in the government space. David also co-authored Metasploit: The Penetration Testers Guide book, which was number one on Amazon in security for over a year. David was also one of the founding members of the “Penetration Testing Execution Standard (PTES)“. PTES is the industry leading standard and guidelines around how penetration tests should be performed and methodologies which is also now adopted by the Payment Card Industry (PCI) Data Security Standard (DSS) Guidelines for Penetration Testing. David is the creator of several widely popular open-source tools including “The Social-Engineer Toolkit” (SET), PenTesters Framework (PTF), Artillery, and Fast-Track. David has also released security advisories including zero-days and focuses on security research. David has over 15 years of security experience, with over 10 specifically in security consulting and services. Prior to the private sector, David worked in the United States Marines (USMC) for cyber warfare and forensics analysis activities for the intelligence community including two tours to Iraq. David is also a former board of director for the ISC2 organization which is one of the largest security collectives which offers certifications such as the CISSP.

Industry Contributions

Co-Author of Metasploit: The Penetration Tester’s Guide Co-Creator of the Penetration Testing Execution Standard (PTES) Creator of the Social Engineer Toolkit (SET) Creator of the PenTesters Framework (PTF) Creator of the Magic Unicorn Exploitation Framework Creator of Artillery Creator of Fast-Track

Passion for Security

David Kennedy’s passion for the information security industry is the reason TrustedSec was born. He wanted to build an organization that helps others in a profound way, serving as technical security experts and advisors to companies of all sizes and industries.

Recent Blog Posts

A Message of Support: Coalfire Consultants Charged

If you haven’t been following recent news, two Coalfire employees, Gary DeMercurio and Justin Wynn, were performing a Physical Penetration Test against a Judicial Branch Building, the Dallas County Courthouse in the state of Iowa. The two employees were engaged by the Iowa State Judicial Branch to conduct the Physical Penetration Test, which is an...
Read
weaponization code graphic

Weaponizing .SettingContent-ms Extensions for Code Execution

Matt Nelson (@engima0x3) from SpecterOps recently released a blog post on leveraging a newly discovered filetype extension with the possibility of command execution. This was a fantastic blog, and as attackers, we typically try to find multiple ways to execute code from different delivery systems. This blog is leveraging the awesome research from Matt and...
Read
TrustedSec Blogs + Articles logo

Magic Unicorn v3.0 Released

TrustedSec is proud to announce the release of Magic Unicorn v3. This release incorporates one of the largest additions to Unicorn in three years. This version adds several enhancements including support for Cobalt Strike beacon into the PowerShell evasion framework built into Unicorn. In addition, Unicorn now supports your own shellcode to be inserted into...
Read
View all posts from Dave

Recent Webinars

The Evolution of Pen Testing

Recorded June 20th, 2018 AT 1:00 PM EST Real-world attacks don’t always align with previous pen testing techniques – Tools have caught up! The most challenging aspect of security today is understanding the real-world effectiveness of your existing security controls.  With the latest...
View all webinars from Dave
Dave Kennedy

Want to work with Dave Kennedy or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us