Edwin David is a Security Consultant with TrustedSec’s Cloud Force team. He has over 20 years experience in Information Technology. Prior to joining TrustedSec, Edwin worked in the financial services sector as a System Administrator. He enjoys working on complex problems, and his specializations are Active Directory, Group Policy, and Azure/M365 security.
Education & Certifications
- BS – Management Information Systems – Indiana State University
- Microsoft Certified IT Professional (MCITP) Enterprise Administrator
- Azure Fundamentals
- M365 Security Administrator
- Azure Security Engineer Associate
Indiana Infragard Member
Passion for Security
Edwin’s passion for security developed while working in his previous role at a financial institution. His main focus was on Active Directory design/security engineering and OS Client/Server system hardening. In 2015, his focus shifted towards cloud security. As companies started developing plans for hybrid cloud adoption, he saw an immediate and fundamental need to understand secure cloud adoption methodologies. Edwin also enjoys working with offensive security toolsets to understand the full attack cycle on weaknesses and misconfigurations in different systems.
Recent Blog Posts
1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold...
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any...
Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses....
Cloud Testing is Now Crucial It’s abundantly clear that penetration testing is critical to validating the safeguards in a well-functioning security program. While cloud computing has been around for over 12 years, testing the client’s (i.e., your) security areas of...