Edwin David

Security Consultant

Experience

Edwin David is a Security Consultant with TrustedSec’s Cloud Force team. He has over 20 years experience in Information Technology. Prior to joining TrustedSec, Edwin worked in the financial services sector as a System Administrator. He enjoys working on complex problems, and his specializations are Active Directory, Group Policy, and Azure/M365 security.

Education & Certifications

  • BS – Management Information Systems – Indiana State University
  • Microsoft Certified IT Professional (MCITP) Enterprise Administrator
  • Azure Fundamentals
  • M365 Security Administrator
  • Azure Security Engineer Associate

Professional Affiliations

Indiana Infragard Member

Passion for Security

Edwin’s passion for security developed while working in his previous role at a financial institution. His main focus was on Active Directory design/security engineering and OS Client/Server system hardening. In 2015, his focus shifted towards cloud security. As companies started developing plans for hybrid cloud adoption, he saw an immediate and fundamental need to understand secure cloud adoption methodologies. Edwin also enjoys working with offensive security toolsets to understand the full attack cycle on weaknesses and misconfigurations in different systems.

Recent Blog Posts

Top 5 things that will land an attacker in Azure Cloud - TrustedSec Blog

Top 5 Things That Will Land an Attacker in the Azure Cloud

By Edwin David
In Application Security Assessment, Cloud Assessment, Cloud Penetration Testing, Office 365 Security Assessment, Password Audits
1. Misconfigured Cloud Infrastructure What type of misconfigurations can exist in a cloud infrastructure? Vulnerable front-facing webservers, unpatched appliances, and storage accounts allowing anonymous public access are just a few examples of common infrastructure misconfigurations in cloud environments. How can these services translate into an attacker gaining access to my cloud? Storage accounts can hold...
Read
Azure AD Kerberos on the TrustedSec Security Blog

Azure AD Kerberos Tickets: Pivoting to the Cloud

By Edwin David
In Active Directory Security Review, Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
If you’ve ever been doing an Internal Penetration test where you’ve reached Domain Admin status and you have a cloud presence, your entire Azure cloud can still be compromised. In this blog, I’ll take you through this scenario and show you the dangers of machine account SSO compromise. We will do so without extracting any...
Read

Common Conditional Access Misconfigurations and Bypasses in Azure

By Edwin David
In Cloud Assessment, Cloud Baseline Configuration Review, Cloud Penetration Testing, Penetration Testing, Security Testing & Analysis
Conditional Access is widely used in Azure to prevent unauthorized access. When it works, it can shut down attacks, even if the user’s password is known. However, it doesn’t always work as intended. For this blog post I wanted to provide an in-depth look at common Conditional Access configurations in Azure, along with potential bypasses....
Read
View all posts from Edwin

Recent Webinars

Penetration Testing Your Cloud Environment

Cloud Testing is Now Crucial It’s abundantly clear that penetration testing is critical to validating the safeguards in a well-functioning security program. While cloud computing has been around for over 12 years, testing the client’s (i.e., your) security areas of...
Watch
View all webinars from Edwin

Recent Podcasts

TrustedSec Security Podcasts

5.20 - Chatting with Code in the Cloud

March 28, 2023

5.19 - The Coffeemaker Needs a VLAN

March 28, 2023

Privacy Screen

March 28, 2023

Want to work with Edwin David or someone like him?

The TrustedSec team is comprised of experienced and qualified security professionals. Contact us to learn more about our services, our team, and how we can help you.
Contact Us