Scott White is a Principal Security Consultant for Cleveland-based TrustedSec. He joined TrustedSec’s founder, David Kennedy, after years of working closely with him in both corporate and consulting atmospheres. Scott’s expertise in pen testing and web application security stems from his years of unique experience ranging from web development, source code analysis, penetration testing, web application security, zero-day research, and exploit development. Scott has experience in performing penetration tests against both IBM z/OS and IBM iSeries with a focus on web applications. Having been the technical editor for several books including the popular “Metasploit: The Penetration Tester’s Guide”, holding degrees in computer science (BS with distinction) and network security (MS Summa cum Laude), he has been called upon not only academically but also professionally by the FBI and Secret Service as a subject matter expert. Scott developed several application security programs for large international companies. As the global application security team lead for a Fortune 1000 company, Scott performed several hundred web application security assessments including static code analysis, dynamic testing (grey box), and penetration testing. Scott was instrumental in developing the entire process from developer education and awareness, secure coding practices, and to final approval reviews for production.
B.S. Computer Science, Ohio Northern University M.S. Network Security, University of Advancing Technology
Technical Editor, “Metasploit: The Penetration Tester’s Guide” Technical Editor, “The Basics of Web Hacking”
Founder/Organizer, DerbyCon CTF Trainer, DerbyCon, OWASP Top 10 and Beyond Course Defcon 16 Panel: Black vs. White: The complete life cycle of a real world breach Numerous presentations to organizations such as OWASP, ISSA, AZSPF, SWSPF, ISACA, FBI’s Infragard, and others
Scott has been responsible for a number of professional accomplishments including having sole assessment responsibility for environments such as a 911 emergency network, casino, ATM kiosk and network, PCI web application for a $20 billion+ top national insurance provider, and a photo kiosk deployed in over 5,000 retail locations as a $40 million project. Scott’s assessment experience includes clients in multiple lines of business ranging from healthcare, finance, retail, manufacturing, energy, insurance, and education to software development and beyond for both public and private sectors in both government and commercial spaces. In his free time, Scott enjoys participating in bug bounty programs and has been paid for his work in several programs including the well-known “Hack the Pentagon” program.