Practice Lead, Incident Response
Tyler has over 20 years of real-world experience in incident handling, malware analysis, computer forensics, and information security for multiple organizations. He has spoken and taught at a number of security conferences about topics ranging from incident response to penetration testing techniques.
Education & Certifications
BS Computer Science, University of Akron, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Forensic Examiner (GCFE)
MASTIFF Static Analysis Framework
Passion for Security
Tyler’s passion for incident response stems from his love of solving puzzles. He uses this ambition to get to the bottom of issues at hand; whether it’s forensic analysis of a disk, reverse engineering or malware, or the latest CTF contest, Tyler is driven to uncover every detail.
Recent Blog Posts
Over the last several months, I’ve noticed something when discussing Incident Response (IR) with clients. There is often confusion between the expectation and reality concerning the end results of an IR investigation. My goal here is to clarify and set those expectations, and to show how Threat Hunting factors in. When TrustedSec gets called to...
The Citrix NetScaler remote code execution vulnerability (CVE-2019-19781) has been a pretty popular topic over the last few weeks. Once public exploits of the vulnerability started to appear in the wild, TrustedSec deployed a Citrix NetScaler honeypot. We did not have to wait long for the attacks to begin. Less than 24 hours after deployment,...
With the recent Citrix ADC (NetScaler) CVE-2019-19781 Remote Code Execution vulnerability, the TrustedSec Incident Response team has been working closely with our offensive and research teams as they created a working exploit. This has allowed us to create a list of locations and indicators to search for on potentially compromised Citrix ADC hosts. Based on...
This webinar was recorded on January 22, 2020 No one likes surprises, especially of the security kind. We’d all like to know what the future holds. A lot of research organizations are putting out predictions for security that are all...
Recorded March 27, 2019 at 1 P.M. EST Practice? We’re talking about practice?! Cyber attacks are an organizational concern. In order to build an effective security program, it’s impossible to rely on “best practice” policies without testing and vetting them...