Jeffrey Yates

• Network penetration testing
• Web application penetration testing
• Wireless penetration testing
• Physical penetration testing
• Vulnerability assessments
• Purple team exercises

• Metasploit
• Cobalt Strike
• Burp Suite
• Nessus
• Nexpose
• Nmap
• Kali Linux
• Wireshark
• Tcpdump
• Kismet

• Ruby
• Bash scripting
• Python
• Git
• C++

• Windows (most major versions)
• Linux (RHEL/CentOS, Ubuntu, Debian, Alpine)
• PFsense
• ESXi
• Proxmox
• Docker
• LXD/LXC

• Practical Network Penetration Tester (PNPT)
• Security+
• Certified Ethical Hacker (CEH)
• Red Hat Certified Technician (RHCT)

I lead the penetration testing team at Aerstone where I am responsible for managing the team, coordinating assessments, and performing engagements. Aerstone supports a variety of commercial and government clients with various cybersecurity assessment services including penetration testing, security control assessments, vulnerability analysis, and code review. I am responsible for coordinating and leading assessments and mentoring junior team members.

I worked at OBXtek as a penetration tester on an Internal Revenue Service (IRS) team. My responsibilities on this team include penetration testing, vulnerability research, purple team exercises, and preparing technical reports.

Penetration Testing

Our penetration tests involve assessing in-scope systems for vulnerabilities and then exploiting them to gain access.

Vulnerability Research

I research and test emerging vulnerabilities to determine their risk to client systems. If these vulnerabilities pose a threat, I check existing security controls for their efficacy in mitigating that threat.

Purple Team Exercises

Our team works with the SOC to test detection capabilities of malicious activity.

I assessed systems and performed code review for our client, the Department of Homeland Security (DHS).

I was a member of an internal penetration testing team for the Federal Bureau of Investigation (FBI) I was responsible for conducting in-depth penetration tests and vulnerability assessments against isolated networks and web applications. I often acted as a team lead, managing 2-3 person teams in performing assessments and producing technical reports.

Our penetration testing team conducted testing for various commercial clients. I performed network, web application, wireless, and physical penetration tests, and I wrote technical reports detailing the team’s findings.

I developed internal technical security training and created and administered a virtual lab environment, which provided virtual machines for my courses. The most advanced course I developed was a network traffic analysis course which covered usage of Wireshark and tcpdump for performing network traffic capture and analysis.

I acted as a technical consult on information security for a team developing a software product. I was later selected to go through a training cohort where I obtained 8 certifications. At the completion of the cohort, I worked on a team that designed and built a computer lab for performing security exercises, training, and research.

During my time at CCBC I learned the fundamentals of networking, operating systems, and computer security that have served me throughout my career. I was an active participant in the school’s Cyber Defense Team. We took first place in the 2008 Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) and went on to compete in the national competition. In 2008, I was awarded a Student of the Year award for my program.

I am a co-founder of this nonprofit hackerspace where I serve on the board of directors. I have served as President, Vice-President, Treasurer, and Member at Large during my time at UAS and currently I serve as an Emeritus Board Member. The hackerspace serves the local hacker and maker community by providing a space, tools, workshops, and classes in a diverse range of technologies so that our members and the general public can learn and create.

In addition to my board level responsibilities, I run a bi-weekly event for our community where we practice our hacking skills using Hackthebox.

I have volunteered for this competition in various roles since 2008. Previously, I was on a team that competed in and won this competition. I have served on the team that helps manage and score the competition and I have worked through Unallocated Space to provide hands-on demonstrations and activities for the competition’s spectators and participants.