LARES CONSULTING - Key Persons
Job Titles:
- Senior Adversarial Engineer
Aidan has worked across both offensive and defensive security disciplines for almost a decade. This included several years in the fintech space, exposed to the rapidly changing world of DevOps, containerisation, and cloud security. His focus in recent years has been on developing effective tradecraft for targeting cloud- and SaaS-native enterprises. He works to a mantra of building before you break, spending considerable time developing, implementing, and deploying the technologies used by the industry to guarantee an intimate familiarity with the problems that clients face.
Job Titles:
- Manager, Finance and Operations
Albert joined the Lares team in February 2021 after spending the first 6 years of his career in analyst roles with a focus on accounting, business process, and software implementation. His work experience includes multiple industries - including supply chain and logistics, real estate development and construction, and SaaS. In each role, there was always a gravitational pull that connected Albert to optimizing systems and processes. In his free time, he can be found in the outdoors or with loved ones.
Ravenously curious, driven, and just a little mischievous, Alden began their exploration of hacking at university where they spent their free time collecting bug bounties and teaching others about security. After graduating into an on-prem Red Team, Alden developed a particular talent for compromising anything with a Linux kernel. With a passion for slinking around networks, making suspicious phone calls, and opening locked doors, Alden strives each day to push the limits of their abilities. When not behind a keyboard, Alden can be found studying classical Japanese swordsmanship, watching spooky movies, or backpacking through the Cascades.
Job Titles:
- Chief Financial Officer
- Senior Executive
Amanda has been a senior executive at oil and gas companies for the last 18 years before transitioning into cybersecurity. She started her career in Calgary, Canada, and has worked throughout North America, the Middle East, and North Africa. During her career, she has been a founding member of numerous oil and gas companies specializing in finance and operations. She is a great paper pusher, mother of two fur babies, and a crazy Canadian who has traveled and worked around the world.
Job Titles:
- Chief Operating Officer
- Executive, Strategist, Industry Analyst, Data Scientist
Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of experience across multiple domains. He prides himself on his ability to execute security strategy without neglecting business objectives and the needs of its customers. Andrew is the author of multiple books on advanced security topics and is frequently approached to provide expert commentary on industry developments. He has been featured in publications such as Forbes, Bloomberg, Wired, USA Today, and CSO Magazine.
Job Titles:
- Marketing Content Manager
As the Marketing Content Manager at Lares, Andrew Heller excels in implementing digital marketing strategies and enhancing customer engagement. His background includes significant experience in SaaS and CCaaS sales, notably as an Enterprise Account Executive at Sprinklr. Andrew, a graduate of St. Edward's University, holds multiple marketing certifications and has a history as a professional athlete with the Austin Huns Rugby Club.
Andy is a renowned expert in offensive security engineering with over 12 years of experience in security consulting, technology, information risk, and data forensics. He heads up Lares' European Adversarial Engineering Team. A valued contributor to open source projects, regular presenter at security conferences in the UK, EU and international, author of Learning the Ropes 101 & 102 and he also volunteers at DEFCON as a SOC Goon. Andy holds several certifications such as Xintra's Attacking and Defending Azure and M365, CRTO, OSCP, complemented by a BEng in Digital Security, Forensics, and Ethical Hacking, he has also previously held CREST and CHECK certifications. Outside of his day job, Andy can be found exploring the roads of Scotland and photographing various scenes.
Job Titles:
- Engineer
- Adversarial Engineer
Ben got his start in computer repair before working his way into IT Support and Network Administration. Ben spent roughly eight years working general IT in the retail, energy, and healthcare sectors before discovering the world of offensive security. He jumped in with both feet aggressively pursuing and achieving the OSCP and never looking back. Ben has close to a decade of collective testing experience, resulting in a well-rounded skill set for almost any engagement.
In his free time, Ben enjoys spending time with his family, hitting the gym, and pursuing his plethora of geeky hobbies such as Dungeons and Dragons and miniature painting.
Job Titles:
- Application Security Consultant
Brendan got his beginning in desktop support before moving over to security, first as defense before switching sides for offensive security. His current focus is malware development and payload delivery, as well as scouring enterprise networks for vulnerabilities, misconfigurations, and loot. Brendan has a bachelor's degree in Computer Science and CISSP, OSCP, and OSCE certifications. He has presented at DefCon416, BsidesTO, and has participated in C3X. In his spare time, Brendan enjoys practicing a variety of martial arts, reading comic books, playing video games, and gardening.
Job Titles:
- Chief Executive Officer
- Founding Partner
Chris Nickerson, CEO of Lares, has spent the last 23 years of his career leading, inspiring, and sometimes irritating, the security industry. With Lares co-Founder Eric M. Smith, he created the unique methodology used at Lares to assess, implement, and manage information security realistically and effectively. Collaborating with a group of other InfoSec researchers, he founded the Penetration Testing Execution Standard (PTES), and is working with the Red Team Alliance Training Collective to create a certification for Red Team Testing.
Job Titles:
- Principal Adversarial Engineer
Chris has worked in a range of industries, most notable of which are Critical National Infrastructure (CNI), and leading edge design and manufacturing (Dyson). Doing so has given Chris a very varied array of knowledge, from penetration testing robot vacuum cleaners, to designing and testing secure ICS/OT networks. During Chris' time at Dyson, he was involved in developing the global security team and performing internal penetration testing. Chris was also heavily involved with securing the design of Dyson's current and future internet connected appliances, and corresponding smartphone applications. Chris is an Adversarial Engineer (aka penetration tester) at Lares which involves him acting and thinking like a genuine attacker to compromise client networks. Chris' skill set also includes Social Engineering, and he has successfully gained access into CNI, Airports and Casinos, which are regarded as some of the most secure facilities in the industry. Chris has been lucky enough to have spoken at DefCon twice, and many different BSides' across the country.
Darryl worked in various IT support roles before moving over to security, where he currently focuses on strategic cybersecurity leadership, risk assessments, security program development, and incident response solutions. Darryl holds CISSP, CISA, CISM, Associate CCISO and PCIP certifications. He has presented at numerous conferences, including BSides St. John's, GoSec, and Texas Cyber Summit. He sits on the Board of Directors for AtlSecCon and was the lead organizer for BSides Cape Breton.
Job Titles:
- Associate Adversarial Engineer
David has spent many years building a career in cyber security. Whilst cutting his teeth on delivering Cyber Essentials Plus certifications to companies across the UK, David was busy honing his Appsec and Infrastructure testing skills before moving full time to penetration testing roles. David also co-hosted a security podcast with Andy Gill for a number of years. Enthusiastic about hacking, learning and helping organizations improve their security posture, David works hard to deliver exceptional service. Outside of security he is an avid photographer and amateur musician.
Job Titles:
- Principal Adversarial Engineer
Dave got his start in IT working as a Systems Administrator learning to deploy, manage and maintain enterprise networks before pivoting to offensive security. Dave has performed a variety of security testing throughout his career with the majority of his security career focused on conducting full scale Red Team operations. He holds OSCP and OSCE certifications and has spoken at BSides Toronto and multiple student groups in the Greater Toronto Area about working in Information Security.
Job Titles:
- Chief Technology Officer
- Founding Partner
Eric is a 20-year veteran of the Information Security industry. He holds a bachelor's degree in Information Systems Security and maintains active CISSP and CISA certifications. Along with Chris Nickerson, he helped create the Penetration Testing Execution Standard (PTES). Prior to working at Lares®, he founded Full Protocol, and worked as a senior security consultant and analyst at a major utility, technology, and energy companies. He's spoken and/or taught at DEFCON, Security BSides, DerbyCon, HackCon, Infosec World, ShakaCon, DakotaCon, and other worldwide conferences.
Job Titles:
- Adversarial Engineer
- Senior Adversarial Engineer
Felipe's core skills involve web application, API, infrastructure, compiled application and hardware/IoT penetration testing, with a good understanding of cryptography, electronics and "the binary world". He has a BSc in Computer Science, and an MSc in Cyber Security and Forensics, and holds multiple certifications such as OSCP and OSCE. He enjoys finding creative and sometimes overly engineered solutions to challenging problems.
With a distinguished background as an Afghan War combat veteran, Geo brings a unique combination of security expertise and an unwavering commitment to customer service to his role. Joining the team in 2023, he has quickly become an invaluable asset, channeling his passion for safeguarding clients' interests into every aspect of his work.
Outside the office, Geo is an avid adventurer, passionate about snowboarding, mountain biking, and immersing himself in the cultures and cuisines of countries around the globe. This zest for exploration and understanding diverse perspectives enriches his approach to customer service, making him a dynamic and empathetic partner to our clients.
Job Titles:
- Engineer
- Security Consultant
Jamie has been a security consultant since 2012, and focused on manual secure code review since 2014. They studied language and literature as an undergraduate. Close reading and context are more important to interpreting poetry and source-code than authors' intention. Barthes argues, assigning a single interpretation to a text "is to impose a limit on that text." Dullien argues software intends to define a finite set of reachable computational states. However, regardless of intention, defects in code can provide for "weird machines" that expand the set of reachable computational states. Secure code review is the practice of discovering defects that may be used to reach unintended computational states via exploitation.
Jonathan, an inquisitive security enthusiast and penetration tester with over two decades of technical experience, has dedicated the past decade and more to managing, securing, and skillfully navigating through network infrastructure, web applications, servers, and workstations. During this time, he played a pivotal role in leading internal Bug Bounty, Purple Team, and Pentesting programs. His expertise extends to direct experience in pentesting medium to large organizations, covering Network, Active Directory, Azure/AAD, Web Application/API, and social engineering engagements.
Job Titles:
- Software Engineer
- Adversarial Engineer in Application Security
- Senior Adversarial Engineer
Josh is a software engineer turned hacker who enjoys spending his time analyzing web applications and discovering vulnerabilities. He holds multiple certificates from Offensive Security and a bachelor's degree in Computer Science from UC Berkeley. In his free time, he can be found playing video games, doing Brazilian jiu-jitsu, or hanging out at the beach with his family.
With over five years in management, Kaitlyn possesses a robust skill set acquired from both managerial and sales roles. Specializing in process optimization and client relationship management, she is dedicated to ensuring exceptional client experiences. As a member of the Lares Team, Kaitlyn collaborates closely with the engineers to uphold cybersecurity project deadlines and ensures smooth project execution from inception to completion. A graduate with a BA in World Literature, Kaitlyn augmented her academic achievements with minors in various disciplines. As a guest lecturer, she has spent time both in classrooms and presenting her writing at various symposiums. Prior to joining Lares, she was the General Manager of Continental Divide Winery in the mountains of Colorado.
Job Titles:
- Consultant
- Senior Adversarial Engineer
Lee is specialized in research and analysis to assist organizations in assessing security controls, training customer internal offensive and defensive engineers, and security program maturation exercises and assessments. He is experienced in offensive tool development, threat hunting, detection engineering, evasion and bypass research, malware analysis, Active Directory security, Microsoft Windows internals & security, and Microsoft Azure security.
Lomar brings a wealth of expertise across diverse areas in Cybersecurity, such as threat modeling, malware analysis, reverse engineering, wireless infrastructure exploitation, and penetration testing of networks, web, and mobile applications. Making the transition from a Software Engineer to a seasoned Cybersecurity professional, Lomar holds a Masters in Cybersecurity and proudly boasts certifications such as OSCP, LPT, and PNPT. Lomar is passionate about the work he is doing and enjoys giving clients peace of mind through his expertise.
Job Titles:
- Adversarial Engineer
- Senior Adversarial Engineer
Louai started his career hunting cybercriminals as Threat Hunter at Bell Canada before transitioning into his current role as an Adversarial Collaboration Engineer at Lares. He specializes in purple teaming, detection engineering, threat hunting, and incident response. An avid programmer, Louai loves to automate everything at work (much to the merriment and jubilation of his teammates) and in life (as proof, he uses an electric toothbrush).
Louai also loves solving problems with data and common sense and is a big Jupyter ecosystem enthusiast. Finally, Louai believes in giving back to the cybersecurity community by contributing to meetups and events such as ISSessions, C3X, and SecTor. Outside of work, Louai loves to dance, travel, listen to music, write poetry, play poker, and hang out with his outrageously beautiful but undeniably annoying friends whom he loves very, very much.
Job Titles:
- Senior Adversarial Engineer
Luke has worked in the security industry since leaving university in 2017 with a bachelor's degree in Ethical Hacking. He considers himself a generalist hacker and loves to get involved with anything related to breaking security controls. Over the years, he has experienced a wide range of scenarios that have led to tearing apart technologies and finding flaws. This includes flying to different countries and breaking into physical HQs of high value companies. As well as his bachelor's degree, Luke has certifications from the likes of CREST, AWS, and Offensive Security, to name a few. He also likes to give time to the infosec community and provides free educational content on YouTube. Outside of security, he likes to partake in running events and enjoys being a father.
Mark Arnold has a 15+ cybersecurity career, serving 8 of those years in leadership roles. As a transformational leader, Mark has built security teams and programs, authored maturity model blueprints to optimize risk management processes, and implemented security domain practices at large enterprises and service providers. Mark's areas of interest include cloud security, threat intelligence, and vulnerability research, nation-state attack methods and related activities (e.g. information operations and disinformation campaigns) and their collective impact on nations and society. Mark recently completed an executive education cohort on the intersection of cybersecurity and technology at Harvard's Kennedy School.
Mark also commits time to the security community as an OWASP chapter and InfoSecWorld board member, among others. He holds industry certifications and has satisfied his intellectual curiosity with earned degrees from Stanford (BSEE), Princeton Seminary (Mdiv), and Harvard University (AM, Ph.D.). He is a former competitive gymnast and an ordained minister but, most importantly, cherishes his role as a husband and dad who thrives on hugs.
Job Titles:
- Managing Director of Security Services
Mike is an accomplished security expert with over 25 years of experience in cybersecurity, including penetration testing, red teaming, application security testing, software development, and policy writing. He utilizes this expertise to assist his team and clients in achieving their goals and objectives during projects. Mike is a frequent attendee and speaker at security conferences, such as DEFCON and the IAEA Conference on Nuclear Security. As the Managing Director of Security Services, he is responsible for the management and strategic direction of all aspects of service delivery to Lares' clients. Mike has experience working in both the public and private sector, including various senior and leadership roles at Accenture, Cylance Inc, and the US Department of Energy. Mike is currently sitting for his MSc in Software and Systems Security at Oxford University.
Job Titles:
- Associate Adversarial Engineer
Mike left a career in logistics to transition into cybersecurity. Before joining Lares, he combined his two passions, cybersecurity and travel, by collecting bug bounties while traveling the world. He has a bachelor's degree in cybersecurity and an OSCP certification and enjoys the challenge of constantly learning new techniques to stay relevant in the field. In his free time, Mike enjoys exploring new cities, scuba diving, 3D printing, cooking, and hanging out with his dog Milo.
Job Titles:
- Red Team Specialist
- Senior Adversarial Engineer
Neil Lines is an offensive security, red team specialist, with over ten years' experience in performing internal, external infrastructure, web application, social engineering, and red team engagements. Before specializing in security Neil worked for over four years in IT engineering roles including desktop, networking support and design. Neil regularly performs guest lectures on penetration testing and has spoken at many security conferences. Over the years Neil has collected over nine industry recognized IT certifications from the likes of CREST, Tigerscheme, EC-Council and Cisco.
Nick is an enthusiastic sales professional with over 15 years of customer service experience. Nick came to Lares after spending the past 6 years facilitating the development and implementation of standard sales and customer service practices for one of the world's largest electric vehicle manufacturers, where he was named the #1 customer experience specialist in North America for multiple years. Nick specializes in administrative technology and is responsible for educating other employees on using progressive systems and applications, including mass communication software and organizational apps.
Nick is a powerful force in the workplace and uses his positive attitude and tireless energy to exceed customer expectations and provide excellent service. He is passionate about developing and maintaining strong relationships centered on trust with each client.
Outside of work, Nick enjoys traveling with his wife, hanging out with family and friends, and being a beach bum.
Job Titles:
- Engineer
- Adversarial Engineer
Nick is a skilled hacker with a passion for cybersecurity. He enjoys all things security related including Active Directory attacks, external penetration testing, web and cloud testing, malware development, EDR evasion, social engineering, and more. He loves learning new things and honing skills. Outside of work he is a dedicated strength athlete and enjoys being outside. Nick has a bachelor's degree in Information Security and Intelligence and holds several certifications including the OSCP and OSEP.
Job Titles:
- Senior Adversarial Engineer
Paul has over 12 years of experience in IT system administration and transitioned to the security space after gaining Offensive Security Certified Professional (OSCP) in his free time. After several years conducting various offensive engagements in infrastructure and application security, he concentrated his efforts in application security with a keen interest in mobile application security. In his free time, he plays competitive Golf.
Job Titles:
- Senior Adversarial Engineer
- Specialist
Raúl is a specialist in offensive security with more than 7 years of experience. While he has experience in various fields, such as web and mobile audits, social engineering campaigns and cloud pentests (AWS, Azure, GCP), he has specialized in red/purple team projects, being passionate about Windows and Active Directory. Raúl holds several certifications, including Xintra's Attacking and Defending Azure and M365, CRTO, OSCP, OSWE, OSEP, OSWP, among others. He also serves as an associate professor in Master's Degree in Cybersecurity and Information Security from Castilla-La Mancha University. He consistently aims to add extra value to projects by thinking outside the box. Raúl enjoys spending time with his family, practicing sports, playing video games, watching movies, and hiking.
Rob has been in cybersecurity for nearly 20 years and is a driving force behind our team's success, bringing proven expertise in revenue growth across advisory, consultancy, and managed services. As VP of Global Sales, he expertly leads top talent to deliver robust security solutions and foster long-term client relationships. Rob's strategic mindset, analytical approach, and dedication to collaboration ensure optimal outcomes for our customers.
Job Titles:
- Security Engineer
- Senior Adversarial Engineer
Steve is an experienced adversarial security engineer and penetration testing team leader. Having worked across multiple high-profile sectors such as, GOV, Defence, FinTech, Banking, Medical and Health Insurance, resulted in accumulating over 15+ years of security experience, spanning physical security breaches, cyber security and social engineering. Steve regularly helps develop and deliver targeted penetration testing, scenario-based engagements, while working alongside ‘in-house' security teams to help mature their security posture. Steve has also attained/held a number of industry recognized security certifications from the likes of ITIL, CompTIA, SANS, Tiger Scheme and GCHQ. In addition to his day-to-day responsibilities, Steve has volunteered at well-known security conferences, such as 44Con, BSides and SteelCon in order to give back to the security community.
Teresa is a certified Project Management Professional (PMP) with over 15 years' experience in project management and coordination with a focus on IT/IS/Healthcare industries. She enjoys establishing excellent working relationships with clients, employees, vendors, and contractors. She works to provide clients with the necessary support from project initiation to delivery, ensuring customer success. She is also highly adaptable and focused on results, with a proven record of achieving successful projects. Previously, she was a Project Coordinator at Alternative Technology and Arrow Electronics and a Project Manager at Solutions II and Cappella Living Solutions before joining Lares in 2018.
Job Titles:
- Senior Adversarial Engineer
Thomas is a highly qualified, trained, and certified ethical hacker with over 10 years of experience in the IT/IS industry. Starting out in the industry researching vulnerabilities affecting millions of Android & iOS devices, Thomas has branched out his skill set over the years to meet the needs of his clients to include network, wireless, and car hacking. Thomas has a bachelor's degree in Information Security & Assurance and OSCP, and OSCE certifications.