ABOUT BEAU GRAHAM

I’m an OSCP certified pentester who specializes in Web Application testing. Outside of Web Application testing I have worked on Active Directory, WiFi and NAC bypass pentests. My background is in IT mostly doing sysadmin and network engineer type work. I have a few CVE’s and participate in bug bounty programs. I’m currently studying towards my OSEP and hope to move into more of a red team role soon.

My hobbies include learning and practicing my pentesting skills (and streaming it on Twitch), bug bounties, spending time with my wife, and my cat Xiao Long Bao. I also like working on my home network, finding cool EDM music and snowboarding. I also really like pizza. Official Pizza Enthusiast.

WORK EXPERIENCE

Sr. PENETRATION TESTER -- Fidelity Investments

As a Web Application Penetration Tester I complete an average of three pentest engagements per month according to OWASP and other industry standards. In addition to testing web apps, I have experience in testing Active Directory, and Internal/External pentests.

My key responsibilities and accomplishments include:

  • Finding security bugs. I focus on quality bugs and manual testing
  • Writing detailed reports in a way that software developers understand issues and how to fix them
  • Writing processes and procedures for pentest engagements
  • Mentoring less experienced members of the team and people outside of the team wanting to learn pentest/red team techniques
  • Conducting trainings with entire pentest team on interesting vulnerabilities, how I found them, and how to replicate in tests
  • Building Capture The Flag challenges for team training
  • Successfully escalated to Domain Admin in the last three annual active directory pentest

SENIOR SYSTEMS ADMINISTRATOR / NETWORK ADMINISTRATOR -- Lucid Software

In my role at Lucid I manage the internal network and firewall as well as all internal-facing servers. I am also in charge of scaling the company’s IT processes, such as scripting and automating workstation provisioning systems, and providing technical mentorship to other team members.

My key responsibilities and accomplishments include:

  • Rebuilding firewalls from scratch to implement features such as SD-WAN and failover
  • Regularly research and present on security topics for the weekly security club meeting
  • Working directly with ISPs to troubleshoot and resolve issues
  • Building relationships with vendors to evaluate new technology, services, and hardware
  • Planning and deployment of network infrastructure for new office locations
  • Migrate VM's from ESXi to Hyper-V

SYSTEMS ENGINEER / TEAM LEAD -- InsideSales.com

After joining InsideSales.com on the Help Desk team, I was quickly promoted to a Systems Engineer, and then again to lead the Internal IT team. As a Systems Engineer, I designed, implemented, and maintained our IT infrastructure, which included internal virtual machine and server environments.

My key responsibilities and accomplishments included:

  • Implementing IT Security best practices across the company, including 2FA, MDM, and AV
  • Working with auditors to gather and provide information requested to ensure that we were compliant
  • Managing Windows Domain Controllers (AD), DHCP, and DNS servers in five office locations
  • Full planning, deployment, and documentation of server infrastructure in remote offices
  • The initial deployment of Server 2012 r2 & converting entire company's local profiles to active directory
  • Managing all corporate devices running on Windows, OS X, Android, and iOS
  • Building a complete OSX management & deployment system using a variety of open source tools
  • Mentoring the helpdesk team, prioritizing and assigning tasks, and ensuring project deadlines were met, and tracking SLA metrics on tickets
  • Working with executives to best support the technological needs of the business
  • 24/7 on call monitoring & resolution of issues, and support for global offices

SKILLS

Kali Linux
Burp Suite Pro
Bash
Powershell
Python
Nmap
Qualys/Nessus
Veracode
Bloodhound/Sharphound
Dirsearch/Gobuster
JtR/Hashcat
Metasploit
Sqlmap
Fuff/Wfuzz
Hydra/Medusa
Javascript
PHP
Java
Wireshark
Soapui/Postman

CONTACT

Beau Graham

email: beau[at]beau.technology