Brandon Evans

Since he was introduced to an internet connection, Brandon has been a developer. He started his professional career with Smartvue Corporation, an Internet-of-Things video surveillance startup that has since been acquired by Johnson Controls. Prior to starting in security, Brandon became a Software Engineer at Asurion. After creating many web applications over the years, he eventually wanted to try something new. He was offered a spot in the Security Mavens program at Asurion, and jumped at the chance. This is where his formal journey with security began. After taking three SANS courses, Brandon knew that security was where he belonged, so quickly transferred to the internal product security team performing secure code reviews, conducting penetration tests, developing secure coding patterns, and evangelizing the importance of creating secure products. In January 2021, Brandon took the next step of his professional journey to lead Zoom's secure development training program, manage its implementation, and measure its outcomes, bringing it to the industry standard as assessed by the Building Security In Maturity Model (BSIMM). Since September 2022, Brandon has worked as an independent consultant, conducting penetration tests, performing secure code reviews, and assessing the overall security posture of each environment across multiple clouds. Most importantly, he provides comprehensive, practical, actionable, and easy to understand solutions to address his findings.

Brandon’s love of teaching and public speaking goes back to his college days, spending 3 years on the debate team and summer breaks teaching iD Tech Camps at Vanderbilt University. These experiences taught him a lot about communication, persuasion, and empathy, three pillars he carries with him to this day. Brandon prides himself in making his classes fun, engaging, and memorable with the sharing of personal experience, war stories, polling the audience, and telling relevant jokes.

As someone who has only recently made the switch into security full-time, Brandon understands that one of the biggest barriers between development and security is the conflicting cultures. Developers want to develop. Security wants to have 100% security. These two goals are mutually exclusive! Given his experience in both areas, Brandon has been able to support both types of professionals reach across the aisle to improve DevSecOps at their organization. He believes that in order to prescribe solutions to development teams, one must walk a mile in their shoes. Brandon is happy to walk side-by-side with you as you face these challenges head on, constantly reminding you that you're not alone. Secure development is hard!

Throughout his security journey, Brandon has earned five GIAC certifications - GPCS (#1), GCSA, GPEN, GSTRT, GWAPT, GSEC, and GSSP-JAVA. He holds a Bachelor's Degree in Computer Science from Binghamton University, where in his senior year, Brandon won the “Best Use of the SendGrid API” at the HackBU Hackathon. Additionally, he has won four Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27, and in 2017 Brandon won the Asurion Hackathon for making an Alexa skill for cellphone support. Brandon taught the first ever cohort at the Vanderbilt University Web Development Coding Bootcamp in 2019, he’s a contributor to the OWASP Serverless Top 10 Project, and a co-leader for the Nashville OWASP chapter. 

In his spare time, Brandon enjoys playing the drums, chess, classic video games, and golf.

Hear Brandon talk about multiple clouds requiring multiple solutions here:

LIVESTREAMS

• Multicloud Security Is Inevitable: Fact or Fiction, Sept 2022
• CloudWars Episode 1: The IAM Menace, March 2022
• CloudWars Episode 2: Attack of the Packets, April 2022
• CloudWars Episode 3: Revenge of the Hacks, May 2022

WHITEPAPERS / BLOGS

• Firebase: Google Cloud's Evil Twin, Oct 2020
  
• Top 5 Considerations for Multicloud Security, April 2020
• Give Hacking A Try – You Might Just Be Great, March 2019
• Best Security Practices for Amazon RDS with Sequelize, Sept 2018

WEBCASTS / VIDEOS

• SANS 2022 Multicloud Survey: Exploring the World of Multicloud, Dec 2022
• SANS 2022 Cloud Security Exchange, Aug 2022
• Multiple Clouds Require Multiple Solutions: AWS, Azure, & GCP - SANS @Mic, Jan 2021
• Secure DevOps Best Practices for Multicloud Environments, Dec 2021
• Cloud Security Hot Take: ICS Instructor Panel, May 2021
• Exfiltrating Credentials in the Big 3 Clouds, excerpt from New SEC510: Public Cloud Security: AWS, Azure, and GCP course, June 2021
• Multi-Cloud Anomaly Detection: Finding Threats Among Us in the Big 3 Clouds, RSAC 2021, May 2021
• Multi-Cloud ANomaly Detection: Finding Threats Among Us in the Big 3 Clouds, RSAC 2021, May 2021
  
• More Servers, More Problems: How Serverless Changes and Reduces Risk, Dec 2020
  
• Cloud Security Solutions Forum, Dec 2020
  
• SEC510: Multicloud Security Assessment and Defense, June 2020
• Attacking Serverless Servers: Reverse Engineering the AWS, Azure, and GCP Function Runtimes, March 2020
• Secure by Default? Scoring the Big 3 Cloud Providers, Jan 2020
• MusicCityCon – Security By Persuasion, June 2019

MORE

• Secure Service Configuration in AWS, Azure, & GCP poster
  
• Cyber42 Web App
• Multicloud Cheat Sheet
  
• Attack in Autumn 2020: Profile of a 0-Day, Sept 2020
• Serverless Prey Project, Serverless Prey is a collection of serverless functions (FaaS) for GCP Functions, Azure Functions, and AWS Lambda. Once launched to the environment and invoked, these functions establish a TCP reverse shell for the purposes of introspecting the container runtimes of the various function runtimes.