Brandon Evans

Brandon is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. Brandon is a contributor and instructor for SEC540: Cloud Security and DevOps Automation and lead author for the new SEC510: Multi-Cloud Security Assessment and Defense.

More About Brandon

Profile

Brandon is a Senior Application Security Engineer at Asurion. In this role, Brandon provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. This includes performing secure code reviews, conducting penetration tests, developing secure coding patterns, and evangelizing the importance of creating secure products.

Previously serving as a software engineer at Asurion, he worked on their Tech Expert service, which offers personalized help, guidance and tips across all of the customer's connected devices. Additionally, he has served as a Security Maven for Asurion since early 2018, where he has acquired his GSEC, GSSP-JAVA, GWAPT, GPEN, and GCSA certifications, attended the 2019 AppSec California Conference, and won five Security Innovation Capture the Flag events, also placing second at their CTF at DEF CON 27. Prior to Asurion, Brandon was a developer for Smartvue Corporation, an Internet-of-Things video surveillance startup that has since been acquired by Johnson Controls.

In his spare time, he is also an Instructor at the Vanderbilt University Web Development Coding Bootcamp and a contributor to the OWASP Serverless Top 10 Project. Brandon has a Bachelor's Degree in Computer Science from Binghamton University, where he was also a competitive member of their debate team.

Hear Brandon talk about attacking serverless servers in this SANS webcast from March 2020:

Additional Contributions By Brandon Evans

WHITEPAPERS:

Top 5 Considerations for Multi-cloud Security

WEBCASTS:

SEC510: Multicloud Security Assessment and Defense

Attacking Serverless Servers: Reverse Engineering the AWS, Azure, and GCP Function Runtimes

Secure by Default? Scoring the Big 3 Cloud Providers