Jason Ostrom

Jason Ostrom has helped over 225 organizations mature their Cyber Security programs by identifying business risks and improving their readiness for security incidents. Jason has prior experience in IT network consulting, including Network Administration, Programming, System Administration, and security programming experience. Jason also has extensive experience with penetration testing and is a SANS Institute Community Instructor, teaching SANS 560 Network Penetration Testing & Ethical Hacking.

More About Jason


Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses. He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets. He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues. In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor. He is the author of the "VoIP Hopper" network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.

Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine. Jason has spoken at many high-profile security events such as DefCon and ShmooCon. He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security. Jason currently holds the CCIE Security certification (including CCNA, CCDA, CCNP, CCSP) and GCIH, GCFA, GPEN, GWAPT certifications. He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.