Jason Ostrom

Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses. He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets. He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues. In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor. He is the author of the "VoIP Hopper" network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.

Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine. Jason has spoken at many high-profile security events such as DefCon and ShmooCon. He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security. Jason currently holds the CCIE Security certification (including CCNA, CCDA, CCNP, CCSP) and GCIH, GCFA, GPEN, GWAPT certifications. He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.