“I often joke that I have one of the only jobs in the world where it’s my duty to make my job harder tomorrow than it was yesterday, but I wouldn’t have it any other way.”

Twitter: @_r00k_

Derek is an industry veteran with more than 15 years of experience spanning systems administration and engineering, web development, security engineering, and offensive security. In the office, he devotes his time to building and running an internal offensive security practice. Out of the office, he splits time between family, martial arts, teaching for SANS, and building his own consulting practice, Corvid Security. A NetWars Tournament of Champions winner and NolaCon black badge holder, he can often be found participating in whatever CTF competitions he can find. Derek holds several security certifications, including GCIA, GNFA, GCIH, GWAPT, GXPN, and OSCP.

How did you get your start on a red team?

I kind of fell into it. By that, I mean offensive security was a career goal of mine since 15-year-old me saw Sneakers for the first time and found out I could do criminal stuff legally (with permission) and get paid for it. After that, I took every tech job I could get ahold of. I bounced from web development back in the heyday of Allaire Cold Fusion to help desk to Linux admin to systems engineering and finally into a security role. I had been doing security engineering for ...