Areas Of Expertise
Joshua is a diversely-skilled cyber security professional with 10 years of Department of Defense cyber security experience.
Joshua is a vulnerability management expert and is responsible for designing and developing security products for PurpleSec.
He recently served as a team lead for a Secure Operations (SOC) environment supervising a team in a fast-paced cloud security as a service company. Joshua’s skillsets include enterprise architecture hardening, penetration testing, web application firewall management, network security, data privacy and classification, and enterprise risk assessment.
Recent Articles:
You can implement a risk-based approach to vulnerability management by completing an asset inventory, conducting a risk assessment, calculating risk weighting, and aligning processes to mitigate risk.
Next-generation vulnerability management activities provide continuous monitoring of an IT environment and automation to reduce the burden on IT security teams, reduce mean time to patch, and improves your return on security investment.
Automating vulnerability management eliminates repetitive tasks prone to human error and replaces them with data-driven vulnerability prioritization.
On April 13, 2022, Microsoft announced that their Digital Crimes Unit (DCU) -in a joint effort with ESET, Black Lotus Labs, Palo Alto Networks, HealthISAC, and Financial Services-ISAC – has successfully disrupted the botnet distributing the ZLoader trojan.
The threat group ZeroX is demanding $50M to prevent the public release of PII data on 14,254 employees and company intellectual property.
The Kaseya ransomware attack has impacted over 50 MSPs and between 800 and 1500 companies. With a ransom note of $70 million this is quickly becoming the largest ransomware attack in history.
The Accellion file transfer application (FTA) data breach has impacted over 100 companies, organizations, universities, and government agencies around the world and continues to grow every week.
The Pulse Secure VPN zero-day has been exploited resulting in the breach of several undisclosed defense firms and government organizations in the United States and Europe.
Security Operation Centers (SOCs) provide real-time monitoring, detection, and response in order to mitigate or prevent cyber attacks when they occur.
Phishing is a social engineering attack that attempts to trick people into giving up personal or sensitive information. This is typically delivered via an email.
Internal vulnerability scans have access to an internal network or credentialed account, while external scans identify vulnerabilities from outside the network.
Privilege escalation attacks exploit weaknesses and vulnerabilities with the goal of elevating access to a network, applications, and mission-critical systems.