James Ross, CISSP

James.ross@blackknife.com

Summary

Expert: +30 years in aerospace (commercial and defense). +20 years cybersecurity. CISSP. Team lead for System Integrity (SI) implementation. Specialization in Offensive Security. +4 years Red Team lead for Cyber Wargaming/Cyber Table Top Exercises (CTT). Pentest and vulnerability assessment. Development of cyber security architectures. Development of cyber range/pentest network/attack lab environments. Familiarity with C and Python. Window and Linux/*nix OS. Clearance information on request.

Objective: Cybersecurity SME and technical leadership. Leveraging offensive/defensive cybersecurity expertise in aerospace systems and non-traditional IT technology for commercial, defense, and agency customers.

Experience

Raytheon

June 2020 – Present
Sr. Principal Systems Security Engineer
Cyber and Secure Systems – Raytheon Intelligence and Space

·        Document Development: Development of Systems Integrity plan for EO/IR surveillance system and Program Protection Implementation Plan for F-15 JSI radar system.

·        Military GPS User Equipment (MGUE): Team lead for MGUE System Integrity. Development and certification of technical defenses to prevent exposure of Critical Program Information (CPI).

·        Cyber Table Top Process: Developed and documented a uniform, tailorable, process for Cyber Table Top (CTT) development, execution and analysis as part of the Cybersecurity Engineering Initiative (CSEI). Presented at 2020 SE&ATN Symposium

·        Linux MFA Migration: Worked technical problem areas in support of enterprise migration to RHEL 7.8 for Multi-Factor Authentication on ORION network.

Aerospace Village

January 2019 – Present
Chief Technical Officer/Chief Hacking Officer as Volunteer

·        Founder, Board Member and CTO/CHO: Aerospace Village. A 501(c)(3) non-profit promoting education and collaboration between industry and researchers/hackers to improve aerospace cybersecurity. Held events at DEFCON 27/28/29/30, RSA 2020/2022 and other security conferences. Partnered with US Air Force to present the Hack-A-Sat Capture the Flag event. www.aerospacevillage.org

Boeing

April 2004 – June 2020
Senior Cybersecurity Engineer

·        Aerospace: Boeing Commercial Aircraft (BCA), Boeing Global Services (BGS) and Boeing Defense Systems (BDS)

·        Cybersecurity Red Team Lead: Cyber Wargaming/Cyber Table Top (CTT). Internal and external customers (commercial and government). Highly technical cyber-attack scenarios specific to customers' unique requirements. Domains: Aerospace, ICS/SCADA, Communication, Manufacturing, Commerce/Payment, Airline, Airport, IoT and others

·        Cybersecurity Design: Developing processes, procedures and cybersecurity product life cycle for new products. Domains: Aerospace, Defense, Agency, Satellite, Communication, IoT, Web Services, Cloud, Cryptography and others.

·        Cybersecurity Proposal Development: Government cybersecurity contract proposal development. Domains: Secure architectures, unique customer functionality, cyber range/attack lab, cybersecurity system requirements, MLS/MILS and specialized domains.

·        Penetration Test: Internal, commercial, defense, proprietary and vendor products

·        Inventor: Boeing "Cyber Range in a Box". A flexible, portable, environment for dynamically creating complex networks of simulated, virtual and physical computers.

·        Industry Leadership: Cybersecurity analyst, Aviation-Information Sharing Analysis Center (A-ISAC). Information Assurance working group chair, Network Centric Operations Industry Consortium (NCOIC)

TRW (Northrop Grumman)

2000 - April 2004
System Security Engineer

·        Cybersecurity Research and Development: Research and demonstration of hacker techniques and methods. Development and management of cybersecurity/hacker laboratory and Beowulf cluster.

·        Penetration Test: Pentest and vulnerability assessment of internal systems. External customers including FAA, a large national laboratory and an international insurance company.

·        Proposal Development: Support of proprietary cybersecurity proposals for defense and agency customers.

·        Development and Certification: Cybersecurity for Advanced EHF DoD communication satellite

Honeywell

Systems Engineer
1996 - 2000

·        Avionics Design: MS80/90 autopilot and autothrottle systems

·        System Safety: Safety analysis, Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA)

·        Certification: FAA Certification of avionics systems

·        Test: Simulator and bench test

McDonnell Douglas (Boeing)

1989 – 1996
Systems Engineer

·        Design and Certification: MD-80/90 autopilot and autothrottle system

·        Customer Specific Design: Developed flight deck instrument for Delta Airlines

·        Test: Simulator and flight test

Education

Boston University
Bachelors of Science Electrical Engineering
1985 - 1989

Certifications and Licenses

·        Certification: Certified Information Systems Security Professional (CISSP) - 263683

·        License: Ham Radio Technician License - KM6TZR

Patents and Awards

·        Award: Winner Panasonic/HackerOne IFE Avionics Bug Bounty Challenge, Dec 2016

·        Patent: Methods and Systems for Deploying Software Applications, Issued Sep 2, 2014, US 8826231

Speaking and Publications

·        Texas Cyber Summit: Conversation with a Replika, 2021

·        GreyHat Cybersecurity Conference: Aviation Village Technical Initiatives, 2020

·        DEF CON Aviation Village: ADS-B Introduction and Workshop, 2019 as “Gurney Halleck”

·        ToorCon: Cyber War Games - Table Top Exercises (TTX), 2016 as “Gurney Halleck”

·        A-ISAC: Various Table Top Exercises, 2015 - 2019

·        NCOIC: Information Assurance Working Group lead. Various Information Assurance Topics, 2006-2010

·        ToorCon: Hydra Intelligent Agent: Instrument for Security, 2001 as “Gurney Halleck”

·        DEF CON: Lock Picking Introduction and Workshops, 1999-2001 as “Gurney Halleck”

Personal Projects

·        Aerospace Village: Founder, Board Member, and CTO/CHO as a volunteer. Aerospace cybersecurity education and industry/researcher collaboration (aerospacevillage.org). A 501(c)(3) non-profit organization

·        Personal Projects: Pentest/Exploitation/Attack Lab; Embedded Systems; Robotics; Linux/*nix; Windows; Ham/RF/RTL-SDR; 3D Printing; Lock Pick/Bypass; Programming; Web Development; Maker-Breaker-Hacker.