James.ross@blackknife.com
Expert: +30 years in aerospace (commercial and defense). +20 years cybersecurity. CISSP. Team lead for System Integrity (SI) implementation. Specialization in Offensive Security. +4 years Red Team lead for Cyber Wargaming/Cyber Table Top Exercises (CTT). Pentest and vulnerability assessment. Development of cyber security architectures. Development of cyber range/pentest network/attack lab environments. Familiarity with C and Python. Window and Linux/*nix OS. Clearance information on request.
Objective: Cybersecurity SME and technical leadership. Leveraging offensive/defensive cybersecurity expertise in aerospace systems and non-traditional IT technology for commercial, defense, and agency customers.
June 2020 –
Present
Sr. Principal Systems Security Engineer
Cyber and Secure Systems – Raytheon Intelligence and Space
· Document Development: Development of Systems Integrity plan for EO/IR surveillance system and Program Protection Implementation Plan for F-15 JSI radar system.
· Military GPS User Equipment (MGUE): Team lead for MGUE System Integrity. Development and certification of technical defenses to prevent exposure of Critical Program Information (CPI).
· Cyber Table Top Process: Developed and documented a uniform, tailorable, process for Cyber Table Top (CTT) development, execution and analysis as part of the Cybersecurity Engineering Initiative (CSEI). Presented at 2020 SE&ATN Symposium
· Linux MFA Migration: Worked technical problem areas in support of enterprise migration to RHEL 7.8 for Multi-Factor Authentication on ORION network.
January 2019
– Present
Chief Technical Officer/Chief Hacking Officer as Volunteer
· Founder, Board Member and CTO/CHO: Aerospace Village. A 501(c)(3) non-profit promoting education and collaboration between industry and researchers/hackers to improve aerospace cybersecurity. Held events at DEFCON 27/28/29/30, RSA 2020/2022 and other security conferences. Partnered with US Air Force to present the Hack-A-Sat Capture the Flag event. www.aerospacevillage.org
April 2004 –
June 2020
Senior Cybersecurity Engineer
· Aerospace: Boeing Commercial Aircraft (BCA), Boeing Global Services (BGS) and Boeing Defense Systems (BDS)
· Cybersecurity Red Team Lead: Cyber Wargaming/Cyber Table Top (CTT). Internal and external customers (commercial and government). Highly technical cyber-attack scenarios specific to customers' unique requirements. Domains: Aerospace, ICS/SCADA, Communication, Manufacturing, Commerce/Payment, Airline, Airport, IoT and others
· Cybersecurity Design: Developing processes, procedures and cybersecurity product life cycle for new products. Domains: Aerospace, Defense, Agency, Satellite, Communication, IoT, Web Services, Cloud, Cryptography and others.
· Cybersecurity Proposal Development: Government cybersecurity contract proposal development. Domains: Secure architectures, unique customer functionality, cyber range/attack lab, cybersecurity system requirements, MLS/MILS and specialized domains.
· Penetration Test: Internal, commercial, defense, proprietary and vendor products
· Inventor: Boeing "Cyber Range in a Box". A flexible, portable, environment for dynamically creating complex networks of simulated, virtual and physical computers.
· Industry Leadership: Cybersecurity analyst, Aviation-Information Sharing Analysis Center (A-ISAC). Information Assurance working group chair, Network Centric Operations Industry Consortium (NCOIC)
2000 - April
2004
System Security Engineer
· Cybersecurity Research and Development: Research and demonstration of hacker techniques and methods. Development and management of cybersecurity/hacker laboratory and Beowulf cluster.
· Penetration Test: Pentest and vulnerability assessment of internal systems. External customers including FAA, a large national laboratory and an international insurance company.
· Proposal Development: Support of proprietary cybersecurity proposals for defense and agency customers.
· Development and Certification: Cybersecurity for Advanced EHF DoD communication satellite
Systems
Engineer
1996 - 2000
· Avionics Design: MS80/90 autopilot and autothrottle systems
· System Safety: Safety analysis, Fault Tree Analysis (FTA), Failure Modes and Effects Analysis (FMEA)
· Certification: FAA Certification of avionics systems
· Test: Simulator and bench test
1989 – 1996
Systems Engineer
· Design and Certification: MD-80/90 autopilot and autothrottle system
· Customer Specific Design: Developed flight deck instrument for Delta Airlines
· Test: Simulator and flight test
Boston
University
Bachelors of Science Electrical Engineering
1985 - 1989
· Certification: Certified Information Systems Security Professional (CISSP) - 263683
· License: Ham Radio Technician License - KM6TZR
· Award: Winner Panasonic/HackerOne IFE Avionics Bug Bounty Challenge, Dec 2016
· Patent: Methods and Systems for Deploying Software Applications, Issued Sep 2, 2014, US 8826231
· Texas Cyber Summit: Conversation with a Replika, 2021
· GreyHat Cybersecurity Conference: Aviation Village Technical Initiatives, 2020
· DEF CON Aviation Village: ADS-B Introduction and Workshop, 2019 as “Gurney Halleck”
· ToorCon: Cyber War Games - Table Top Exercises (TTX), 2016 as “Gurney Halleck”
· A-ISAC: Various Table Top Exercises, 2015 - 2019
· NCOIC: Information Assurance Working Group lead. Various Information Assurance Topics, 2006-2010
· ToorCon: Hydra Intelligent Agent: Instrument for Security, 2001 as “Gurney Halleck”
· DEF CON: Lock Picking Introduction and Workshops, 1999-2001 as “Gurney Halleck”
· Aerospace Village: Founder, Board Member, and CTO/CHO as a volunteer. Aerospace cybersecurity education and industry/researcher collaboration (aerospacevillage.org). A 501(c)(3) non-profit organization
· Personal Projects: Pentest/Exploitation/Attack Lab; Embedded Systems; Robotics; Linux/*nix; Windows; Ham/RF/RTL-SDR; 3D Printing; Lock Pick/Bypass; Programming; Web Development; Maker-Breaker-Hacker.