Joseph Rach
Verified Expert in Engineering
IT Security Developer
Philadelphia, United States
Toptal member since November 10, 2022
Joseph is a cybersecurity professional who strives to be well-rounded while maintaining specialties in technical cybersecurity areas where he provides the best return on investment. As a master of many cybersecurity domains and fully qualified for all categories and levels of the IA workforce under the Department of Defense (DoD) 8140 and 8570, he advocates team-based approaches and promotes knowledge-transferable, shared, and open-source-based methodologies whenever feasible.
Portfolio
Experience
- Security Architecture - 20 years
- Information Security - 20 years
- Security Analysis - 20 years
- Risk Assessment - 20 years
- Digital Forensics - 20 years
- Ethical Hacking - 15 years
- Offensive Security - 15 years
- IoT Security - 10 years
Availability
Preferred Environment
Linux, Office 365, Amazon Web Services (AWS), Firefox, Vi, Bash, pfSence, Suricata, Python, C
The most amazing...
...tool I've developed is a tool blending heuristics, fuzzy logic, machine learning, and direct behavioral observation to discover IoT devices and systems.
Work Experience
Product Security Officer, Cybersecurity Engineer, Consultant, President, Owner
Kestrel Information Security
- Performed as an accomplished and hands-on cybersecurity practitioner, leader, team builder, and problem solver related to ever-evolving Internet of Things (IoT).
- Accumulated a wide breadth and depth of experience, knowledge, and capabilities.
- Managed embedded systems, infrastructure, and web and mobile application security assessment.
- Developed a second complementary concentration in digital forensics, malware analysis, and investigations.
- Strengthened systems development, governance, and lifecycle management.
- Designed, created, and managed practical and sustainable cybersecurity team practices.
- Built and implemented new innovative cybersecurity capabilities.
- Led rapid development and zero-day bug discovery, an IoT specialty.
- Automated red-team, simulated malware, and toolsmith cybersecurity.
- Delivered exceptional quality at a competitive value.
Cybersecurity Instructor
New Jersey Institute of Technology
- Led as the cybersecurity instructor for the New Jersey Institute of Technology.
- Delivered various technology courses in a synchronous, virtual classroom environment as an adjunct instructor. My concentration and area of specialty are the cybersecurity offerings.
- Worked in offensive security ethical hacking, digital forensics incident response and threat hunting, game theory strategy in cybersecurity, Python for security, cyberinfrastructure and technology, network security, and CyWar cyber arena.
Security Assessment Manager and Lead Penetration Tester
Kestrel Information Security
- Designed, managed, and conducted processes in secure systems development, governance, and management life cycles to begin and complete a global organizational integration.
- Conducted and reported on security assurance review and testing. Generally performed and managed testing as a customized combination of white, gray, and black-box testing to provide practical, effective business value.
- Tested and incorporated performance and availability requirements while following responsible disclosure principles for product security testing.
Information Security Mananger and Lead Penetration Tester
Kestrel Information Security
- Managed, led, and completed numerous security projects in security management, penetration testing, security audit, and security advisory services.
- Assisted several, often global, organizations with Information Security and Information Assurance Program development and maturation.
- Conducted security research and development, invested in developing cybersecurity capabilities, and crafted cyber tools to enable my peers further.
Experience
Aplomado Toolkit
http://www.aplomadotoolkit.orgCustomized Linux, loaded with tools that are validated for correct operation and configuration upon build. A new tool called Aplomado Hunter™ blends heuristics, fuzzy logic, machine learning, and direct behavioral observation to discover and report network-based IoT devices and systems.
Features
• Hours of free online educational material.
• An open blog for the community to share.
• Always open and always free.
Presented Embedded Systems Exploitation at Healthcare Cybersecurity Symposium | Hosted by CERT
Presented Hacked! When Will Your Luck Run Out? and Panelist | Dulles Regional Chamber of Commerce
The Dulles Regional Chamber of Commerce is an innovation gateway where business leaders collaborate to design, develop, and share ideas to make the Dulles Region a center for business and community growth.
Techtalk | Pentesting Cellular
Often security models of products generalize the mechanisms used for communications. This can cause designs to become reliant on assumed security features, and cellular is not immune to this.
Penetration Testing
http://www.kestrelinfosecurity.com/services.htmlProduct Security Assesment
http://www.kestrelinfosecurity.com/services.htmlSecurity Development Life Cycle (SDLC)
http://www.kestrelinfosecurity.com/services.htmlSmart Connected Elevator Product
RESPONSIBILITIES
• Conducted risk assessments and provided recommendations for mitigating potential threats and vulnerabilities.
• Developed and implemented secure architecture and design patterns for the smart connected elevator product.
• Worked closely with cross-functional teams, including engineering, product management, and quality assurance, to ensure security was embedded into all the stages of the development lifecycle.
• Conducted security testing and validated the effectiveness of security measures implemented in the product.
• Stayed up-to-date with emerging security threats and trends and evaluated their impact on the smart connected elevator product.
• Provided guidance and training to other team members on security best practices and ensured their adherence to security policies and procedures.
• Managed security incidents and responded to them in a timely and effective manner.
• Participated in security audits and compliance reviews.
Smart Connected Transportation Refrigeration
RESPONSIBILITIES
• Developed and implemented security measures for transportation refrigeration products connected to smart networks.
• Conducted security assessments of transportation refrigeration products to identify vulnerabilities and potential threats.
• Collaborated with cross-functional teams, including developers, engineers, and project managers, to ensure that security was integrated into the development and operations processes.
• Provided guidance and expertise on secure coding practices, threat modeling, and secure design principles.
• Ensured that the company's transportation refrigeration products met relevant industry standards and regulations, including NIST, ISO, IEC, and others.
• Maintained up-to-date knowledge of security technologies, trends, and practices.
Industrial Machine Monitoring
RESPONSIBILITIES
• Developed and maintained the security architecture of our industrial machine remote monitoring and GPS tracking products.
• Collaborated with the development team to ensure that our products were secure by design and implemented secure coding practices.
• Performed regular penetration testing to identify and address any vulnerabilities in our products.
• Implemented security measures to protect our customers' data and ensured they complied with industry standards.
• Stayed up-to-date with the latest security threats and trends and adjusted our security practices accordingly.
• Collaborated with customers and partners to ensure that our products integrated seamlessly with their security measures.
• Provided guidance and training to the development team on security best practices.
Education
Bachelor's Degree in Computer Science and Mathematics
University of Delaware - Newark, DE, USA
Certifications
Certified Ethical Hacker (CEH)
Ec-Council
GIAC Certified Forensic Analyst (GCFA)
The SANS Institute
EC-Council Certified Security Analyst (ECSA)
Ec-Council
GIAC Reverse Engineering Malware (GREM)
The SANS Institute
Computer Hacking Forensics Investigator (CHFI)
EC-Council
Certified Information Security Manager (CISM)
Information Systems Audit and Control Association
GIAC Law of Data Security & Investigations (GLEG)
The SANS Institute
Offensive Security Certified Expert (OSCE)
Offensive Security
Information Systems Security Architecture Professional (CISSP-ISSAP)
International Information Systems Security Certification Consortium (ISC)²
EC-Council Chief Information Security Officer Certification (CCISO)
EC-Council
Certified in Risk and Information Systems Control (CRISC)
Information Systems Audit and Control Association
Offensive Security Certified Professional (OSCP)
Offensive Security
Certified Information Systems Auditor (CISA)
Information Systems Audit and Control Association
Certified Information Systems Security Professional (CISSP)
(ISC)²
GIAC Gold Certified Intrusion Analyst (GCIA)
The SANS Institute
Skills
Libraries/APIs
AES
Tools
VMware, pfSence, Suricata, Snort, Keycloak
Languages
C, Python, Embedded C, Bash, Python 3, Embedded C++
Industry Expertise
Cybersecurity
Paradigms
Agile Software Development, DevSecOps, DevOps, HIPAA Compliance, DDoS, Penetration Testing, App Development, Agile
Platforms
Amazon Web Services (AWS), Embedded Linux, Linux, Firefox, Mobile, AWS IoT
Other
Vi, Digital Forensics, Ethical Hacking, Security Analysis, Forensic Investigation, Security Architecture, Risk Management, Certified Ethical Hacker (CEH), Hacking, Risk Assessment, Information Security, Forensics, IoT Security, Offensive Security, Security Policies & Procedures, Security Design, Security, SSL, Transport Layer Security (TLS), Vulnerability Assessment, Embedded Systems, Internet of Things (IoT), IT Security, ISO 27001, Analysis, Research & Investigation, Law, Architecture, Threat Modeling, SOP Development, PMO Development, PKI, Cryptography, ARM Embedded, Embedded Development, NIST, PCI, Data Loss Prevention (DLP), Office 365, SecOps, Malware Analysis, Reverse Engineering, Security Management, Security Audits, Malware Removal, Legal, Data-level Security, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Host-based Intrusion Prevention, CISM, Information Systems, Information System Audits, Audits, Web App Security, Web Security, CISSP, Certified Information Systems Security Professional, System Architecture, IT Systems Architecture, Software System Architecture Development, Software Development Lifecycle (SDLC), Technical Product Management, Public Speaking, Cellular, Game Theory, Application Security, Development, Agile DevOps, Agile Delivery, Agile Software Testing, Containers, Core, CAN Bus, RS-232, RS422, WiFi, Applications, Mobile Security, Coding, Secure Coding, Certified Information Systems Auditor (CISA), GIAC Certifications, Product Security, Security Research
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring