Joseph Rach

An open-community, open-source project.

Customized Linux, loaded with tools that are validated for correct operation and configuration upon build. A new tool called Aplomado Hunter™ blends heuristics, fuzzy logic, machine learning, and direct behavioral observation to discover and report network-based IoT devices and systems.

Features
• Hours of free online educational material.
• An open blog for the community to share.
• Always open and always free.

Presented embedded systems exploitation at Healthcare Cybersecurity Symposium hosted by CERT in Pittsburg. The CERT division is a leader in cybersecurity that partners with government, industry, law enforcement, and academia to improve the security and resilience of computer systems and networks.

Served on the panel discussion for the Dulles Regional Chamber of Commerce broadcast event and presented Hacked! When will your luck run out?

The Dulles Regional Chamber of Commerce is an innovation gateway where business leaders collaborate to design, develop, and share ideas to make the Dulles Region a center for business and community growth.

Mobile opens a unique, low-cost opportunity for attackers of all skill levels to access a system potentially. Unlike internet addresses, a physical proximity of around five miles is required; however, that also provides an advantage. This makes it harder to detect an attack or even track one down after the fact.

Often security models of products generalize the mechanisms used for communications. This can cause designs to become reliant on assumed security features, and cellular is not immune to this.

Web application penetration test, an external internet-based penetration test, or an internal-trusted penetration test. This is our strength and, not surprisingly, our 2nd-most popular offering.

We assess nearly anything connected at hardware, software, firmware, radio, and web cloud infrastructure levels using a strictly BlackBox or a more trusted, near-white-box approach.

Supported several multi-million dollar development projects and developed Secure Systems Development Life Cycles for multiple clients. We are uniquely positioned to bring your systems development to the next level.

As a highly skilled and experienced security architect, I led the security efforts for a smart connected elevator product. In that role, I designed, developed, and implemented security strategies, policies, and procedures for our product to ensure its safety and reliability.

RESPONSIBILITIES
• Conducted risk assessments and provided recommendations for mitigating potential threats and vulnerabilities.
• Developed and implemented secure architecture and design patterns for the smart connected elevator product.
• Worked closely with cross-functional teams, including engineering, product management, and quality assurance, to ensure security was embedded into all the stages of the development lifecycle.
• Conducted security testing and validated the effectiveness of security measures implemented in the product.
• Stayed up-to-date with emerging security threats and trends and evaluated their impact on the smart connected elevator product.
• Provided guidance and training to other team members on security best practices and ensured their adherence to security policies and procedures.
• Managed security incidents and responded to them in a timely and effective manner.
• Participated in security audits and compliance reviews.

As a security engineer and assessor for a smart connected transportation refrigeration product, I designed, implemented, and assessed the security measures of transportation refrigeration units connected to smart networks. I worked with the development and operations teams to ensure the products were secure and met industry standards.

RESPONSIBILITIES
• Developed and implemented security measures for transportation refrigeration products connected to smart networks.
• Conducted security assessments of transportation refrigeration products to identify vulnerabilities and potential threats.
• Collaborated with cross-functional teams, including developers, engineers, and project managers, to ensure that security was integrated into the development and operations processes.
• Provided guidance and expertise on secure coding practices, threat modeling, and secure design principles.
• Ensured that the company's transportation refrigeration products met relevant industry standards and regulations, including NIST, ISO, IEC, and others.
• Maintained up-to-date knowledge of security technologies, trends, and practices.

As the security architect and penetration tester, I designed and implemented security measures to protect the products' and customers' data. I worked closely with our development team to ensure that the products were secure by design and developed using secure coding practices. Additionally, I performed penetration testing to identify and address vulnerabilities in the product.

RESPONSIBILITIES
• Developed and maintained the security architecture of our industrial machine remote monitoring and GPS tracking products.
• Collaborated with the development team to ensure that our products were secure by design and implemented secure coding practices.
• Performed regular penetration testing to identify and address any vulnerabilities in our products.
• Implemented security measures to protect our customers' data and ensured they complied with industry standards.
• Stayed up-to-date with the latest security threats and trends and adjusted our security practices accordingly.
• Collaborated with customers and partners to ensure that our products integrated seamlessly with their security measures.
• Provided guidance and training to the development team on security best practices.