I’m Ryan, a cybersecurity researcher, penetration tester, and cloud security consultant. I’ve spent the last 13+ years doing penetration tests, red team assessments, and incident response investigations. Most of my current work is in Microsoft 365 and Azure environments focused on offensive testing, IR, and building detection capabilities.
I have a Masters in Cybersecurity and hold OSCP, OSEP, GCFA, and GREM certifications.
I speak at security conferences including Wild West Hackin’ Fest, SAINTCON, Hack Space Con, Hack Red Con, BSides Las Vegas, BSides NoVa, BSides Roanoke, and DEF CON Cloud Village. Topics I’m currently focused on: adversary deception, M365 canary tokens, device code phishing, cloud IR methodology, and anything where offense informs defense.
This blog is where I write up the research and investigations that I do. The focus is on process: not just what happened, but how we found it, the queries we ran, and the decisions we made along the way. The goal is to provide methods you can take back to your own environment.
If you want to get in touch, the best way is through LinkedIn or Twitter/X.
Disclaimer: The opinions and content here are my own and don’t reflect my employer’s views. Information is provided for educational purposes and shouldn’t be considered professional advice. I don’t assume liability for errors, omissions, or any losses resulting from the use of this information.