About Jason

I’ve spent 18 years in cybersecurity. For the past several years that’s meant one of three things: simulating an attack before a real one happens, actively hunting for threat actors, or responding to a ransomware incident at 2am.

As a cybersecurity consultant and Team Lead at Lockstep Technology Group, I lead penetration testing, assumed breach engagements, and incident response across a range of industries. When ransomware hits, I’m typically on the phone within hours, guiding organizations through identification, containment, eradication, and recovery during the most stressful 48 to 72 hours of their IT team’s careers.

On the offensive side, I design and execute assumed breach scenarios that go beyond checkbox compliance, uncovering the real-world attack paths threat actors actually use. I hold the GIAC Security Expert (GSE) certification and a combination of degrees that reflects how I approach the work: a Master of Science in Information Security Engineering from the SANS Technology Institute and a Bachelor of Science in Information Systems and Decision Sciences from Louisiana State University. The technical depth and the business context tend to go hand in hand when you’re advising organizations on security decisions that have real operational and financial consequences.

I’ve also published research on offensive techniques involving Windows crash dumps, an area most defenders overlook and most attackers haven’t thought to exploit yet.

What I work on day to day: Penetration Testing · Assumed Breach Scenarios · Incident Response · Digital Forensics (DFIR) · Security Architecture · Threat Hunting · Vulnerability Assessment · Ransomware Response · Endpoint Security · PowerShell Automation · Security Advisory

If you’re a business evaluating your security posture, a CISO looking for a trusted offensive security partner, or just want to talk shop about DFIR and assumed breach techniques, let’s talk!