Profiles search

Tod Beardsley

Cybersecurity & Infrastructure Security Agency (CISA)
Austin, TX, United States

Details

Education: Bachelor of Science (BS)

Information Technology Management

Western Governors University

2012 : 2013



Computer Science

Austin Community College

2007 : 2009



Computer Science

University of Pittsburgh

1994 : 1995

Never actually enrolled

Computer Science

Carnegie Mellon University

1993 : 1996



Pre-Law

Univeristy of Redlands

1992 : 1993
Experience: At CISA, I am responsible for analyzing and articulating the risk associated with a wide variety of technical vulnerabilities as part of the mission of the the Cybersecurity Division (CSD). The most public output of this work is the Known Exploited Vulnerabilities (KEV) catalog. I also provide written and presented materials on various unexploited (but high risk) vulnerabilities, general security best practices, and ground truth about the state of various deployed technologies.

As team lead, I also provide mentorship and leadership on building CSD's techniques and tooling for understanding and communicating salient facts about vulnerabilities and their impact on various United States federal agencies, critical infrastructure industries, and the internet at large.

2023 : Present

Cybersecurity and Infrastructure Security Agency

Cybersecurity Specialist

I am the primary researcher, narrator, audio engineer, social media manager, and co-host of the internationally tolerated and award shunning podcast, Podsothoth : A Lovecraft Book Club. Each pair of episodes features a reading of a short story written by H.P. Lovecraft, followed by a discussion episode featuring my regular co-host, Claire Reynolds.

Podsothoth is the flagship brand of the Huge Success digital media portfolio.

2020 :

Huge Success, LLC

Podcaster

I was the Director of Research at Rapid7, where I managed a team of software engineers that maintained and enhanced Rapid7's internet telemetry infrastructure. I also managed software vulnerability research efforts, handled vulnerability disclosures, and contributed to Rapid7's data science-driven research projects. Finally, I was the primary spokesperson for Rapid7 on security and research topics in the media.

Prior to my director role at Rapid7, I was the technical engineering manager for the open source Metasploit project, and prior to that, I was one of the core developers on both the open source framework and the commercial Metasploit Express and Metasploit Pro offerings. I still occasionally contribute code to Metasploit Framework as well as other open source projects.

2010 : 2023

Rapid7, Inc.

Director of Research

My main focus at BreakingPoint was to research, reverse, and implement both open and proprietary network application protocols for our award-winning network modeling products. I also researched and developed exploits for network vulnerabilities for BreakingPoint Strike Packs. Occasionally, I discovered new and novel vulnerabilities across a range of technologies. I also contributed to the open source Metasploit Framework, mostly in the pure-Ruby implementations of various protocols, with the occasional exploit or auxiliary module useful for general penetration testing.

2008 : 2010

BreakingPoint Systems

Lead Application Protocol Engineer

At TippingPoint, I was the lead engineer for the Digital Vaccine group, where I led a team of engineers in researching and creating Intrusion Prevention System (IPS) signatures to catch malicious activity over the network. I was also involved in the creation of the Zero Day Initiative, one of the first successful bug bounty programs launched in the industry, as well as worked to maintain our technical capabilities and integrity through our acquisition by 3Com in 2005 and the (failed) H3C joint venture escapade between Huawei and 3Com.

2004 : 2008

TippingPoint

Digital Vaccine Engineer
Company: Cybersecurity and Infrastructure Security Agency
Years of Experience: 27

Skills

+3 To-Hit Versus Orcs, Application Security, Audio Engineering, Breathing, Computer Forensics, Computer Networking, Computer Security, Cryptography, Ethical Hacking, Federal Government, Git, Github, IDS, Information Security, Information Technology, Internet Protocol Suite (TCP/IP), Internet Security, Intrusion Detection, IPS, Leadership, Linux, Literacy, Management, Metasploit, Networking, Network Security, Open-Source Development, Penetration Testing, Pharmaceutical Sales, Pickles, Plan 9, Podcasting, Project Management, Public Speaking, Reverse Engineering, Ruby, Ruby on Rails, Running Into the 50 Skill Cap on LinkedIn And So I Guess I've Reached Peak Skills, Security, Security Awareness, Social Media, Software Development, TCP/IP, TCP/IP stack, Technical Leadership, Vision, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Heat Vision, 3 To-Hit Versus Orcs

About

Generally, I'm an accomplished researcher, writer, and leader in technical security. I'm also a manager, hacker, open source maintainer, conference organizer, blogger, and podcaster.



These days, I concentrate on coordinated vulnerability disclosure (CVD), public infrastructure security (primarily election, transportation, and medical systems), and internet-wide threat analysis. My current position on the CVE Board lets me pursue these interests in a volunteer capacity.



In the past, I've been involved in intrusion prevention, vulnerability assessment and identification, anti-fraud/anti-phishing countermeasures, penetration testing and compliance auditing, intrusion detection and response, protocol analysis, and host hardening.