Our team is the foundation of our success.
Atredis Partners was created by a number of security industry veterans who wanted to prioritize offering quality and client needs over the pressure to grow rapidly at the expense of delivery and execution. A key part of that has been building one of the most recognized and highly-respected teams of security researchers and consultants in the world.
Based all over the United States and Canada, Atredis Partners team members have presented research over fifty times at the BlackHat Briefings conference in Europe, Japan, and the United States, as well as many other notable security conferences, including RSA, ShmooCon, DerbyCon, ReCon, BSides, and PacSec/CanSec. Most of our team hold one or more advanced degrees in Computer Science or engineering, as well as many other industry certifications and designations. Atredis team members have authored several books, including The Android Hacker’s Handbook, the iOS Hacker’s Handbook, Wicked Cool Shell Scripts, Gray Hat C#, and Black Hat Go.
You can read about our leadership team below, and you'll also find many of our team members on LinkedIn.
Shawn Moyer, Founding Partner and CEO
Shawn Moyer scopes, plans, and coordinates security research and consulting projects for the Atredis Partners team, including reverse engineering, binary analysis, advanced penetration testing, and private vulnerability research. As CEO, Shawn works with the Atredis leadership team to build and grow the Atredis culture, making Atredis Partners a home for some of the best minds in information security, and ensuring Atredis continues to deliver research and consulting services that exceed our client’s expectations.
Experience
Shawn brings over 25 years of experience in information security, with an extensive background in penetration testing, advanced security research including extensive work in mobile and Smart Grid security, as well as advanced threat modeling and embedded reverse engineering.
Shawn has served as a team lead and consultant in enterprise security for numerous large initiatives in the financial sector and the federal government, including IBM Internet Security Systems’ X-Force, MasterCard, a large Federal agency, and Wells Fargo Securities, all focusing on emerging network and application attacks and defenses.
In 2010, Shawn created Accuvant Labs’ Applied Research practice, delivering advanced research-driven consulting to numerous clients on mobile platforms, critical infrastructure, medical devices and countless other targets, growing the practice 1800% in its first year.
Prior to Accuvant, Shawn helped develop FishNet Security’s penetration testing team as a principal security consultant, growing red team offerings and advanced penetration testing services, while being twice selected as a consulting MVP.
Key Accomplishments
Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR and the New York Times. Shawn is a twelve-time speaker at the Black Hat Briefings and has been an invited speaker at other notable security conferences around the world.
Shawn is likely best known for delivering the first public research on social network security, pointing out much of the threat landscape still exists on social network platforms today. Shawn also co-authored an analysis of the state of the art in web browser exploit mitigation, creating the first in-depth comparison of browser security models along with Dr. Charlie Miller, Chris Valasek, Ryan Smith, Joshua Drake, and Paul Mehta.
Shawn studied English and Information Systems at Missouri University and the University of Louisiana at Lafayette, holds numerous information security certifications, and has been a frequent presenter at national and international security industry conferences.
Nathan Keltner, Founding Partner and CTO
Nathan Keltner leads, executes and coordinates advanced, custom-scoped projects for Atredis Partners. Nathan’s primary focus includes hardware reverse engineering and penetration testing, red teaming, protocol analysis and private vulnerability research.
Experience
Nathan began his security career performing penetration tests and various security assessments for a large retail corporation, later expanding his career in consulting and specialization within red team penetration testing, exploit development, and software and hardware reverse engineering. Prior to starting Atredis Partners, Nathan most recently was a Senior Research Consultant on Accuvant’s Applied Research team.
Nathan has also worked extensively as a penetration tester, helping design penetration testing methodologies and workflows as well as leading complex red team, social engineering, and attack simulation engagements, as well as numerous reverse engineering and binary analysis projects.
Nathan’s research and exploitation assessments have recently focused on server hardware and embedded appliances, such as identification of vulnerabilities in BMC, UEFI, or OS firmware in related components. Previous expertise includes study of custom RF and ZigBee smart grid infrastructures, 802.15.4 and serial retail networks, multi-function ATM hardware and software, PIN entry devices, IPTV, VoIP hardware and software stacks, and modern networking access controls and identity management systems.
Key Accomplishments
Nathan has spoken at Black Hat USA, REcon, DEF CON, and other similar conferences on topics such as researching and exploiting smart grid radio frequency systems, exploitation in ARM TrustZone, advanced analysis of purpose-built system-on-chip architectures, and exploitation under limited-access user security models on the Windows platform.
Nathan holds a Bachelor of Business Administration degree in Management Information Systems from the University of Oklahoma, has held many information security and audit certifications over the years, and has been a frequent presenter at national and international security industry conferences.
Kiston Finney, Chief Risk Officer
Kiston has experience in security leadership, as a security practitioner in the public and private sectors and as a successful security consultant. As a consultant, Kiston has delivered significant projects building information security risk management programs, comprehensive information security programs based on industry-regarded best practice, and HIPAA programs that incorporate both privacy and security and support meaningful use objectives. As a practitioner and leader, Kiston has led teams in a state-funded PAC-12 higher education institution with a health sciences division and a large regional health care system in the Information Security Office's Governance, Risk, & Compliance division. Kiston has spoken nationally on the topics of risk management and HIPAA programs.
Experience
Kiston has over 25 years of experience in multiple industries including insurance companies, financial institutions, manufacturing, energy trading, law firms, and higher education institutions, focused most recently on working for large healthcare providers, plans, and organizations serving the healthcare industry.
Prior to joining Atredis, Kiston was most recently the Manager of Governance, Risk, and Compliance and HIPAA Security Specialist in the University of Utah's Information Security Office, creating and leading a team of GRC analysts that served the institution and all of its units, including the University of Utah Health Care system. In that role Kiston built the University's risk management program from the ground up, developed a comprehensive set of information security policies that became University regulation, and acted as the HIPAA Security Rule subject matter expert.
Kiston has extensive experience in risk assessment and risk management activities, policy and procedure development, and regulatory compliance gap analysis and audit activities. Specifically, Kiston is experienced with multiple compliance and best practice frameworks including HIPAA, FERPA, GLBA, FISMA, NIST 800 series special publications, HITRUST, and ISO 27001/2.
Key Accomplishments
Kiston works with clients across industry verticals in a vCISO capacity, leading data-driven risk management programs and ensuring the right people in the organization are making informed decisions about risk and risk management.
Prior to joining Atredis Partners, Kiston successfully built a comprehensive governance, risk, and compliance program from the ground up that served a PAC-12 institution with the three distinct business missions of higher education, research, and patient care. This program progressed from level 1 maturity to level 3 maturity in less than two years, with a roadmap to level 4 maturity in a total of three years.
Kiston holds a number of advanced security and risk certifications including CISSP, ISSAP, CHSS, CRISC, CAP, HISP, ITIL Foundations, and HITRUST Certified CSF Practitioner.
Joshua Vaughn, Chief Operating Officer
Joshua Vaughn oversees the day-to-day operations of client engagements and project administration at Atredis Partners. He manages the tools and processes that successfully govern an Atredis process from conception, through delivery, and post-project follow-up, with the goal of replicating great client experiences consistently and efficiently. Joshua uses metrics gathered from operations to evolve processes as needed, and Atredis leadership uses this information to help chart the strategic course of the company.
Experience
Prior to his time with Atredis, Joshua spent nearly 7 years supporting consulting engagements at FishNet Security, now Optiv. His years as a Technical Writer afforded him the opportunity to read and edit countless security reports, written by some of the best security consultants in the industry. Later Joshua transitioned into the Project Management Office, first as a Project Analyst then as a Project Manager. Joshua has worked closely with countless clients, from start-ups to Fortune 100 organizations, across a wide variety of industry types, many times facing critical compliance deadlines and go-live dates, embracing the needs of the client and working to optimize engagement delivery and spot potential risks to project success before they arise.
Key Accomplishments
Joshua holds an undergraduate degree from Missouri State University, a master’s degree from the University of Kansas, and a Certified Associate in Project Management certification from the Project Management Institute.