Our team is the foundation of our success.

Atredis Partners was created by a number of security industry veterans who wanted to prioritize offering quality and client needs over the pressure to grow rapidly at the expense of delivery and execution. A key part of that has been building one of the most recognized and highly-respected teams of security researchers and consultants in the world.

Based all over the United States and Canada, Atredis Partners team members have presented research over fifty times at the BlackHat Briefings conference in Europe, Japan, and the United States, as well as many other notable security conferences, including RSA, ShmooCon, DerbyCon, ReCon, BSides, and PacSec/CanSec. Most of our team hold one or more advanced degrees in Computer Science or engineering, as well as many other industry certifications and designations. Atredis team members have authored several books, including The Android Hacker’s Handbook, the iOS Hacker’s Handbook, Wicked Cool Shell Scripts, Gray Hat C#, and Black Hat Go.

You can read about our leadership team below, and you'll also find many of our team members on LinkedIn.


Nathan Keltner, CTO and Cofounder

Nathan Keltner leads, executes and coordinates advanced, custom-scoped projects for Atredis Partners. Nathan’s primary focus includes hardware reverse engineering and penetration testing, red teaming, protocol analysis and private vulnerability research.


Nathan has nearly a decade of experience in the information security industry, beginning his security career performing penetration tests, web application and secure configuration assessments on an internal team at a Fortune 500 retail corporation. Nathan expanded his career in consulting and spent much of the last seven years focusing on red team penetration testing, exploit development and software and hardware reverse engineering. Nathan most recently was a Senior Research Scientist with Accuvant’s Applied Research team.

Nathan has also worked extensively as a penetration tester, helping design penetration testing methodologies and workflows as well as leading complex red-team, social engineering, attack simulation and, numerous reverse engineering and binary analysis projects.

Nathan has performed research and exploitation assessments, including reviews of complex custom RF and ZigBee smart grid infrastructures, 802.15.4 and serial retail networks, multi-function ATM hardware and software, PIN entry devices, IPTV, VoIP hardware and software stacks, and modern networking access controls and identity management systems.

Key Accomplishments

Nathan is publicly best known for his research related to reversing proprietary Smart Grid radio frequency systems and other Smart Grid research, his contributions to the Metasploit Framework and as the founder of the SecTulsa security group in Tulsa, OK.

Nathan has spoken at Black Hat USA on researching and exploiting smart grid radio frequency systems, advanced analysis of purpose-built system-on-chip architectures, and exploitation under limited-access user security models on the Windows platform.

Nathan holds a Bachelor of Business Administration degree in Management Information Systems from the University of Oklahoma, holds a number of information security and audit certifications, and has been a frequent presenter at national and international security industry conferences.


Shawn Moyer, CEO and Cofounder

Shawn Moyer leads, executes and plans advanced, custom-scoped projects including reverse engineering, binary analysis, advanced penetration testing, and private vulnerability research. Shawn also coordinates service delivery and scoping for larger engagements, and manages business development and relationships with Atredis business partners.


Shawn brings over 20 years of experience in information security, with an extensive background in penetration testing, advanced security research including extensive work in mobile and Smart Grid security, as well as advanced threat modeling and embedded reverse engineering. 

Shawn has served as a team lead and consultant in enterprise security for numerous large initiatives in the financial sector and the federal government, including IBM Internet Security Systems’ X-Force, MasterCard, a large Federal agency, and Wells Fargo Securities, all focusing on emerging network and application attacks and defenses. 

In 2010, Shawn created Accuvant Labs’ Applied Research practice, delivering advanced research-driven consulting to numerous clients on mobile platforms, critical infrastructure, medical devices and countless other targets, growing the practice 1800% in its first year.

In creating the Applied Research practice, Shawn recruited and developed a team composed of some of the greatest minds in the security industry and proved it was possible to monetize innovative security thinking in a way that didn't rely on either marketing budgets or exploit sales, ultimately resulting in the creation of Atredis Partners as the next iteration of the research-driven services model. 

Prior to Accuvant, Shawn helped develop FishNet Security’s penetration testing team as a principal security consultant, growing red team offerings and advanced penetration testing services, while being twice selected as a consulting MVP.

Key Accomplishments

Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR and the New York Times. Shawn is a ten-time speaker at the Black Hat briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada and Japan, including RSA, ShmooCon, DefCon, and SecTor.

Shawn is likely best known for delivering the first public research on social network security, pointing out much of the threat landscape still exists on social network platforms today, and demonstrating mass exploitation of several popular social networks at Black Hat and DefCon.

Shawn also co-authored an analysis of the state of the art in web browser exploit mitigation, creating the first in-depth comparison of browser security models along with Dr. Charlie Miller, Chris Valasek, Ryan Smith, Joshua Drake, and Paul Mehta. 

Shawn studied Computer and Network Information Systems at Missouri University and the University of Louisiana at Lafayette and holds a number of information security certifications.



Josh Thomas, COO and Cofounder

Josh Thomas’ specialties include advanced hardware and software reverse engineering, malware and rootkit development and discovery, and software development. Josh has extensive experience in developing secure solutions for mobile platforms and a deep understanding of cellular architecture. Josh currently holds a TS clearance, and has worked in many sensitive, cleared environments.


Josh began his career 14 years ago in network administration and software development. Prior to moving his focus primarily to security, Josh wrote Artificial Intelligence and cryptographic solutions for the Department of Defense. Josh has extensive hands on knowledge of mobile devices and cellular infrastructure. He is also dedicated to hardware reverse engineering and embedded device exploitation.

Josh most recently was a Senior Research Scientist with Accuvant’s Applied Research team, and has worked as a Senior Research Developer at The MITRE Corporation. At MITRE, Josh performed analyses of the Android, Apple, Symbian and BlackBerry security models as well as other non-mobile embedded platforms and worked closely with the vendors and project sponsors. Josh also developed an open-source mesh networking solution for Smart phone communications that bypasses the need for physical infrastructure, performed advanced spectrum analysis for cleared communications, and designed a secure satellite communications system required to handle the most sensitive communications possible while also being resilient against the highest levels of waveform interference. 

Prior to his tenure at The MITRE Corporation, Josh developed Artificial Intelligence and embedded cryptographic solutions for General Dynamics and other organizations. Josh projects including the design and development of robust routing architecture for UAV/UGV autonomous vehicles, battlefield troop movement predictive scenario generation, and creation of mathematical models the controlled de-orbit and reentry of the Mir Space Station.

Key Accomplishments

Josh is the recipient of three DARPA Cyber Fast Track grants for advanced security research, and has presented at multiple security industry conferences, including BlackHat, DefCon, DerbyCon and ToorCon. Josh is the lead developer and maintainer of the open-source SPAN mesh networking project for Android, has published and reviewed papers for IEEE, and holds a pending patent related to NAND flash memory hiding techniques.

Josh holds a Bachelor’s in Computer Science from Texas A&M University, and has been a frequent presenter at national and international security industry conferences.


HD Moore, VP, Research and Development

HD contributes to custom-scoped projects for Atredis Partners that include advanced penetration testing, binary analysis, software development, and applied research. In addition to his work at Atredis Partners, HD is a board member at Hack/Secure and an independent advisor for exceptional startups building security solutions. Prior to joining Atredis Partners, HD served as Chief Research Officer at Rapid7, a provider of security data and analytics solutions.


HD has spent the last 20 years hacking into networks, auditing software, writing exploits, developing teams, and building products, with leadership roles at Digital Defense, BreakingPoint Systems, and Rapid7. 

Key Accomplishments

HD is best known as the founder of the Metasploit Project, the foremost open source exploit development framework. Metasploit was acquired by Rapid7 in 2009 and HD built out the commercial Metasploit product line. In addition to his work on Metasploit, HD is a prolific researcher and has been a frequent speaker at security events. For a sampling of his work, please see his website at https://hdm.io/


Kiston Finney, Risk Practice Manager

Kiston has experience in security leadership, as a security practitioner in the public and private sectors, and as a successful security consultant. As a consultant, Kiston has delivered significant projects building information security risk management programs, comprehensive information security programs based on industry-regarded best practice, and HIPAA programs that incorporate both privacy and security and support meaningful use objectives. As a practitioner and leader, Kiston has led teams in a state-funded PAC-12 higher education institution with a health sciences division and a large regional health care system in the Information Security Office's Governance, Risk, & Compliance division. Kiston has spoken nationally on the topics of risk management and HIPAA programs.


While having experience in multiple industries including insurance companies, financial institutions, manufacturing, energy trading, law firms, and higher education institutions, a major focus has been working for large healthcare providers, plans, or organizations serving the healthcare industry. 

Prior to joining Atredis, Kiston was most recently the Manager of Governance, Risk, and Compliance and HIPAA Security Specialist in the University of Utah's Information Security Office, creating and leading a team of GRC analysts that served the institution and all of its units, including the University of Utah Health Care system. In that role Kiston built the University's risk management program from the ground up, developed a comprehensive set of information security policies that became University regulation, and acted as the HIPAA Security Rule subject matter expert.

Kiston has extensive experience in risk assessment and risk management activities, policy and procedure development, and regulatory compliance gap analysis and audit activities. Specifically, Kiston is experienced with multiple compliance and best practice frameworks including HIPAA, FERPA, GLBA, FISMA, NIST 800 series special publications, and ISO 27001/2.

Key Accomplishments

Kiston successfully built a comprehensive governance, risk, and compliance program from the ground up that served a PAC-12 institution with the three distinct business missions of higher education, research, and patient care. This program progressed from level 1 maturity to level 3 maturity in less than two years, with a roadmap to level 4 maturity in a total of three years.

Kiston successfully executed a FISMA compliance effort for a specialized research environment for a large multidisciplinary leader in genomic research.

Extensive experience in building HIPAA programs founded on the principles of both privacy and security, collaborating with office of general counsel to develop different entities' risk tolerance regarding the use and disclosure of protected health information in all formats, and supporting innovation in healthcare by providing counsel and risk analysis documentation to institutional review boards and meaningful use coordinators.

Kiston holds a number of audit and industry certifications including CISSP, ISSAP, CHSS, CRISC, CAP, HISP, HITRUST CSF.


Charles Holmes, Managing Principal Consultant

Charles Holmes has spent nearly the last decade working on sensitive projects for various intelligence community and military organizations. He specializes in mobile security, malware and rootkit development, and software engineering. Charles currently holds a TS/SCI clearance. 


Prior to joining Atredis Partners, Charles was a Senior Research Lead with The MITRE Corporation.  In that role, Charles led research into a variety of mobile platforms including Apple, Android, Telematics, and Blackberry. He worked directly with sponsors to field products and performed integration activities with other agencies. Charles’ primary efforts were in the reverse engineering of the Apple iPhone bootrom, bootloaders, kernel, and applications.  

Key Accomplishments

Before shifting focus to mobile security, Charles worked on a variety of projects for the Department of Defense. These projects include the next generation software for the dismounted soldier, tactical radio networking, RFID card readers, nuclear threat modeling, and a mission system that has supported over one million UAV flight hours.

Charles holds Masters and Bachelors degrees in Computer Science from the Georgia Institute of Technology, and has been a frequent presenter at national and international security industry conferences.