Our team is the foundation of our success.

With offices all around the United States and Canada, Atredis Partners was created by a number of security industry veterans who wanted to prioritize offering quality and client needs over the pressure to grow rapidly at the expense of delivery and execution. We wanted to build something better, for the long haul.

Atredis Partners team members have presented research over twenty times at the BlackHat Briefings conference in Europe, Japan, and the United States, as well as other notable security conferences, delivering groundbreaking research and training on web security, embedded security, and advanced software exploitation.

We deliver the same class of confidential security research and penetration testing for our clients, focusing on everything from the Smart Grid and SCADA to next-generation mobile platforms, robotics, and medical devices.

Because of our rigorous focus on emerging markets and services, we have the luxury of choosing our clients selectively, identifying strategic partners who share our vision and passion for excellence.

You can read about our leadership team below, and you'll also find many of our team members on LinkedIn.

 
 

Nathan Keltner, Founding Partner

Nathan Keltner leads, executes and coordinates advanced, custom-scoped projects for Atredis Partners. Nathan’s primary focus includes hardware reverse engineering and penetration testing, red teaming, protocol analysis and private vulnerability research.

Experience

Nathan has nearly a decade of experience in the information security industry, beginning his security career performing penetration tests, web application and secure configuration assessments on an internal team at a Fortune 500 retail corporation. Nathan expanded his career in consulting and spent much of the last seven years focusing on red team penetration testing, exploit development and software and hardware reverse engineering. Nathan most recently was a Senior Research Scientist with Accuvant’s Applied Research team.

Nathan has also worked extensively as a penetration tester, helping design penetration testing methodologies and workflows as well as leading complex red-team, social engineering, attack simulation and, numerous reverse engineering and binary analysis projects.

Nathan has performed research and exploitation assessments, including reviews of complex custom RF and ZigBee smart grid infrastructures, 802.15.4 and serial retail networks, multi-function ATM hardware and software, PIN entry devices, IPTV, VoIP hardware and software stacks, and modern networking access controls and identity management systems.

Key Accomplishments

Nathan is publicly best known for his research related to reversing proprietary Smart Grid radio frequency systems and other Smart Grid research, his contributions to the Metasploit Framework and as the founder of the SecTulsa security group in Tulsa, OK.

Nathan has spoken at Black Hat USA on researching and exploiting smart grid radio frequency systems, advanced analysis of purpose-built system-on-chip architectures, and exploitation under limited-access user security models on the Windows platform.

Nathan holds a Bachelor of Business Administration degree in Management Information Systems from the University of Oklahoma, holds a number of information security and audit certifications, and has been a frequent presenter at national and international security industry conferences.

 
 

Shawn Moyer, Founding Partner

Shawn Moyer leads, executes and plans advanced, custom-scoped projects including reverse engineering, binary analysis, advanced penetration testing, and private vulnerability research. Shawn also coordinates service delivery and scoping for larger engagements, and manages business development and relationships with Atredis business partners.

Experience

Shawn brings over 20 years of experience in information security, with an extensive background in penetration testing, advanced security research including extensive work in mobile and Smart Grid security, as well as advanced threat modeling and embedded reverse engineering. 

Shawn has served as a team lead and consultant in enterprise security for numerous large initiatives in the financial sector and the federal government, including IBM Internet Security Systems’ X-Force, MasterCard, a large Federal agency, and Wells Fargo Securities, all focusing on emerging network and application attacks and defenses. 

In 2010, Shawn created Accuvant Labs’ Applied Research practice, delivering advanced research-driven consulting to numerous clients on mobile platforms, critical infrastructure, medical devices and countless other targets, growing the practice 1800% in its first year.

In creating the Applied Research practice, Shawn recruited and developed a team composed of some of the greatest minds in the security industry and proved it was possible to monetize innovative security thinking in a way that didn't rely on either marketing budgets or exploit sales, ultimately resulting in the creation of Atredis Partners as the next iteration of the research-driven services model. 

Prior to Accuvant, Shawn helped develop FishNet Security’s penetration testing team as a principal security consultant, growing red team offerings and advanced penetration testing services, while being twice selected as a consulting MVP.

Key Accomplishments

Shawn has written on emerging threats and other topics for Information Security Magazine and ZDNet, and his research has been featured in the Washington Post, BusinessWeek, NPR and the New York Times. Shawn is a ten-time speaker at the Black Hat briefings, and has been an invited speaker at other notable security conferences in the US, China, Canada and Japan, including RSA, ShmooCon, DefCon, and SecTor.

Shawn is likely best known for delivering the first public research on social network security, pointing out much of the threat landscape still exists on social network platforms today, and demonstrating mass exploitation of several popular social networks at Black Hat and DefCon.

Shawn also co-authored an analysis of the state of the art in web browser exploit mitigation, creating the first in-depth comparison of browser security models along with Dr. Charlie Miller, Chris Valasek, Ryan Smith, Joshua Drake, and Paul Mehta. 

Shawn studied Computer and Network Information Systems at Missouri University and the University of Louisiana at Lafayette and holds a number of information security certifications.

 
 

 

Josh Thomas, Founding Partner

Josh Thomas’ specialties include advanced hardware and software reverse engineering, malware and rootkit development and discovery, and software development. Josh has extensive experience in developing secure solutions for mobile platforms and a deep understanding of cellular architecture. Josh currently holds a TS clearance, and has worked in many sensitive, cleared environments.

Experience

Josh began his career 14 years ago in network administration and software development. Prior to moving his focus primarily to security, Josh wrote Artificial Intelligence and cryptographic solutions for the Department of Defense. Josh has extensive hands on knowledge of mobile devices and cellular infrastructure. He is also dedicated to hardware reverse engineering and embedded device exploitation.

Josh most recently was a Senior Research Scientist with Accuvant’s Applied Research team, and has worked as a Senior Research Developer at The MITRE Corporation. At MITRE, Josh performed analyses of the Android, Apple, Symbian and BlackBerry security models as well as other non-mobile embedded platforms and worked closely with the vendors and project sponsors. Josh also developed an open-source mesh networking solution for Smart phone communications that bypasses the need for physical infrastructure, performed advanced spectrum analysis for cleared communications, and designed a secure satellite communications system required to handle the most sensitive communications possible while also being resilient against the highest levels of waveform interference. 

Prior to his tenure at The MITRE Corporation, Josh developed Artificial Intelligence and embedded cryptographic solutions for General Dynamics and other organizations. Josh projects including the design and development of robust routing architecture for UAV/UGV autonomous vehicles, battlefield troop movement predictive scenario generation, and creation of mathematical models the controlled de-orbit and reentry of the Mir Space Station.

Key Accomplishments

Josh is the recipient of three DARPA Cyber Fast Track grants for advanced security research, and has presented at multiple security industry conferences, including BlackHat, DefCon, DerbyCon and ToorCon. Josh is the lead developer and maintainer of the open-source SPAN mesh networking project for Android, has published and reviewed papers for IEEE, and holds a pending patent related to NAND flash memory hiding techniques.

Josh holds a Bachelor’s in Computer Science from Texas A&M University, and has been a frequent presenter at national and international security industry conferences.

 
 

HD Moore, VP, Research and Development

HD contributes to custom-scoped projects for Atredis Partners that include advanced penetration testing, binary analysis, software development, and applied research. In addition to his work at Atredis Partners, HD is a board member at Hack/Secure and an independent advisor for exceptional startups building security solutions. Prior to joining Atredis Partners, HD served as Chief Research Officer at Rapid7, a provider of security data and analytics solutions.

Experience

HD has spent the last 20 years hacking into networks, auditing software, writing exploits, developing teams, and building products, with leadership roles at Digital Defense, BreakingPoint Systems, and Rapid7. 

Key Accomplishments

HD is best known as the founder of the Metasploit Project, the foremost open source exploit development framework. Metasploit was acquired by Rapid7 in 2009 and HD built out the commercial Metasploit product line. In addition to his work on Metasploit, HD is a prolific researcher and has been a frequent speaker at security events. For a sampling of his work, please see his website at https://hdm.io/

 
 

Tim West, Chief Risk Officer

Tim delivers large-scale projects rebooting security programs in multibillion-dollar organizations and engaging in high-profile projects, including US Federal Corrective Action Plans. As a practitioner and leader, Tim led multiple security teams at a Fortune 25 healthcare organization responsible for Threat & Vulnerability Management and Governance, Risk, & Compliance. Tim has spoken nationally on topics of compliance and technical security, medical devices, and other research topics including cyber security insurance practices. 

Experience

Tim has worked in communications, technology, finance, insurance, and technology industries, with a recent focus on large healthcare providers, plans, and organizations serving the healthcare industry.  

Prior to joining Atredis, Tim was most recently Practice Manager in Accuvant’s Enterprise Risk & Compliance practice leading a team of consultants with a focus to healthcare clients. In that role Tim grew the practice from himself to 10 top professionals in the field with projects supporting clients representing over 100 hospitals, benefit programs including 20 million Americans, major pharmaceutical and retail pharmacy chains, as well as non-healthcare Fortune 1000 organizations. 

Tim has extensive experience in audit response and risk management processes, vulnerability assessment, penetration testing and response. Tim is also experienced with multiple compliance frameworks including HIPAA, HITECH, PCI-DSS, ISO 27001/2, Sarbanes-Oxley, SAS70, FISMA, FedRAMP, and DIACAP. 

Key Accomplishments

Tim successfully delivered to quality and schedule the federal Corrective Action Plan (CAP) for one of the largest HIPAA fines on record. This included an enterprise risk assessment and program development deliverables for most facets of information security in multi-billion dollar organization. 

Tim successfully executed a FISMA compliance effort for a specialized research environment for one of the largest state universities in the US. 

Tim managed a team responsible for executing Department of Defense compliance to DIACAP standards for a multi-billion dollar contract. He successfully achieved Authority to Operate for an infrastructure including over 2500 devices. DIACAP was one of the pre-NIST RMF certification authorization activities for DoD agencies. 

Tim is a member of the organization that created the Executive Council of the Health Information Trust Alliance (HITRUST), an organization formed to provide leadership and a common security framework for healthcare organizations. 

Tim has extensive experience in mergers and acquisitions, including integration of two Fortune 50 organizations as well as multiple organizations with revenues of over one hundred million per year. Tim helped integrate security engineering teams, security/compliance frameworks, and merged client security requirements. 

Tim holds a Bachelors of Science in Business Administration from Southern Illinois University Edwardsville, and was his graduating class’ Commencement Speaker. Tim has been a frequent presenter at national and international security industry conferences.

 
 

Charles Holmes, Managing Principal Consultant

Charles Holmes has spent nearly the last decade working on sensitive projects for various intelligence community and military organizations. He specializes in mobile security, malware and rootkit development, and software engineering. Charles currently holds a TS/SCI clearance. 

Experience

Prior to joining Atredis Partners, Charles was a Senior Research Lead with The MITRE Corporation.  In that role, Charles led research into a variety of mobile platforms including Apple, Android, Telematics, and Blackberry. He worked directly with sponsors to field products and performed integration activities with other agencies. Charles’ primary efforts were in the reverse engineering of the Apple iPhone bootrom, bootloaders, kernel, and applications.  

Key Accomplishments

Before shifting focus to mobile security, Charles worked on a variety of projects for the Department of Defense. These projects include the next generation software for the dismounted soldier, tactical radio networking, RFID card readers, nuclear threat modeling, and a mission system that has supported over one million UAV flight hours.

Charles holds Masters and Bachelors degrees in Computer Science from the Georgia Institute of Technology, and has been a frequent presenter at national and international security industry conferences.