Tom Ervin - Offensive Security Leadership

Professional Summary

Tom is a cybersecurity veteran with over a decade and a half of progressive experience building and leading offensive security programs that measurably reduce risk. He has developed multiple successful Red Teams at Fortune 500 companies and implemented security controls that protected a trading platform from multiple rounds of targeted nation state attacks. Tom has helped multiple blue teams with continual self-improvement, focusing on effective playbooks, processes, and resiliency of detective and preventative controls. He specializes in C2 infrastructure, offensive cloud security, and Active Directory exploitation. Tom has championed security metrics and frameworks that translate technical findings into actionable business advice. Tom is passionate about mentoring security talent and has presented at multiple industry conferences on effective Red Team operations.

Training

Education

Bachelor of Science

Network Administration & Database Administration

University of Cincinnati

Key Skills

Security Leadership
Offensive Security metrics and reporting
MITRE ATT&CK Framework
Threat Intelligence
Adversary Emulation
Breach & Attack Simulation/Red Team Automation
Purple Team Exercises
Advanced C2 Infrastructure
Active Directory Security
Cloud Security (AWS/Azure)
Zero Trust Architecture
OSINT & Phishing
Anti-investigation techniques
Sandbox Evasion

Experience

Offensive Security/Red Team Lead

F500 Manufacturing Company [CONFIDENTIAL]

March 2024 - Present

Leads offensive security to identify weaknesses in systems, controls, and procedures
Implements automated, repetitive regression testing of many security controls
Assists with implementing canary tokens and other intrusion detection capabilities
Works with Active Directory and Entra teams to identify and mitigate account takeover techniques including ADCS, token theft, credential relaying, among others
Supports zero trust initiative testing and validation
Provides EDR configuration and implementation guidance

Director of Cyber Security

Skolem

December 2021 - March 2024

Led comprehensive cybersecurity program for a DeFi trading platform
Implemented security controls for endpoints, cloud, and DeFi contract security
Deployed application allowlisting to strengthen endpoint protection
Provided oversight for secure development practices including CI/CD
Implemented comprehensive patch management processes
Deployed network access controls and robust log collection systems
Created and administered internal security awareness training program
Implemented zero-touch deployment to enforce endpoint security standards
Established and led Digital Forensics and Incident Response capabilities

Red Team Technical Lead and Founding Member

Principal Financial Group

January 2019 - June 2022

Led the development of Principal Financial's internal Red Team
Developed internal reporting, read-out, and meeting formats
Established team documentation and operational standards
Designed and managed C2 and payload delivery infrastructure
Developed and provided tabletop exercises and purple team events
Ensured Red Team adherence to legal, regulatory, and internal standards
Assisted with scoping and directing third-party testing and remediation
Improved blue team capabilities through enhanced IR playbooks and processes
Identified vulnerabilities in password quality, AD security, and cloud privilege escalation

Red Team Founding Member

Northern Trust Corporation

July 2015 - December 2018

Established threat intelligence-driven attacks to evaluate cybersecurity defenses
Designed and managed Red Team infrastructure including C2 and content delivery servers, password cracking equipment, and endpoint testing standard images
Led post-exploitation and exfiltration operations for realistic threat simulation
Created malleable C2 profiles for enhanced threat replication and defense evasion
Built and supervised specialized password cracking infrastructure
Managed ongoing reconnaissance efforts, leading to multiple covert Operations

Sr. Penetration Tester and Manager

Plante Moran, PLLC

October 2010 - July 2015

Achieved complete Active Directory compromise at over 100 financial institutions
Revamped penetration testing methodology, tooling, and reporting procedures
Implemented specialized attack paths targeting AD, physical security, and social engineering
Developed custom internal security assessment tools for the consulting team
Led knowledge sharing program to improve team-wide offensive security capabilities

President

SMB IT Solutions

February 2010 - November 2010

Founded and led IT consultancy specializing in open source business solutions
Implemented server platforms and remote support systems for SMB clients

Systems Administrator

Plante Moran, PLLC

2006 - February 2010

Managed systems administration, LDAP, and enterprise virtualization initiatives
Designed disaster recovery systems that led to the creation of Linbit's DRBD-Proxy
Developed encrypted portable file server with cellular routing and snapshotting

Community Involvement

Cobalt Strike Beta Tester (Feb. 2012+)
BSides Chicago (2012-2016)
BurbSec Core Staff (2013+)
Hak4Kidz (2015-2019)
CircleCityCon CTF (2018-EOL)
Blue Team Con CTF (2022+)
BSides312 (2024+)