Nathan McFeters

Current

• Zero Day Security Blogger at ZDNet
• Senior Security Advisor at Ernst & Young, LLP

Past

• Lead Database Programmer at Auxiliary Enterprises
• System Administrator at Western Michigan University - Research Assisstantship
• Lead Programmer at Western Michigan University - Research Assisstantship

• Co-Founder/Consultant at Solstice Network Securities
• Lead Database Programmer at Auxiliary Enterprises

see less...

2 more...

Education

• Western Michigan University
• Jackson Community College

Recommended

8 people have recommended Nathan

Connections

192 connections

Industry

Computer & Network Security

Websites

• My Blog
• My Blog
• My Blog

Nathan McFeters’s Summary

Self-motivated individual, driven to provide clients with high-quality security assessments. I enjoy researching security related topics and programming tools that allow me to perform my testing more efficiently.

Nathan McFeters’s Specialties:

Public Speaking :: DEFCON 15, HITB 2007 Malaysia, ToorCon 9, Black Hat Japan 2007, Black Hat Federal 2008, Black Hat Europe 2008

Certifications :: CISSP, SANS GSEC, SANS GWAS

Languages :: Java, C#, JSF, JSP, ASP.NET, XML, Perl, C/C++, Python.

Databases :: Experience using and attacking a wide variety of DB servers, including MS SQL, MySQL, Oracle, Sybase, etc.

Software :: Visual Studio .NET 2005, Java Sun One Studio, Anjuta, Visual Perl .NET

Nathan McFeters’s Experience

• Zero Day Security Blogger

  ZDNet

  (Public Company; 501-1000 employees; ZDZ; Online Media industry)

  February 2008 — Present (6 months)

  I'm one of three bloggers (Larry Dignan and George Ou) that handle the Zero Day Security blog for ZDNet. Here I focus on providing highly technical insight into the latest rumblings in industry and the hacking scene. Originally I was brought on to do guest postings of some of the interesting research I had been involved in and to cover the Black Hat Federal event. After doing a couple of successful stories, former Zero Day blogger Ryan Naraine suggested Larry and George bring me on full time and it's been a lot of fun contributing. The blog gives me a great outlet to talk about my research and all that is new and cool in security, hacking, and technology.

• Senior Security Advisor

  Ernst & Young, LLP

  (Partnership; 10,001 or more employees; Computer & Network Security industry)

  March 2005 — Present (3 years 5 months)

  Served as the engagement manager for the ASC’s largest client. Lead a team of 8-12 people with diverse backgrounds and skill sets to provide the highest quality black box web application assessments. Managed budget, resources, quality, client interaction, and schedule for approximately 200 separate engagements this year alone. Developed the relationship with the client to one of trust, mutual growth, and friendship by consistently going above and beyond the client expectations.
  
  Specialized in web application testing and used my diverse programming background to participate in and lead, several grey box web application assessments. Discovered thousands of security flaws across a broad spectrum of technologies including Java, .NET, ColdFusion, PHP, CGI, Citrix based applications, and thick client applications. Participated in and lead teams that developed several proprietary tools used by the ASC.

• Lead Database Programmer

  Auxiliary Enterprises

  (Computer & Network Security industry)

  2000 — 2006 (6 years)

• System Administrator

  Western Michigan University - Research Assisstantship

  (Educational Institution; Myself Only; Computer & Network Security industry)

  April 2004 — January 2005 (10 months)

  Installed, Secured, and Maintained a network of various operating systems and services. Hands-on work installing, configuring, and securing Solaris 8/9, Fedora 2, Gentoo Linux, Windows XP, and Windows 2000 machines. Setup and configured a postfix mail server
  with SpamAssassin. Setup and configured NFS and NIS+ for a network of Solaris 8/9 machines. Setup a ghost server for remote backup and reinstall of Windows XP and Windows 2000 systems. Applied NSA recommended patches for securing Windows XP and Windows 2000. Followed SANS guidelines for hardening Solaris 8/9 and Linux servers. Performed full-scale penetration test of the network. Created policies and guidelines for keeping the network secure, as well as secure computing for users

• Lead Programmer

  Western Michigan University - Research Assisstantship

  (Educational Institution; Myself Only; Computer Software industry)

  April 2003 — January 2005 (1 year 10 months)

  Lead Programmer of the ATE Program Evaluation Project, one part of a larger effort to assess the impact and effectiveness of the NSF's Advanced Technological Education program. As Lead Programmer, was responsible for creating a GUI based system, which creates an XML survey description, and an application that translates the XML into web pages and databases to run the survey. Made several key design decisions, and worked closely with the client in order to ensure conformance to specified requirements.

• Co-Founder/Consultant

  Solstice Network Securities

  (Partnership; 1-10 employees; Computer & Network Security industry)

  July 2002 — July 2003 (1 year 1 month)

  Co-founder of Solstice Network Securities, a company created to serve Western Michigan University (WMU) and the surrounding area with computer security advisory services. Performed vulnerability assessment and penetration testing along with detailed design analysis of client networks and applications. Conducted research into bypassing Intrusion Detection Systems. Helped to create a more security aware community at WMU thru community projects, including an online security guide, for which we received WMU’s James Sleep Award for the most Outstanding Community Project related to Computer Science.

• Lead Database Programmer

  Auxiliary Enterprises

  (Non-Profit; 11-50 employees; Computer Software industry)

  September 2001 — April 2003 (1 year 8 months)

  Worked with a team of goal-oriented programmers focused on establishing an effective web presence for twenty-seven managed departments. Responsible for developing and maintaining dynamic, database-driven web applications using ASP and SQL Server 2000. Designed, developed, and delivered a database for a web application that saved the WMU Bookstore four weeks worth of manpower. Initiated an effort to improve security and prevent attacks against the company’s two web servers and database server. Created and implemented policies to support security requirements.

Nathan McFeters’s Education

• Western Michigan University

  Masters of Science, Computer Science, Theory and Analysis, 2000 — 2005

• Jackson Community College

  A.S., Computer Science, 1998 — 2001

Additional Information

Nathan McFeters’s Websites:

• My Blog
• My Blog
• My Blog

Nathan McFeters’s Interests:

my beautiful girlfriend and her hilarious daughter, blogging, new tech, acoustic guitar, travel, snowboarding, PS3, the beach, great beer

Nathan McFeters’s Groups:

CISSP. SANS GSEC, SANS GWAS, HackInTheBox Malaysia 2007, Black Hat Speakers

•    Certified Information Systems Security Professionals (CISSP) member
•    Obama for America member
•    Black Hat Speakers member
•    Black Hat member
•    Information Security Community member
•    Speakers and Panelists member
•    Ethical Hackers Community member
•    DEFCON member
•    Security Bloggers Network member
•    GNUCITIZEN Partners & Friends member

Nathan McFeters’s Contact Settings

Interested In:

• career opportunities
• consulting offers
• new ventures
• job inquiries
• expertise requests
• reference requests
• getting back in touch