Carrie Roberts
Red Team Distinguished Engineer, Walmart Global Tech
Twitter: @OrOneEqualsOne, Location: Idaho
Summary:
Programmer, Web Developer,
Penetration Tester, Senior Red Team Engineer, Enterprise Technical Expert Defense Engineer. Passionate
about learning and giving back to the community. Course author and instructor
for cybersecurity classes.
Education:
2015 MS Information Security
Engineering, SANS Technology Institute
2006 MS Computer Science
with Distinction, California State University, Chico
1998 BS Mechanical Engineering,
Oregon State University
Information Security Certifications:
- GIAC Security Expert (GSE)
- GIAC Security Professional (GSP)
- GIAC Experienced Cyber Security (GX-CS)
- GIAC Experienced Intrusion Analyst (GX-IA)
- GIAC Experienced Incident Handler (GX-IH)
- GIAC Reverse Engineering Malware
(GREM)
- GIAC Certified Windows Security
Administrator (GCWM)
- GIAC Certified Penetration Tester
(GPEN)
- GIAC Certified Incident Handler
(GCIH)
- GIAC Certified Intrusion Analyst
(GCIA Gold)
- GIAC Web Application Penetration
Tester (GWAPT)
- GIAC Certified Project Manager (GCPM)
- GIAC Security Essentials (GSEC Gold)
- GIAC Information Security Fundamentals
(GISF)
- GIAC Mobile Device Analyst (GMOB)
- GIAC Certified Forensic Analyst
(GCFA)
- CompTIA
(Security+)
Work Experience:
April 2024 – Present Red Team Engineer: Distinguished Engineer, Walmart
- Red Teaming focused on e-commerce and AI platforms
2020
– Present Instructor: Attack Emulation Tools, and PowerShell for InfoSec courses, Antisyphon Training
- Course author and instructor for
16-hr Attack Emulation Tools course covering MITRE ATT&CK, Atomic
Red Team, CALDERA, VECTR and more.
- Course author and instructor for
16-hr PowerShell for InfoSec course covering logging, remoting, secure administration, attack tools, bypasses, obfuscation and more.
Feb
2019 – Mar 2024 Defense Engineer: Enterprise Technical Expert, Walmart
- Defense Research and Implementation
based on MITRE ATT&CK using the Atomic Red Team library of scripted attacks.
- Author detections in various security products.
- Mentor and train SOC Analysts on
attack emulation and detection creation.
June
2017 – Feb 2019 Senior Red Team Engineer, Walmart
- Sophisticated Red Team campaign
execution against multiple targets.
- Developed and advanced security
research on topics including password spraying and VBA Stomped Office documents
(as presented at DerbyCon).
- Encouraged and Participated in Joint
Red/Blue Team Exercises
- Contribute to Greater Community
Through Presentations, Blog Posts and Open-Source Tools
2014
– June 2017 Penetration Tester, Black Hills Information Security
- Performed a variety of Penetration
Tests including detailed reporting for customers with high satisfaction rates.
- Internal, External, Web App, Physical,
Social Engineering, Command & Control, Pivot, Mobile, POS
- Teaching Assistant for SANS
2011-2014
Web Application Developer with Focus on Security (Hewlett-Packard)
- Developed and maintained Ruby on
Rails web applications.
- Defined web application security
architecture.
2006-2010
Software Development Engineer (Hewlett-Packard)
- Developed PC software (C#), an iPhone
app (Objective-C) and printer firmware (C).
1998-2005
Hardware Design Engineer (Hewlett-Packard)
Personally Developed Open-Source Tools:
Contributor to Open-Source Tools:
Personally Developed Private Tools:
- Custom Python Script for rotating
attack source IPs through cloud provider to avoid password spray detection
- Custom password spraying scripts
to handle custom two step login forms
- PowerShell script to allow red team
to enroll a user in two-factor authentication using our own devices
- Post to Slack – A script to post
a malicious attachment to a slack channel using an API token
Recent Industry Presentations:
Blog Posts and Other Research:
Tools and Languages:
- Burp, Wireshark, Metasploit, Cobalt
Strike, PowerShell Empire, Mimikatz, Nessus, Nmap, Volatility, Bloodhound,
PowerView, Sysinternals, Kali Linux
- PowerShell, Python, Regex, C#, SQL,
KQL, Bash, Visual Basic, Yara, Java, Javascript, HTML, XML, Ruby
- Proficient with Windows, Mac and
Linux Operating Systems
Other 40+ hour training courses:
- Industrial Control Systems Cybersecurity
Training and Red/Blue Exercise (ICS Cybersecurity 301)
- Team-Based Training - Blue Team
and Red Team Dynamic Workshop (SANS
TBT570)
- Advanced Network Forensics: Threat
Hunting, Analysis, and Incident Response (SANS FOR572)
- Purple Team Tactics – Adversary
Emulation for Breach Prevention & Detection (SANS SEC699)
- Secure Coding (SANS - no longer
offered)
- Rastalabs "Hack The Box” Pro Lab (completed all the challenges)