Jacob Larsen
Jacob Larsen

Offensive Security - Managing Consultant

I am an experienced managing security consultant and published threat researcher with 7+ years leading offensive security and application security engagements across enterprises. I thrive in greenfield environments where I have the autonomy and leadership to build systems and processes from scratch, as well as governance models to ensure consistent repeatability.

At CyberCX, I’m the technical capability lead of 50+ offensive security service offerings. I’m responsible for overseeing all research and development, improving tooling and methodology across penetration testing, technical assessments and application security. I’m customer oriented, and eager to work collaboratively end-to-end, from initial vulnerability identification, to technical remediation and risk mitigation.

I like taking an intelligence-led approach to all security work. I’ve published threat intelligence reports with a broad coverage of the threat landscape, including ransomware affiliates, initial access brokers, youth-led cyber crime, and nihilistic violent extremist groups.

Experience

  1. Managing Consultant - Security Testing & Assurance

    CyberCX
    Additional responsibilities: Service Capability Lead
  2. Team Lead - Security Testing & Assurance

    CyberCX
  3. Manager - Governance, Risk & Compliance

    CyberCX
  4. Intelligence Analyst - Digital Forensics, Incident & Response

    CyberCX
    (secondment)
  5. Defensive Security Specialist

    Diamond Cyber Security

Education

  1. Bachelor of Counterterrorism, Security and Intelligence

    Edith Cowan University
  2. Investigating Windows Memory (Gold)

    13Cubed
    View Certificate
  3. Investigating Windows Endpoints (Gold)

    13Cubed
    View Certificate
  4. Certified Red Team Operator (CRTO)

    Zero Point Security
    View Certificate
  5. Offensive Security Certified Professional (OSCP)

    Offensive Security
    View Certificate
  6. Burp Suite Certified Practitioner (BSCP)

    PortSwigger
    View Certificate
  7. Certified Information Systems Security Professional (CISSP)

    ISC2
    View Certificate
Skills
Technical
Cyber Threat Proficiency

Excellent understanding of infrastructure, malware, execution chains and evasion techniques used by threat actors.

Adversary Tradecraft

Practical experience as an offensive security lead, exploiting vulnerabilities, performing privilege escalation and lateral movement.

Enterprise IT Network Design

Experience from architecting a hybrid on-prem and cloud based Defence secure research enclave.

Open Source Intelligence

Domain expert in OSINT investigations for ultra-high net worth family offices.

Professional
Critical Thinking

Investigative mindset to understand complex problems, develop intuition and identify out-of-the-box solutions.

Communication

Confidence to tailor communication style to a wide range of stakeholders, from engineers to chief information security officers.

Leadership

Strong emotional intelligence to foster a collaboratige culture, embracing diversity.

Writing

5+ years experience generating high quality client deliverable for executive and technical audiences.