Dave Kennedy Headshot
Report a problem with this profile
[email protected]

Dave Kennedy    

Founder of Binary Defense & TrustedSec

Dave Kennedy is on a mission to advance the cybersecurity industry on a global scale. As Binary Defense Co-Founder and Chief Hacking Officer, his experience and expertise guide cybersecurity solutions, including the development of proprietary managed detection and response technology. Named one of the Top 10 IT Security Influencers in the World by CISO Platform, Kennedy has more than 20 years of experience in the security industry.

Prior to forming Binary Defense, Kennedy founded TrustedSec, an information security consulting company located in Fairlawn, Ohio. The company specializes in attack simulations with a focus on strategic risk management. Kennedy previously worked as the Chief Security Officer for Diebold Incorporated, an international Fortune 1000 company, where he developed a global security program that handled all aspects of information security and risk management.

Before his work in the private sector, Kennedy served in the United States Marine Corps, and he made two tours in Iraq. He specialized in cyber warfare and forensics analysis activities for the U.S. intelligence community.

As an author and creator of several open-source tools, Kennedy has made his mark on the cybersecurity industry. He was a founding member of the Penetration Testing Execution Standard, which has been adopted by the Payment Card Industry and the Data Security Standard Guidelines for Penetration Testing. He co-authored "Metasploit: The Penetration Tester's Guide" and co-created the Penetration Testing Execution Standard. He created the Social Engineer Toolkit, the PenTesters Framework, the Magic Unicorn Exploitation Framework, Artillery, and Fast-Track.

Kennedy has appeared as a guest on multiple news networks, including Fox News, CNN, CNBC, and MSNBC. His tools have also been featured on the History Channel and the popular USA Network television series Mr. Robot, where he assisted with content.

As a recognized leader in the industry, Kennedy has presented at international security conferences, including Microsoft’s Bluehat, DEF CON, Blackhat, and Grace Hopper. He is also the co-founder of DerbyCon, a nine-year-old large-scale security conference in Louisville, Kentucky.

In addition to his formal achievements, Kennedy donates his time and wisdom by speaking with civic leaders and students about the importance of security. Bedford High School, Kennedy’s alma mater, named its Kennedy Center for Gaming and Leadership in his honor.

Speech Topics


Abnormal Behavior Detection in Large Environments

Attack patterns are something that when it occurs is extrinsic (not natural) behavior in a infrastructure. Understanding what attack patterns look like and building an understanding of how to detect them with what you already have is possible. Most preventative technology tries in some extent to detect extrinsic behavior in an environment but falls short because of the continual changes in attack patterns and commoditized detection (sigs, etc). This talk dives into looking at what you already have in your infrastructure that you can use for intrinsic (natural) detection capabilities that doesn't rely on a specific signature, but more so on how attackers go after an organization. As an industry, we need to be detecting the extrinsic occurrences in our networks which exhibit abnormal behavior. During this presentation, we'll be covering a large percentage of techniques used by attackers, and how to detect them with what you currently have in place at your organization today.

Compromise Analysis – Why we’re seeing so many breaches.

After looking at a number of compromises dating the past several years, there are a number of commonalities between each of them and steps that could have been used to prevent. Information security isn't a practice that will always be successful in defending however, there are key indicators of compromise to look for when an attacker is attempting to compromise an organization. During this presentation, we’ll analyze a number of data breaches and look at how a number of the breaches have occurred and how an information security program can be structured in order to defend against a lot of the attacks. Most of the causes are directly related to the human element and directly phishing. This talk will dive into how phishing techniques work, and what you can do to prevent this from happening in the future.

Building Defense on Known Good

There's so much to do. There's not enough people. We can only do what we can based on risk, people, politics, and budget. All common things we share across each organization. This presentation dives into how to focus on building defenses against attacks, staying ahead of the methods, and focusing on known good vs. the rest. You'll leave this talk with a way to think about defense and a way to tackle the issues we face in security today.

The Hacking Age

Attackers are continuously figuring out new methods to gain access to computer systems and enterprises. Everything from Ransomware to targeted and precise attacks aimed at intellectual property theft, monetary gain, or other motives. In today’s age of hacking, it’s never been more important to understand who the hackers are and the methods they use to attack organizations. In this talk, we go into the demographics of hackers, how they are hacking, and the best defenses both from a personal perspective as well as an enterprise. It’s possible to withstand the attacks we see today with proven practices, but it requires hard work, and an understanding of who your adversaries are.

Moving Ahead and Beyond Common Tool Detections

There’s no question that companies continue to try and get better when it comes to detecting attacks in multiple phases. Instead of just patching and hoping for the best, organizations are spending a substantial amount of investment in trying to detect the “well what if they get through” situation. As companies focus on enhanced detection capabilities, the focus is often hard to grasp in what to actually look for – there is so much. This talk will dive into where we see most companies fail at detection and how red teams are helping push the bar forward in not just leveraging a checklist, but focusing on the identification of attack patterns in varying levels of sophistication. The over reliance on technology as a method for trying to jump start these programs often causes more harm than good, and we’ll dive into how effective off the shelf endpoint detection tools do when confronted with even basic attackers. As an industry, we have everything we need to get better – it’s a matter of prioritization, focus, and time.

Related Speakers View all


More like Dave