Tom Ervin - Offensive Security Leadership

Professional Summary

Tom, a recent BHIS Honey Badger award recipient and SpecterOps CTF winner, is a cybersecurity veteran with over a decade and a half of career growth. His experience includes building and leading offensive security teams at multiple Fortune 500 companies as well as building a cybersecurity program in the fintech industry. As a Red Team lead, Tom focuses on continual improvement, effective playbooks, and resilient detection and response. Tom's primary technical contributions for Red Teams are a specialization in C2 and phishing infrastructure, payload delivery, cloud security, and Active Directory exploitation. Tom has developed reporting that drives strategic security decisions rather than tactical fixes alone. Tom is a passionate contributor to the information security community and frequent volunteer at Midwest information security conferences, with the goal of helping to teach and support fellow infosec practitioners.

Training & Awards

OSCP In Progress

2025
BHIS Honey Badger Award

2025
Advanced Evilginx Mastery

2024
Abilities Driven Red Teaming

2022
SpecterOps Red Team Tactics CTF Winner

2018
SpecterOps Red Team Tactics

2018
SANS SEC564 Red Team Operations

2017
Obtained Certified Ethical Hacker (CEH) v8

2013

Key Skills

Red Team Operations: MITRE ATT&CK, Attack Simulation, Adversary Emulation, Operation Design, Threat Intelligence
Infrastructure: Advanced C2, Cobalt Strike, Payload Delivery, Cloud Security (AWS/Azure)
Identity & Network: Active Directory Exploitation, Credential Relaying, Zero Trust
Detection Evasion: Sandbox Evasion, Anti-Investigation, Persistence Mechanisms
Leadership: Security Metrics & Reporting, Threat Intelligence, Team Building, Consensus Building

Education

Bachelor of Science

Network Administration, Database Administration

University of Cincinnati

Community Involvement & Industry Contributions

BSides312 (2024+)
Blue Team Con CTF (2022+)
CircleCityCon CTF (2018-EOL)
Hak4Kidz (2015-2019)
CircleCityCon NOC (2015-2019)
BurbSec Core Staff (2013+)
BSides Chicago (2012-2016)
Cobalt Strike Beta Tester (Feb. 2012+)

Professional Experience

Offensive Security Lead

Packaging Corporation of America

March 2024 - August 2025

Supported ongoing security modernization efforts while reporting directly to the CISO
Implemented regression testing for Red Team reported issues, identifying multiple configuration changes that would have disabled security controls
Led Purple Team exercises and targeted attack simulations, producing detections of rarely observed techniques during third-party testing
Identified and guided remediation for Active Directory, Entra, ADCS, credential relaying, C2 tunneling (SOCKS), and endpoint security
Supported Zero Trust initiative including testing and validation

Lead Cybersecurity Engineer

Skolem Technologies

December 2021 - March 2024

Led comprehensive cybersecurity program for a DeFi trading platform, overseeing implementation of security controls for endpoints, AWS and OVH cloud infrastructure, and DeFi contract security
Deployed application allowlisting and patch management across all infrastructure
Provided oversight for secure development practices including custom built CI/CD pipeline
Deployed network access controls and log collection and monitoring (Elastic)
Conducted internal testing, managed bug bounty program and third party Red Team and penetration testing
Established and led Digital Forensics and Incident Response capabilities

Founding Red Team Technical Lead

Principal Financial Group

January 2019 - June 2022

Led the development of Principal Financial's Red Team policies, procedures, and operational frameworks including internal reporting, business interaction, scoping, metrics
Responsible for all Red Team operations, attack simulations, and Purple Team exercises
Designed and managed Red Team infrastructure, including team tooling, C2, phishing, and payload delivery
Responsible for Red Team adherence to legal, regulatory, and internal standards
Worked as primary contact and assisted with scope for third-party testing/remediation
Identified vulnerabilities related to DFIR playbook effectiveness, password quality, AD security, and AWS privilege escalation, additionally assisted with Tabletop Exercises

Founding Sr. Red Team Engineer

Northern Trust Corporation

July 2015 - December 2018

Championed threat intelligence-driven attacks to evaluate cybersecurity defenses
Designed and managed Red Team infrastructure including C2 and content delivery servers, password cracking equipment, and team standard images
Maintained ongoing reconnaissance efforts, and led multiple Red Team Operations

Sr. Penetration Tester and Manager

Plante Moran, PLLC

October 2010 - July 2015

Achieved complete Active Directory compromise at over 100 financial institutions
Revamped penetration testing methodology, tooling, and reporting procedures
Developed custom internal security assessment tools for the consulting team

President

SMB IT Solutions

February 2010 - November 2010

Founded and led IT consultancy specializing in open source business solutions
Implemented server platforms and remote support systems for SMB clients

Systems Administrator

Plante Moran, PLLC

2006 - February 2010

Managed systems administration, LDAP, and enterprise virtualization initiatives
Designed disaster recovery systems that led to the creation of Linbit's DRBD-Proxy
Developed encrypted portable file server with cellular routing and snapshotting