Kinnaird Mcquade Email & Phone Number
@salesforce.com
4 phones found area 703 and 650
LinkedIn matched
Who is Kinnaird Mcquade? Overview
A concise factual answer block for searchers comparing this professional profile.
Kinnaird Mcquade is listed as Chief Security Architect at BeyondTrust, a with 1710 employees, based in Arlington, Virginia, United States. AeroLeads shows a work email signal at salesforce.com, phone signal with area code 703, 650, and a matched LinkedIn profile for Kinnaird Mcquade.
Kinnaird Mcquade previously worked as Founder/CTO at Nightvision and Staff Security Engineer at Square. Kinnaird Mcquade holds Master Of Science (M.S.), Cybersecurity from Marymount University.
Email format at BeyondTrust
This section adds company-level context without repeating Kinnaird Mcquade's masked contact details.
AeroLeads found 1 current-domain work email signal for Kinnaird Mcquade. Compare company email patterns before reaching out.
About Kinnaird Mcquade
Founder and CTO at NightVision. NV provides security testing that doesn't suck. NightVision scans the code base before simulating attacks with DAST, looking for AppSec vulnerabilities like the OWASP Top 10. This allows NV to identify vulnerabilities that other tools can't see.My personal background: Before NightVision, I worked as a Lead Security Engineer at Square, where I led their cloud vulnerability management program in response to Log4j. Before Square, I was a Lead Security Engineer at Salesforce, where I published multiple open source security tools with 30+ million total downloads. I was also the Cloud Security Consulting Practice Lead at Synopsys, one of the top AppSec firms. At Synopsys, I was honored to advise clients, mostly Fortune 500 companies, on how to design, build, and scale their application security programs. I've been focusing on automating security activities my whole career.I've hacked casinos, cars, hotels, and banks - but I honestly feel like automating the crap out of security testing and giving developers the ability to perform AppSec testing themselves is the way of the future. Automation is the key to buy down risk at scale. If you feel the same, send me a connection request! Always happy to talk shop.
Listed skills include Public Speaking, Teaching, Violin, Research, and 14 others.
Kinnaird Mcquade's current company
Company context helps verify the profile and gives searchers a useful next step.
Kinnaird Mcquade work experience
A career timeline built from the work history available for this profile.
Founder/Cto
CurrentNightVision provides security testing that doesn't suck. NightVision scans the code base before simulating attacks with DAST, looking for AppSec vulnerabilities like the OWASP Top 10. This allows NV to identify vulnerabilities that other tools can't see.https://nightvision.net
Staff Security Engineer
Designed, architected, and built Square's Vulnerability Management solution in Cloud in response to the Log4j incident. Led a team of engineers to implement and roll out a fully automated customized solution. Solution offered deduplication of results, false positive filtering, and a new and more efficient way of attributing security bugs internally. Impact included full coverage across Square's cloud environments, giving lasting customer impact.Led a few penetration tests with the Red Team focusing on my specialty areas.Log4j PTSD.
Lead Security Engineer
- Dynamic Application Security Testing (DAST): Lead for Salesforce Security Assurance’s DAST Scanning strategy. Helped design enterprise architecture and built proof of concepts for our key DAST capabilities. Worked with stakeholders to build the work into their team’s strategy, wrote proof of concept code and architectures to align on technical details. Built a prototype DAST Solution that scans thousands of web apps from AWS in 15 minutes and scales out horizontally to rapidly scan the entire external web app perimeter rapidly, regularly, and for relatively low cost.- Azure Security Guardrails: Built a Python-based command line tool within a 4-week timeframe that allows engineers to deploy Azure infrastructure without known security misconfiguration weaknesses (e.g., unencrypted resources, overbroad security group rules, etc.). The tool generates Terraform that creates Azure Policies to apply 400+ security guardrails across our environment. open sourced the tool, designed and implemented the rollout, exception management, and governance strategy. These security guardrails are applied to 100% of Salesforce’s Azure environment.- Security Assurance Lead for Microsoft Azure: Lead for Salesforce’s Microsoft Azure security assurance strategy. Worked with 50+ service teams on their design at the early stages of the design process. Socialized the design, context, and security concerns across multiple business units. Detailed project specifications to fix systemic security issues that would arise after extensive time in the environment.- Terraform Static Analysis: Built Assurance-as-Code framework using Open Policy Agent and conftest to validate Terraform plans automatically at deployment time. Worked with control owner teams to build out rules corresponding to their security controls. Built out 50% of the initial rulesets in AWS. This now evaluates 100% of Terraform code applied to all Salesforce AWS accounts.
Cloud Security Practice Lead
Tripled revenue from previous year within one quarter of leadership. Aligned executive decision makers and technical leads on practice direction and strategy. Presented to 150+ business stakeholders (client managers) on several occasions to drive business and technical strategy.Top Project - Automating Continuous Security Testing:- Built an Automated Application Security Testing Library - a Jenkins Shared Library that performs various AppSec activities (DAST, SAST, SCA, report delivery, automated issue tracking, metrics aggregation) and allows developers or administrators to configure or toggle testing in a YAML file. Allows clients to start automating their continuous security testing within 30 days. Integrations included both commercial and open source tools. Built training and documentation to support consultants deploying solution for clients. Evangelized the solution and piloted with clients successfully.
Senior Security Consultant
Top Project: HashiCorp Vault (Top 3 Worldwide Hotel Chain)Single person responsible for HashiCorp Vault deployment at a Top 3 Worldwide Hotel chain. Developed Infrastructure as Code (Terraform, Packer, Ansible, Bash) for automated and secure deployments of HashiCorp Vault. Built CI/CD pipeline for deploying the Terraform code for Vault and supporting infrastructure. Built a secure and CIS Benchmark Compliant OS Golden Image (CentOS) and deployed the CentOS golden image across 100% of the client’s cloud environment. Developed example code to evangelize Vault usage among developers and onboarded service teams to use it. The Vault deployment, Infrastructure as Code pipeline, and CentOS Golden images are still in use today, 3+ years later.
Security Consultant
Example Engagements listed below.- Web Application Penetration Testing - Online Casino: Reported successful exploits such as XML Injection, SQL Injection, Vertical + Horizontal Privilege Escalation, Cross-Site Scripting, various Session Management exploits, various Cryptography weaknesses, and platform-specific vulnerabilities.- Azure Security Baseline Development - Top 5 US Bank: Formulated Azure Security Baselines to establish technical controls specific to Azure, in the style of hardening guides. At this time, Azure CIS Benchmarks and other standards did not exist so we had to write our own. Interfaced directly with stakeholders and technical personnel to establish and refine the baselines to meet business requirements without compromising on security standards.- Threat Modeling - Cloud Hardware Provider: Performed a threat modeling assessment for a client that revealed a number of significant flaws within the architecture of the hardware system and its interaction with various communication protocols. The proprietary system is now used as part of the on-premises component in a hybrid cloud stack. Compiled a custom report as the deliverable for this engagement, after interviewing various members of the client’s team to identify assets, threats, trust zones, potential attack vectors, and existing security controls in the system.
Associate Security Consultant
Technical Assessments:- Threat Modeling and Architecture Security Analysis: Performed Architecture Security Analysis and Threat Modeling for a Fortune 100 company; identified vulnerabilities in internal and vendor applications in design phase and in production. Reports focused on Authentication, Authorization, Auditing, Logging, Data In-transit and at-rest, Input Validation, Session Management, Cloud Infrastructure/Architecture, and Mobile Infrastructure/Architecture.- Web Application Penetration Testing: Performed Manual Penetration Testing on Web Applications. Worked with Burp Suite Pro, sslyze, sslscan, Nmap, and other tools.- Secure Code Review: Performed Secure Code Review by utilizing Points of Interest, tracking data flow in an IDE, & identifying insecure configs or missing methods that lead to software vulnerabilities. For example: dynamic SQL queries instead of parameterized queries, deny-listing instead of output encoding, data sanitization, & allow-listing, etc.Soft Skills:• Used Written communication skills on a regular basis to prepare formal documentation for clients• Authored White Papers and Blog Posts for Marketing on Security Best Practices in AWS and other topics• Developed report templates, risk write-up repositories, and threat modeling questionnaires to improve delivery time for team members, which led to a measurable reduction in case completion time without a compromise in qualityConsulting Skills:• Worked with the client’s business stakeholders on a regular basis to explain: security standards, the importance of implementing security controls to mitigate risks, and the business risks associated with each technical vulnerability.
Security Consultant
Technical Assessments:• Performed security audits and penetration testing to evaluate initial security stature.Policy and Compliance Work:• Wrote a 30 page company-wide security policy viewable to all employees and a 20 page security policy for IT system administrators.Consulting Skills:• Worked with small business clients to write and implement new security policies.• Met with the CEOs of client companies to explain security risks and negotiate contracts for upgrading systems for optimal security and implementing new security policy.
Researcher
Technical Skills and Training:Manual Web Application Testing; open source and proprietary Dynamic Web Vulnerability Scanners; Reconnaissance tools; Exploitation frameworks; Anti-Virus Evasion techniques; Secure Coding techniques; Cross site scripting; OWASP Top 10 (concepts, coding standards, testing techniques).Technologies: Worked with: Metasploit/Armitage; BeEF Web Exploitation Framework; OWASP Broken Web Applications; Burp Suite Proxy, Spider, Scanner, Intruder, and Repeater; OWASP Zed Attack Proxy; IRONWASP; Arachni; w3af; Acunetix Web Vulnerability Scanner; HP WebInspect; IBM AppScan; Nessus.Research: Investigated and evaluated both open source and proprietary dynamic web vulnerability scanners, worked with the OWASP Broken Web Applications virtual server to evaluate the differences in detection accuracy, usability, and cost-effectiveness of open source and proprietary dynamic web vulnerability scanners.Publication: Produced a cost-benefit analysis on these various tools and submitted research results to various information security conferences.Conferences: Presented research at the Conference on Information Systems Applied Research (CONISAR) in Baltimore, MD.
Private Music Teacher (Violin/Viola)
Private Teacher: Instructed 40 students over the course of 6 years in violin and viola. Improved customer service skills, account management, gauging customer satisfaction. Refined teaching methods to suit each individual student, catering to their own strengths and needs. Pursued this career concurrently with full-time school.String Quartet Performer: Performed in 30+ weddings, 10 funerals, and several corporate events. Performed in venues such as the Supreme Court, the National Restaurant Association annual convention, the Australian Embassy in Washington, D.C., the Canadian Embassy in Washington, D.C., the National Counterterrorism Center, and many others.
Colleagues at BeyondTrust
Other employees you can reach at beyondtrust.com. View company contacts for 1710 employees →
Chulhyun Han
Colleague at BeyondtrustSouth Korea, Korea, Republic Of
View →
JS
Joseph Sordillo
Colleague at BeyondtrustSmyrna, Georgia, United States
View →
CL
Chris Lantz
Colleague at BeyondtrustCanada
View →
MM
Manoj Mn
Colleague at BeyondtrustWaterloo, Ontario, Canada
View →
JF
James Fuda
Colleague at BeyondtrustGreater Melbourne Area, Australia
View →
DH
Diane Humes
Colleague at BeyondtrustAtlanta, Georgia, United States
View →
AD
Alejandro Dacosta
Colleague at BeyondtrustAliso Viejo, California, United States
View →
CH
Chris Hvidsten
Colleague at BeyondtrustCalgary, Alberta, Canada
View →
CB
Cori Barry
Colleague at BeyondtrustBroken Arrow, Oklahoma, United States
View →
CC
Chec C
Colleague at BeyondtrustSingapore
View →
Kinnaird Mcquade education
Master Of Science (M.S.), Cybersecurity
Bachelor Of Science (B.S.), Information Technology
Associate Of Science (A.S.), Computer Science
Frequently asked questions about Kinnaird Mcquade
Quick answers generated from the profile data available on this page.
What company does Kinnaird Mcquade work for?
Kinnaird Mcquade works for BeyondTrust.
What is Kinnaird Mcquade's role at BeyondTrust?
Kinnaird Mcquade is listed as Chief Security Architect at BeyondTrust.
What is Kinnaird Mcquade's email address?
AeroLeads has found 1 work email signal at @salesforce.com for Kinnaird Mcquade at BeyondTrust.
What is Kinnaird Mcquade's phone number?
AeroLeads has found 4 phone signal(s) with area code 703, 650 for Kinnaird Mcquade at BeyondTrust.
Where is Kinnaird Mcquade based?
Kinnaird Mcquade is based in Arlington, Virginia, United States while working with BeyondTrust.
What companies has Kinnaird Mcquade worked for?
Kinnaird Mcquade has worked for Beyondtrust, Nightvision, Square, Salesforce, and Synopsys Software Integrity.
Who are Kinnaird Mcquade's colleagues at BeyondTrust?
Kinnaird Mcquade's colleagues at BeyondTrust include Chulhyun Han, Joseph Sordillo, Chris Lantz, Manoj Mn, and James Fuda.
How can I contact Kinnaird Mcquade?
You can use AeroLeads to view verified contact signals for Kinnaird Mcquade at BeyondTrust, including work email, phone, and LinkedIn data when available.
What schools did Kinnaird Mcquade attend?
Kinnaird Mcquade holds Master Of Science (M.S.), Cybersecurity from Marymount University.
What skills is Kinnaird Mcquade known for?
Kinnaird Mcquade is listed with skills including Public Speaking, Teaching, Violin, Research, Penetration Testing, Leadership, Application Security, and Amazon Web Services.
Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.
Start free trial