Graham Harding's Online Resume

Summary

I'm currently penetration testing and red teaming in the defense industry and carry a Top Secret clearance with the US DOD. I have picked locks at bomb factories and public utilities, and popped shells all over the globe.

Here's what ChatGPT had to say:

Dedicated Information Security Professional with over 25 years of experience in both cyber and physical security realms, seeking to apply a deep expertise in penetration testing, system vulnerabilities, and security protocol development to enhance organizational security. Proficient in Linux systems and C programming, with a keen ability to bridge the gap between digital defenses and physical security measures. Committed to leading innovative security solutions and advancing industry best practices in a dynamic environment.

It's a little corny, but not that far off. I just want to keep working on cool and interesting problems.

Skills (in no particular order)

C
Linux
LaTeX
Assembly
GDB/GEF
BASH
Lock picking
Physical security bypasses

I have to admit it's hard to itemize skills. How granular do we go? Do I itemize each Linux distribution I'm familiar with? Do I highlight the types of programming I've done? Boot sector, networking, exploit development? Do I name services I can configure? I guess we can leave it here for now.

Experience

Sr Principal Cyber Security	2016–Present
Defense Industry	Los Angeles, CA

I've worked here for coming up on nine years now during which time I've received two promotions as well as the honorary job title of Offensive Cryptanalysis Engineer chiefly for my proficient use of and mentorship surrounding the hashcat password cracking utility.

I lead and participate in full-scope penetration tests across diverse platforms—including Building Automation and Control (BAC) systems, Industrial Control Systems (ICS), industrial HVAC systems, and plain ol' enterprise networks—uncovering critical vulnerabilities and enhancing customer security.

I developed and implemented our first physical security concept of operations (CONOP), from working with the legal department to selecting and purchasing the kit, enabling truly comprehensive red team activities and realistic attack simulations. I am currently working on a video series to enhance the training of a national, remote-working team.

The team has been developing custom C2 software to which I contribute advanced C and assembly code, as well as Linux implants for red team activities.

Who can forget the soft skills? I also employ excellent written and verbal communication skills to maintain long-term customer relationships by delivering in-depth reports, conducting risk assessments per NIST SP 800-30, and guiding remediation efforts at all organizational levels.