I'm a world class, bleeding edge, security architect and automation engineer for computer systems. I used to be a Microsoft engineer, co-founded my own security company: Moot, Inc. and sold it to SHI International, where I now work happily. I have vast enterprise and government experience. I used to be the lead author of Azure Security Best Practices while at Microsoft.
Some of the projects or achievements that I am most proud of in my security and automation career are:
- Automation:
- Reverse engineering Cisco Webex to automate ARF to MP4 conversion.
- Automating 911 Dispatch for Eastern Band of Cherokee Indians (EBCI).
- SPA Architecture deployment and lifecycle management through Moot Security Management.
- Assisting Microsoft's DART team with malware removal automation by building a custom AV engine for an engagement gone wrong to turn the whole thing around and make it a success.
- Security:
- Rebuilding the EBCI after a cyber-attack with the Securing Privileged Access (https://aka.ms/spa) architecture.
- Assisting Microsoft's DART team with
PowerShell/C#malware reversing.
Some of the tools or frameworks that I use or recommend for security and automation engineering are:
- Microsoft Securing Privileged Access (SPA) for the core of the organization's architecture, learn more at https://aka.ms/spa.
- Security Development Lifecycle (SDL) for software engineering, learn more at https://microsoft.com/sdl.
- Operational Security practices (OSA) for systems engineering, learn more at https://microsoft.com/osa.
I approach security and automation challenges with the following mindsets and best practices:
- Automation: I have the mindset that if a computer can run it, it can be automated in most cases. There are very few cases that can't be automated.
- Security: My core mindset is of Assume Breach. Assume Breach can be used to derive all other security principles. When you assume a system is breached, you need to figure out how to fix and prevent it. If you do these enough times, you will start to see patterns and you can make mental shortcuts. These mental shortcuts are called security principles. Things like Confidentiality, Integrity and Availability are mental shortcuts of Assume Breach. Another one is the clean source principal. Assume Breach is the core mindset to have when designing security.
Some of the skills that I have in security and automation engineering are:
| Automation | Security |
|---|---|
| Scalability | Architecture |
TypeScript/JavaScript |
Securing Privileged Access (SPA) |
PowerShell |
Tooling Deployment and Configuration (EDR/SEIM/SAST/DAST/CNAPP, etc.) |
Windows, Linux (Debian Based Distros), MacOS |
Malware Reversing |
| App and OS Deployment | Incident Response |
| DevOps | DevSecOps |
Infrastructure as Code (IaC) |
PKI |
Cloud (Azure/AWS) |
Vulnerability Analysis |
| Software Engineering | Software Engineering |
| Training | Training |
Some of the publications that mention me or my work are:
- Rebuilt a sovereign nation - https://news.microsoft.com/source/features/digital-transformation/after-a-devastating-cyberattack-eastern-band-of-cherokee-indians-most-technologically-advanced-nations/
- Azure Security Best Practices Lead - https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/customer-offerings-workshopplus-azure-security-best-practices/ba-p/1490966
You can view my public certification records on my LinkedIn profile: https://www.linkedin.com/in/elliot-huffman/#licenses_and_certifications