Joshua Pennell
Founder and President
As IOActive's Founder and President, Joshua Pennell enjoys a proven, 14-year entrepreneurial track record of creating and maintaining a multimillion-dollar, customer-focused, independent global security services organization. Through Pennell's leadership, IOActive has emerged as one of the world's longest standing, highly technical boutique security consultancies with a history based on cutting-edge research and meritocratic governance.
Pennell serves on the advisory boards of Source, Vantos, and SiteScout. Pennell also is the Chairman of IOActive's advisory board, which includes such computer industry venerables as Steve Wozniak, Jim Reavis, and Jason Larsen. In years past, Pennell played an integral role in helping his team win Defcon's Capture the Flag competition for three consecutive years, followed by another three years of technically revolutionizing the competition before handing the game over to Kenshoto.
Pennell enjoys riding his bicycle in London while thinking of innovative ways to reduce IOActive customers' security risks through pragmatic application of security best practices. If you enjoy what you do for a living, you'll never work another day in your life.
Visit Mr. Pennell's LinkedIn profile.
Jennifer Steffens
Chief Executive Officer
As its CEO, Jennifer Steffens is responsible for all aspects of IOActive's North American business operations including sales, delivery, and finance as well as driving the company's strategic vision. Steffens brings a wealth of industry and business experience to the company, having been an early member of several successful startups.
Earlier in her career, Steffens was a Director at Sourcefire, where she helped build and grow the business from $250K to an over $35M run rate in just four years. Working closely with the CTO, Steffens helped commercialize the open source Snort technology and build several service offerings around the research initiatives. Prior to joining IOActive, she came to Seattle to help the struggling startup GraniteEdge reinvent itself. She spearheaded initiatives to restructure the company, and developed a product strategy to drive early market penetration that ultimately secured two additional rounds of funding.
With over 10 years of industry experience, Steffens has also held senior management positions at Ubizen, NFR Security, and StillSecure. She graduated from Mary Washington University with a Bachelor of Science in Psychology.
Visit Ms. Steffens' LinkedIn profile.
Cesar Cerrudo
CTO IOActive Labs
Cesar Cerrudo is CTO at IOActive Labs, where he leads the team in producing ongoing cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting—which was acquired by IOActive—Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, and Yahoo! Messenger. Cesar also has authored several white papers on database and application security, and attacks and exploitation techniques, and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, and Defcon. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals.
Visit Mr. Cerrudo's LinkedIn profile.
David Baker
Vice President of Services
David Baker, the VP of Services for IOActive, has over 20 years experience in the Computer and Information Security industries, and specializes in security architecture and management solutions.
Baker's experience spans the information software security spectrum—from orchestrating smart grid and embedded device assessments to large-scale network and application penetration tests, from designing scalable and secure e-commerce networks to delivering PCI assessments for Fortune 100 customers. As VP of Services, Baker is responsible for ensuring the successful delivery of all consulting services at IOActive.
Baker graduated with a Bachelor of Science in Mechanical Engineering and a Master of Science in Aeronautical Engineering from Cal Poly State University.
Visit Mr. Baker's LinkedIn profile.
Michael Vitolo
Director of Compliance
Michael Vitolo is IOActive's Director of Compliance Services where he employs his proficiency in governance, auditing, information security, project management, and risk mitigation. Vitolo is knowledgeable in regulations including Sarbanes Oxley (SOX404), VISA Payment Card Industry Data Security Standards (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and State and Government regulations in addition to utilizing frameworks such as ISO 7799, ITIL, and COBIT4.1 for risk assessment.
Prior to joining IOActive, Vitolo held positions at Walgreens—where he was responsible to manage VISA PCI and HIPAA compliance standards and application assessments—and Trustwave—where he served in Managing Security Consultant and Principal Security Consultant capacities. He is skilled at providing compliance recommendations that protect sensitive data and determine cost-effective remediation plans.
Vitolo is a Certified Payment Card Industry Security Auditor and Security Manager, Certified Information Systems Auditor, Certified Information Security Manager, and holds a Bachelor of Science in Operations Management from the University of Arizona.
Visit Mr. Vitolo's LinkedIn profile.
