Leszek Miś — Founder

Leszek Miś is the Founder of Defensive Security, Principal Trainer, and Security Researcher with almost 20 years of experience in Cyber Security and Open Source Security Solutions market. He went through the full path of the infosec carrier positions: from OSS researcher, Linux administrator, and system developer, Solution Engineer, and DevOps, through penetration tester and security consultant delivering hardening services and training for the biggest players in the European market, to become finally an IT Security Architect / DFIR / SOC Security Analyst with deep non-vendor focus on Network and Endpoint Security attack and detection. He's got deep knowledge about finding blind spots and security gaps in corporate environments. Perfectly understands technology and business values from delivering structured, automated adversary simulation solutions and training. He focuses on hands-on: Chained Attack Paths, Emulating attacker's TTPs, and running detection/response at the same time by using Sysmon and EVTX, Auditd, Wazuh, Graylog, HELK, ElastAlert, Falco, OSQuery, Velociraptor DFIR, Zeek IDS, Suricata IDS, Moloch FPC, Volatility Framework, theHive, MISP, and Sigma Rules and more. Recognized speaker and trainer: BruCON, Black Hat USA, OWASP Appsec USA, FloCon USA, Hack In The Box Dubai / AMS / Singapore / Abu Dhabi, Confidence PL, PLNOG, Secure PL, Open Source Day PL, Red Hat Roadshow. Member of OWASP Poland Chapter. Author of many IT Security training: PurpleLabs: Linux Forensics Inspection and Incident Response at scale PurpleLabs: Windows Forensics Inspection and Incident Response at scale PurpleLabs: Post-Exploitation and Evasion Techniques PurpleLabs: Adversary Emulation and Breach Attack Simulations PurpleLabs: Network Advanced Detection & Threat Hunting PurpleLabs: C2 Matrix Operator PurpleLabs: C2 Infrastructure Deployment and Automation PurpleLabs: Advanced Linux Security and Hardening PurpleLabs: Advanced SELinux PurpleLabs: Openshift / Kubernetes Security PurpleLabs: Web Application Firewall PurpleLabs: Linux Administration Essentials PurpleLabs: Open Source Defensive Security Components for SOC PurpleLabs: FreeIPA Administration Holds many certifications: OSCP, RHCA, RHCSS, Splunk Certified Architect. His areas of interest include network "features" extraction, OS internals, and forensics. Constantly tries to figure out what the AI/ML Network Security vendors try to sell. In his free time, he likes to break into the "IoT world" just for fun, cooking, hip-hop, drum&bass, and aggressive skating. *** Still learning hard every single day ***

Stackforce AI infers this person is a Cyber Security Architect with extensive experience in offensive and defensive security solutions.

Location: Gmina Wilkowice, Śląskie, Poland

Experience: 21 yrs 9 mos

Skills

Cyber Security
Training
It Security Architecture
Threat Hunting
System Administration

Career Highlights

Founder of Defensive Security with 20 years in Cyber Security.
Expert in adversary simulation and detection response.
Recognized speaker at global security conferences.

Work Experience

Collective Sense

VP & Head of Cyber Security (2 yrs 4 mos)

Defensive Security

Founder | Trainer | Principal Cyber Security Threat Expert (10 yrs 8 mos)

B2B Sp. z o.o.

IT Security Architect/Trainer (5 yrs 10 mos)

Linux Polska Sp. z o.o.

IT Security Architect/Trainer (6 yrs 9 mos)

Altkom Akademia S.A.

Instructor/Consultant (3 yrs)

Emerge Systems

Founder | Principal IT Security Architect (19 yrs 1 mo)

Interia.pl

System Administrator (5 mos)

Open-E GmbH

System Administrator/Security Expert (2 yrs 3 mos)

Leszek Miś

Founder

Gmina Wilkowice, Śląskie, Poland21 yrs 9 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Founder of Defensive Security with 20 years in Cyber Security.
Expert in adversary simulation and detection response.
Recognized speaker at global security conferences.

Stackforce AI infers this person is a Cyber Security Architect with extensive experience in offensive and defensive security solutions.

Contact

Skills

Core Skills

Cyber SecurityTrainingIt Security ArchitectureThreat HuntingSystem Administration

Other Skills

Adversary SimulationsCustom C2 InfrastructuresSIEM Security AnalyticsPenetration testingOpen Source Security SolutionsLinux ForensicsIncident ResponseAdversary EmulationNetwork SecurityNetwork Penetration TestingForensic AnalysisSELinux PoliciesLinux/Unix HardeningDefensive OperationsOffensive Operations

About

Experience

21 yrs 9 mos

Total Experience

6 yrs 3 mos

Average Tenure

19 yrs 2 mos

Current Experience

Collective sense

VP & Head of Cyber Security

Oct 2015 – Feb 2018 · 2 yrs 4 mos · Cracow Metropolitan Area

Defensive & Offensive Cyberspace Operations
On-going Infosec and Linux/Open Source Security Researcher
Responsible for strategy, business analysis, and technical product security features recommendations
Vulnerability Assessment and Security Analysis
Security monitoring & Threat Hunting Services (memory forensics, FPC, honeypots)
Intrusion detection, low-level anomaly classification and correlation methods for different network data sources: PH, netflows, passive DNS/TLS/HTTP, signatures, security feeds & logs
Tracking and analysis of current attack vectors and vulnerabilities for Linux, Windows & Network space
Developing Chained Attack Scenario Playbooks and Post Exploitation Methods for evaluating Machine-Learning detection engines
Supporting Devs&Ops in terms of Secure Development Life Cycle & Platform/Network Hardening
Experience with Continuous Integration Processes, Container technologies, and Big Data platforms
Researching about current IT Security Market Products (AI, SIEM, Deceptions, NG-*)
Delivering advanced IT Security Sessions, Workshops and Trainings at globally recognized IT Security events: Brucon, Deepsec, Blackhat, Flocon, Confidence.
Management and roadmap planning for IT Security Team
Business and technical operations knowledge transfer
Work with the best of the best and still hungry for a new technical knowledge!

Defensive OperationsOffensive OperationsVulnerability AssessmentSecurity MonitoringCyber SecurityThreat Hunting

Defensive security

Founder | Trainer | Principal Cyber Security Threat Expert

Sep 2015 – Present · 10 yrs 8 mos · Bielsko-Biala / Warszawa / Krakow, Poland

PurpleLABS - Virtual Detection Infrastructure + Offensive Labs
Adversary Simulations | Custom C2 Infrastructures
SIEM Security Analytics
Author of Defensive | Offensive IT Security Education training portfolio:
Open Source Defensive Security → The Trinity of Tactics for Defenders
In & Out → Network Exfiltration and Post-Exploitation Techniques [RED]
In & Out → Detection of Network Exfiltration and Post-Exploitation Techniques [BLUE]
System Internals → Network, OS and Memory Forensics
SELinux → Development & Administration of Mandatory Access Control Policy.
Advanced RHEL/CentOS Defensive Security & Hardening.
ModSecurity → Development and Management of Web Application Firewall rules.
FreeIPA → Identity Management for Linux Domain Environments & Trusts.
Penetration testing | security audits
Open Source Security Solutions

Adversary SimulationsCustom C2 InfrastructuresSIEM Security AnalyticsPenetration testingOpen Source Security SolutionsCyber Security+1

B2b sp. z o.o.

IT Security Architect/Trainer

Aug 2009 – Jun 2015 · 5 yrs 10 mos

Designing and implementing secure network and system architectures using Open Source Software
Designing Linux auditing practices for administrator's accounting
Designing Secure Configuration Life Cycle Programs for Linux based on Puppet/STIG
Designing and implementing Secure Email Systems and Email-Gateways
Developing and promoting effective data security policies, procedures and practices based on SELinux/grsecurity
Configuring and maintaining intrusion detection and SIEM systems for collecting, analyzing and correlating logs
Delivering Red Hat Enterprise Linux trainings and exams: RHCA, RHCSS, RHCE, RHCDS, RHCVA
Direct contact with the heads and directors of IT Security Departments, architects and professionals from biggest companies and institutions in Poland

Secure Network ArchitectureLinux AuditingData Security PoliciesIT Security ArchitectureTraining

Linux polska sp. z o.o.

IT Security Architect/Trainer

Sep 2008 – Jun 2015 · 6 yrs 9 mos · Warsaw, Mazowieckie, Poland

WALLF Project Leader (http://wallf.pl/) - designing, implementing and maintaining hardened and HA solutions based on Open Source Software (Reverse Proxy, LDAP/Active Directory authorization, Single Sign On, WAF, SPNEGO, HA + SELinux policies)
Designing and implementing hardened and highly available Linux boxes: SSH-Relays/ Gateways/ Routers/ Proxy with SELinux
Implementing strong 2FA for network services
Performing network/web penetration tests (white/black box)
Hardening and configuration management for RHEL to security standards: CIS, PCI DSS, STIG
Performing a network and web penetration testing (OSSTMM, OWASP Testing Guide, Top 10, ASVS)
Implementing Web Application Firewall solutions and advanced Web Honeypot/OWASP Appsensor policies
Analysing and creating SELinux policies for dedicated services/daemons in terms of reducing the risk of vulnerabilities
Designing and implementing Single Sign On solutions based on Active Directory for RHEL/AIX/Solaris/HPUX using Kerberos/Samba/LDAP and Red Hat IDM – FreeIPA
Delivering IT Security trainings: Linux Security, Web Application Security, SELinux – creating and managins secure policies, Modsecurity – the Open Source Web Application Firewall, FreeIPA – Linux Domain Controller
Presales services

WALLF Project ManagementNetwork Penetration TestingWeb Application FirewallIT Security ArchitectureCyber Security

Altkom akademia s.a.

Instructor/Consultant

Jun 2007 – Jun 2010 · 3 yrs · Warsaw Metropolitan Area

Member of Corporate Technologies Team
Delivering Red Hat Trainings (RHCT/RHCE)
Preparing and providing Linux/FreeBSD security, Disaster Recovery, End users (social engineering) security trainings
Actively participating in external projects

Red Hat TrainingsLinux SecurityDisaster RecoveryTrainingCyber Security

Emerge systems

Founder | Principal IT Security Architect

Apr 2007 – Present · 19 yrs 1 mo · Katowice Metropolitan Area

Performing network/web penetration tests (white/black box)
WLAN network penetration tests
Forensic analysis of Linux / BSD systems
Creating SELinux policies
Linux/Unix hardening
Installation and configuration network firewalls
Open Source Research & Development services
Linux/FreeBSD Administration
Analysing Linux malware/rootkits

Network Penetration TestingForensic AnalysisSELinux PoliciesLinux/Unix HardeningCyber SecurityIT Security Architecture

Interia.pl

System Administrator

Oct 2006 – Mar 2007 · 5 mos

Creating a high available infrastructure and secure system configuration for a dedicated STUN (Java) application using SELinux mechanism
System and cluster administration – Linux/FreeBSD
Identification and implementation of Bacula backup system using a tape library for 100+ servers
Configuring central, remote event log system
Perl/Bash programming

High Availability InfrastructureSystem ConfigurationBackup System ImplementationSystem Administration