Professional Documents
Culture Documents
Georgoa Weidman Resume
Georgoa Weidman Resume
Georgia@BulbSecurity.com 1-703-531-7853
https://www.linkedin.com/in/georgiaweidman/
Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author.
Georgia is the author of Penetration Testing: A Hands-On Introduction to Hacking and a contributor to Tribe of
Hackers: Cybersecurity Advice from the Best Hackers in the World and Tribe of Hackers Red Team: Tribal
Knowledge from the Best in Offensive Cybersecurity which collectively have launched the cybersecurity
careers of thousands. Her work in the field of smartphone exploitation has been featured internationally in print
and on television including ABC, BBC, Fox, NBC, and PBS. She has presented and trained around the world
including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point and has served as a
subject matter expert with the CyberWatch Center's National Visiting Committee, the FTC’s Home Inspector
IoT security challenge, and as a New America Cybersecurity Policy Fellow.
Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments,
penetration testing, security training, and research and development in mobile and IoT security. She was
awarded a DARPA Cyber Fast Track grant to continue this work culminating in the release of the open-source
project the Smartphone Pentest Framework. She founded Shevirah Inc. to create products for assessing and
managing the risk of mobile and the Internet of Things and evaluating the effectiveness of mobile security
solutions. Shevirah is a graduate of the Mach37 cybersecurity accelerator, and, through Mach37, Georgia has
served as an advisor, mentor, and occasionally investor in the next generation of cybersecurity startups.
She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award, is an Adjunct Professor at the
University of Maryland Global Campus, and she holds a MS in computer science with concentrations in Secure
Software Engineering and Information Security; U.S. Patents #10,432,656 and #11,089,044 which are
foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications. Georgia is a software
engineer on the security team at Aiven where, among other things, she works on the bug bounty program and
the internal red team.
Georgia’s professional life has spanned the gamut of the cybersecurity industry. From her first job as a
member of the onsite security team at the National Science Foundation while a consultant for IBM to her
current role as a software engineer in security for Finnish based managed cloud provider Aiven Oy, she has
lived the blue team side of cybersecurity. Her passion however is for penetration testing and red team work. As
a consultant at cybersecurity consulting firms such as Neohapsis, acquired by Cisco, and, through her own
consulting company Bulb Security, she has performed penetration testing and red teaming for companies such
as Rapid7 and Optiv. She also has entrepreneurial experience as the founder of both the LLC consulting firm
Bulb Security and the venture backed Delaware C Corp product security company Shevirah.
Georgia has spoken and conducted cybersecurity training on 6 continents (but has yet to find a security
conference in Antarctica). Her speaking and training work has ranged from local security meetups such as
OWASP and Security BSides conferences to the foremost cybersecurity events such as Blackhat, DEF CON,
RSA, and ShmooCon to keynoting annual meetings hosted by CarbonBlack, Cisco, and Hacker One. Her
primary research interest has been mobile and Internet of Things security, though she is now delving into the
emerging realm of security for augmented reality, virtual reality, and the metaverse.
Georgia has also been quoted frequently in the media in print, on the radio, and on television. She and Apple’s
Tim Cooke were interviewed by ABC about the Apple vs. FBI San Bernardino Case (https://youtu.be/M546-
0rs8RE) and by Global TV Canada’s 16x9 The Bigger Picture on her smartphone botnet research
(https://youtu.be/L0ZZdXf51U8). She was also interviewed as a cybersecurity expert in PBS’s RoadTrip Nation
documentary Life Hackers (https://www.pbs.org/video/life-hackers-v3ar1h/). In print she has been quoted by
1
Forbes, Christian Science Monitor, Reuters, and MIT Technology Review among many others. She has
published op-eds in The Hill. She is a prolific podcast guest and in addition to speaking purely on
cybersecurity, she also frequently covers diversity and inclusion in cybersecurity and startups with a personal
focus on gender inclusion, neurodiversity, and supporting those who have followed non-traditional paths
including rural founders, returned veterans, and alternative educational paths. Her talk “If an Autistic Girl from
Rural Mississippi Can Make It in InfoSec So Can You" has been lauded for opening eyes, minds, and doors.
Her best-selling Penetration Testing: A Hands-On Introduction to Hacking has sold over 40,000 copies and is
available in Brazilian Portuguese, Chinese, Korean, and Polish in addition to the English edition. The highly
anticipated updated 2nd edition will be available for purchase this holiday season. Georgia developed a video
series walking viewers through the book’s exercises. This video series remains, from month to month, among
the most viewed series on the cybersecurity workforce development platform Cybrary and, through 2021, more
than 275,000 people have viewed it.
Georgia began college after the 8th grade at the age of 14 at Mary Baldwin University’s Program for the
Exceptionally Gifted. She graduated with a BA in Mathematics with distinction at the age of 18. She published
her first academic paper “On edge graceful labelings of disjoint unions of 2r-regular edge graceful graphs” in
The Journal of the Institute of Combinatorics and its Applications based on her senior thesis. She received a
M.S. in Computer Science with an emphasis in secure software engineering and cybersecurity from James
Madison University. She also holds CISSP, Pentest+, and OSCP certifications. Georgia continues to educate
the next generation of cybersecurity practitioners as an adjunct professor in cybersecurity at University of
Maryland Global Campus and by having served on the National Cyberwatch Center’s National Visiting
Committee.
Employment History
Aiven Oy. Senior Software Engineer in Security January 2022-January 2023 Helsinki, Finland
• At Aiven, I lead the red team and penetration testing efforts for the Aiven software products as
well as the internal Aiven network as part of the internal security program and for compliance
requirements such as PCI-DSS and SOC 2.
• I contribute security-related code to the Aiven code base.
• I contribute to managing the bug bounty program and verify submitted bugs.
Neohapsis Inc. Security Consultant May 2011-February 2012 Chicago, IL (acquired by Cisco)
• Penetration Testing / Red Team, network assessment, application & mobile application
assessment
Volunteer Work
National Cyberwatch Center National Visiting Committee August 2017-2020 Largo, Maryland
• Member of the National Science Foundation National Visiting Committee for the National
Cyberwatch Center.
• The National CyberWatch Center’s Advanced Technological Education program works to
improve technological education at the undergraduate and secondary school levels. Members
of the National Visiting Committee assess the progress of the program, advise the project staff,
and advocate for the program and its projects.
• Mary Baldwin College B.A. Program for the Exceptionally Gifted (graduated at age 18)
Major: Mathematics; Minor: Computer Science; Awards: Distinction in the Major
Patents
• US Patents 10,432,656 and 11,089,044: “Method and System for Assessing Data Security”,
October 1, 2019, and August 10, 2021
o A method and system for conducting simulated phishing attacks. This may include
identifying a target device from a list, such as a corporate directory, and sending a
message to the device with a link to a website. On the website, the user may be
directed to or enrolled in a network security course, or may be directed to install an
app, which may then be used to gather data or further conduct simulated phishing
attacks on other devices on a network.
Certifications
• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)
• Qualified Ethical Hacker (Q/EH)
• EC-Council Certified Ethical Instructor (CEI)
• NIST 4011
• Mile2 Certified Penetration Testing Consultant (CPTC)
• CompTIA Pentest+
Technical Skills
• Red Teaming, Penetration Testing, Web Application Security, Network Security, Software
Security, Mobile Device and Application Security, Security Training, Reverse Engineering,
Malware Analysis, Research and Development
Selected Media
• Selected media appearances including video can be found here:
https://www.shevirah.com/media/
• Featured expert in PBS’s RoadTrip Nation cybersecurity documentary Life Hackers
5
• Expert for ABC World News Tonight on the Apple vs. FBI Case
• Expert of NBC Nightly News on WannaCry Malware Attack
• Segment on 16x9 The Bigger Picture on Georgia’s Smartphone Botnet Research
• MIT Technology Review article on Georgia’s research: “Smartphone Zombie Apocalypse”
https://www.technologyreview.com/s/422458/smart-phone-zombie-apocalypse/
• Forbes article with quotes from Georgia: “Tools To Hack Android Phones Are Getting Easier
To Use” https://www.forbes.com/sites/parmyolson/2013/08/08/tools-to-hack-android-phones-
are-getting-easier-to-use/#1ef5a6c0abc7
• The Register article on Georgia’s research: “Don’t Fear 1337 Exploits. Sloppy Mobile
Phishing Defenses a much bigger Corp IT Security Threat”
https://www.theregister.com/2018/07/05/mobile_enterprise_security_appseceu/
• The Hill Op-ed by Georgia: “No More Hoarding Zero Days” http://thehill.com/blogs/congress-
blog/technology/282122-no-more-hoarding-zero-days