Georgia Weidman

Georgia@BulbSecurity.com 1-703-531-7853

Penetration Tester, Security Researcher, Speaker, Trainer, and Author

https://www.linkedin.com/in/georgiaweidman/

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author.
Georgia is the author of Penetration Testing: A Hands-On Introduction to Hacking and a contributor to Tribe of
Hackers: Cybersecurity Advice from the Best Hackers in the World and Tribe of Hackers Red Team: Tribal
Knowledge from the Best in Offensive Cybersecurity which collectively have launched the cybersecurity
careers of thousands. Her work in the field of smartphone exploitation has been featured internationally in print
and on television including ABC, BBC, Fox, NBC, and PBS. She has presented and trained around the world
including venues such as Black Hat, DEF CON, NSA, Oxford, RSA, and West Point and has served as a
subject matter expert with the CyberWatch Center's National Visiting Committee, the FTC’s Home Inspector
IoT security challenge, and as a New America Cybersecurity Policy Fellow.
Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments,
penetration testing, security training, and research and development in mobile and IoT security. She was
awarded a DARPA Cyber Fast Track grant to continue this work culminating in the release of the open-source
project the Smartphone Pentest Framework. She founded Shevirah Inc. to create products for assessing and
managing the risk of mobile and the Internet of Things and evaluating the effectiveness of mobile security
solutions. Shevirah is a graduate of the Mach37 cybersecurity accelerator, and, through Mach37, Georgia has
served as an advisor, mentor, and occasionally investor in the next generation of cybersecurity startups.
She received the 2015 Women’s Society of CyberJutsu Pentest Ninja award, is an Adjunct Professor at the
University of Maryland Global Campus, and she holds a MS in computer science with concentrations in Secure
Software Engineering and Information Security; U.S. Patents #10,432,656 and #11,089,044 which are
foundational to simulated phishing; as well as CISSP, Pentest+, and OSCP certifications. Georgia is a software
engineer on the security team at Aiven where, among other things, she works on the bug bounty program and
the internal red team.
Georgia’s professional life has spanned the gamut of the cybersecurity industry. From her first job as a
member of the onsite security team at the National Science Foundation while a consultant for IBM to her
current role as a software engineer in security for Finnish based managed cloud provider Aiven Oy, she has
lived the blue team side of cybersecurity. Her passion however is for penetration testing and red team work. As
a consultant at cybersecurity consulting firms such as Neohapsis, acquired by Cisco, and, through her own
consulting company Bulb Security, she has performed penetration testing and red teaming for companies such
as Rapid7 and Optiv. She also has entrepreneurial experience as the founder of both the LLC consulting firm
Bulb Security and the venture backed Delaware C Corp product security company Shevirah.
Georgia has spoken and conducted cybersecurity training on 6 continents (but has yet to find a security
conference in Antarctica). Her speaking and training work has ranged from local security meetups such as
OWASP and Security BSides conferences to the foremost cybersecurity events such as Blackhat, DEF CON,
RSA, and ShmooCon to keynoting annual meetings hosted by CarbonBlack, Cisco, and Hacker One. Her
primary research interest has been mobile and Internet of Things security, though she is now delving into the
emerging realm of security for augmented reality, virtual reality, and the metaverse.
Georgia has also been quoted frequently in the media in print, on the radio, and on television. She and Apple’s
Tim Cooke were interviewed by ABC about the Apple vs. FBI San Bernardino Case (https://youtu.be/M546-
0rs8RE) and by Global TV Canada’s 16x9 The Bigger Picture on her smartphone botnet research
(https://youtu.be/L0ZZdXf51U8). She was also interviewed as a cybersecurity expert in PBS’s RoadTrip Nation
documentary Life Hackers (https://www.pbs.org/video/life-hackers-v3ar1h/). In print she has been quoted by
1
Forbes, Christian Science Monitor, Reuters, and MIT Technology Review among many others. She has
published op-eds in The Hill. She is a prolific podcast guest and in addition to speaking purely on
cybersecurity, she also frequently covers diversity and inclusion in cybersecurity and startups with a personal
focus on gender inclusion, neurodiversity, and supporting those who have followed non-traditional paths
including rural founders, returned veterans, and alternative educational paths. Her talk “If an Autistic Girl from
Rural Mississippi Can Make It in InfoSec So Can You" has been lauded for opening eyes, minds, and doors.
Her best-selling Penetration Testing: A Hands-On Introduction to Hacking has sold over 40,000 copies and is
available in Brazilian Portuguese, Chinese, Korean, and Polish in addition to the English edition. The highly
anticipated updated 2nd edition will be available for purchase this holiday season. Georgia developed a video
series walking viewers through the book’s exercises. This video series remains, from month to month, among
the most viewed series on the cybersecurity workforce development platform Cybrary and, through 2021, more
than 275,000 people have viewed it.
Georgia began college after the 8th grade at the age of 14 at Mary Baldwin University’s Program for the
Exceptionally Gifted. She graduated with a BA in Mathematics with distinction at the age of 18. She published
her first academic paper “On edge graceful labelings of disjoint unions of 2r-regular edge graceful graphs” in
The Journal of the Institute of Combinatorics and its Applications based on her senior thesis. She received a
M.S. in Computer Science with an emphasis in secure software engineering and cybersecurity from James
Madison University. She also holds CISSP, Pentest+, and OSCP certifications. Georgia continues to educate
the next generation of cybersecurity practitioners as an adjunct professor in cybersecurity at University of
Maryland Global Campus and by having served on the National Cyberwatch Center’s National Visiting
Committee.

Employment History
Aiven Oy. Senior Software Engineer in Security January 2022-January 2023 Helsinki, Finland
• At Aiven, I lead the red team and penetration testing efforts for the Aiven software products as
well as the internal Aiven network as part of the internal security program and for compliance
requirements such as PCI-DSS and SOC 2.
• I contribute security-related code to the Aiven code base.
• I contribute to managing the bug bounty program and verify submitted bugs.

Bulb Security LLC. Founder and CTO January 2012-Present Purcellville, VA

• Author of Penetration Testing: A Hands-On Introduction to Hacking from No Starch Press
• Penetration Testing / Red Team – principal for Fortune 50 to small local businesses and
subcontracting for firms such as Rapid7, Optiv, and Manicode Security
• Security Research, Development, Reverse Engineering, Malware Analysis
• Speaker / Trainer – I’ve spoken on six continents including Carbon Black (now VMWare’s)
annual conference, Blackhat, DEF CON, NSA, and West Point
• DARPA Cyber Fast Track project Smartphone Pentest Framework accepted into Backtrack
Penetration Testing distribution
• Technical Security Training
• Patent and Claim Chart Technical Analysis for top tier mobile phone manufacturer

Shevirah Inc. Founder and CTO March 2015-Present Purcellville, VA

• I founded Shevirah in 2015 to commercialize software for penetration testing teams to assess
mobile security solutions leading to more secure enterprise endpoints including smartphones,
tablets, wearables, and the Internet of Things.
• As hackers shifted methods from traditional remote network attacks to social engineering and
new endpoint attacks a gap in enterprise testing emerged. Shevirah closes that gap with both
software for internal test teams and services for businesses without their own standing team.
• Dennis Blair, former US Director of National Intelligence, described Shevirah's tools as "truly
2
 cutting edge".
• The CIO and CTO of the Department of Defense have said that there is nothing like Shevirah's
tools in their arsenal.
• Dagah community edition mobile penetration testing suite was released in Q3 2016
• Dagah professional edition mobile penetration testing suite was released in Q1 2017
• Shevirah has worked with customers from governments, banking, healthcare, etc.
• U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing
• Shevirah is a graduate of the Spring 2015 cohort of the MACH37 Cybersecurity accelerator
program.

University of Maryland Global Campus Adjunct Professor August 2017-Present Adelphi,

MD
• Professor in Cybersecurity courses including Certified Ethical Hacker, Cloud Security, Network
Security, and Senior Capstone
• Cybersecurity course development
• Mentoring and participating in Capture the Flag (CTF) exercises for students

Neohapsis Inc. Security Consultant May 2011-February 2012 Chicago, IL (acquired by Cisco)
• Penetration Testing / Red Team, network assessment, application & mobile application
assessment

Gemini Security Solutions Security Engineer November 2 0 09-April 2011 Chantilly, VA

(acquired by 10Pearls)
• Penetration Testing / Red Team, Remediation Recommendations,
• Software and System Security Policy, Vulnerability Research, Vulnerability Scanning

IBM (National Science Foundation) Security Consultant June 2009-November 2 0 09

Arlington, VA
• Penetration Testing / Red Team, Vulnerability Management, Vulnerability Scanning,
Remediation,
• Intrusion Detection System Monitoring, Incident Response
• Vulnerability Research, Acceptance of Risk Documentation

Volunteer Work

National Cyberwatch Center National Visiting Committee August 2017-2020 Largo, Maryland
• Member of the National Science Foundation National Visiting Committee for the National
Cyberwatch Center.
• The National CyberWatch Center’s Advanced Technological Education program works to
improve technological education at the undergraduate and secondary school levels. Members
of the National Visiting Committee assess the progress of the program, advise the project staff,
and advocate for the program and its projects.

New America Cybersecurity Policy Fellow August 2018-December 2019 Adelphi, MD

• 2018-2019 Cybersecurity Policy Fellow specializing in security for the Internet of Things for the
New America Foundation’s Cybersecurity Initiative.
• The New America Foundation is dedicated to renewing the promise of America by continuing
the quest to realize our nation's highest ideals, honestly confronting the challenges caused by
rapid technological and social change and seizing the opportunities those changes
create. While with New America, I spoke and wrote on cybersecurity, diversity, IoT, IoT
cybersecurity, and mobile cybersecurity.
3
Education
• James Madison University M.S.
Computer Science; Concentrations: Secure Software Engineering, Information Security

• Mary Baldwin College B.A. Program for the Exceptionally Gifted (graduated at age 18)
Major: Mathematics; Minor: Computer Science; Awards: Distinction in the Major

Awards and Fellowships

• New America Cybersecurity Policy Fellow 2018-2019
• Women’s Society of Cyberjutsu Pentest Ninja Award 2015
• Trending 40 Cyber Innovator 2015
• DARPA Cyber Fast Track Grant 2012

Patents
• US Patents 10,432,656 and 11,089,044: “Method and System for Assessing Data Security”,
October 1, 2019, and August 10, 2021
o A method and system for conducting simulated phishing attacks. This may include
identifying a target device from a list, such as a corporate directory, and sending a
message to the device with a link to a website. On the website, the user may be
directed to or enrolled in a network security course, or may be directed to install an
app, which may then be used to gather data or further conduct simulated phishing
attacks on other devices on a network.

Certifications
• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)
• Qualified Ethical Hacker (Q/EH)
• EC-Council Certified Ethical Instructor (CEI)
• NIST 4011
• Mile2 Certified Penetration Testing Consultant (CPTC)
• CompTIA Pentest+

Technical Skills
• Red Teaming, Penetration Testing, Web Application Security, Network Security, Software
Security, Mobile Device and Application Security, Security Training, Reverse Engineering,
Malware Analysis, Research and Development

Selected Computer Security Conferences, Publications, and Training

• Full list of appearances can be found here: https://www.shevirah.com/appearances/
• Blackhat Middle East and Africa, “Pentesting Mobility and Mobile Security Products”, Riyadh,
Saudi Arabia, November 2022
• Bsides Toronto, “Controlled Flight into Terrain: How [NOT] To Succeed at Cybersecurity
Startups”, Toronto, Canada, October 2022
• Pentester Academy Penetration Testing Labs to accompany 2 nd Edition of Penetration
Testing a Hands-On Introduction to Hacking, On demand, January 2021
• Hacker One Hacktivity, Keynote: “If an Autistic Girl from Rural Mississippi Can Make It in
InfoSec, So Can You: A Travelogue”, Online, August 2020
4
 • RSA Conference, “Mobile MFA Challenges: Mobile Device Hygiene and MFA Integrity
Challenges” (with Aaron Turner), San Francisco, CA, March 2020
• Oxford University, “Mobility and IoT Vulnerabilities”, Oxford, UK, January 2020
• Tribe of Hackers Summit, “If an Autistic Girl from Rural Mississippi Can Make It in InfoSec,
So Can You: A Travelogue”, Austin, TX, May 2019
• Bloomberg Sooner Than You Think, “How to Prevent Data Breaches” Panel, New York, NY,
October 2019
• Threatcon, “Bypassing iOS Security using Enterprise Provisioning Hooks and Enterprise
Mobility Management”, Kathmandu, Nepal, September 2019
• OWASP Egypt, “Using Malicious iOS Profiles to Exploit iDevices”, Cairo, Egypt, September
2019
• Carbon Black Connect, Keynote: “Ten Years into Mobility: Has Security Caught Up?”, San
Diego, CA, June 2019
• Dreamport, “The Perimeter Has Been Shattered: Cybersecurity in the Age of Mobility”,
Columbia, MD, June 2019
• Agora: Exploring the Outer Reach of Technology and Personal Development “Cybersecurity
Lion Repellant” Tucson, Arizona, September 2018
• Roadsec, “Atacando e defendendo mobilidade e IoT na rede empresarial”, Salvador, Brazil,
June 2018
• Defcon China, “Hands-On Exploit Development” training, Beijing, China, June 2018
• Sasakawa International Cybersecurity Symposium “Anti-Phishing Behavior Modification for
Mobile Devices”, Tokyo, Japan, March 2017
• Cisco SecCon, “Nine Years into Mobility Has Security Caught Up?”, San Francisco, CA,
November 2016
• Australia Information Security Association Summit “Nine Years into Mobility Has Security
Caught Up?”, Melbourne, Australia, October 2015
• Smartphone Pentest Framework tool – funded by DARPA Cyber Fast Track program
accepted into Backtrack Linux distribution
• Penetration Testing: A Hands-on Introduction to Hacking No Starch Press June 2014 (Over
40,000 copies sold, released in 5 languages, updated 2nd edition currently in production)
• Black Hat USA “Hands-On Exploit Development” class, Las Vegas, NV, August 2014
• Black Hat Europe “Assessing BYOD with the Smartphone Pentest Framework”, Amsterdam,
NL March 2013
• Black Hat Middle East “Introducing the Smartphone Pentest Framework”, Abu Dhabi, UAE,
December 2012
• Hack in the Box Europe “Bypassing the Android Permission Model”, Amsterdam, NL, May
2012
• Hacker Halted USA 2011 “Transparent Smartphone Spying” Dallas, TX, October 2011
• Shmoocon 2011 "Transparent Botnet Control for Smartphones over SMS" Washington, DC,
January 2011

Refereed Academic Publications

• Riskin, A. Weidman G. “On Edge Graceful Labelings of Disjoint Unions of 2r-regular Edge
Graceful Graphs”, Bulletin of the Institute of Combinatorics and its Applications, arXiv #:
math/0605234 May 2006

Selected Media
• Selected media appearances including video can be found here:
https://www.shevirah.com/media/
• Featured expert in PBS’s RoadTrip Nation cybersecurity documentary Life Hackers
5
• Expert for ABC World News Tonight on the Apple vs. FBI Case
• Expert of NBC Nightly News on WannaCry Malware Attack
• Segment on 16x9 The Bigger Picture on Georgia’s Smartphone Botnet Research
• MIT Technology Review article on Georgia’s research: “Smartphone Zombie Apocalypse”
https://www.technologyreview.com/s/422458/smart-phone-zombie-apocalypse/
• Forbes article with quotes from Georgia: “Tools To Hack Android Phones Are Getting Easier
To Use” https://www.forbes.com/sites/parmyolson/2013/08/08/tools-to-hack-android-phones-
are-getting-easier-to-use/#1ef5a6c0abc7
• The Register article on Georgia’s research: “Don’t Fear 1337 Exploits. Sloppy Mobile
Phishing Defenses a much bigger Corp IT Security Threat”
https://www.theregister.com/2018/07/05/mobile_enterprise_security_appseceu/
• The Hill Op-ed by Georgia: “No More Hoarding Zero Days” http://thehill.com/blogs/congress-
blog/technology/282122-no-more-hoarding-zero-days