Profile
Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute, where he primarily teaches the use of Python for information security purposes.
Expertise
- Penetration Testing
- Red Teaming
- Malware Development
- Machine Learning and Data Analytics
Qualifications
Achievements & Contributions
- Co-host on the Security Weekly podcast
- Speaker at information security conferences such as DerbyCon
- Former Senior Security Consultant at NWN Corporation, a security innovation SaaS platform
- Former Senior Network Security Architect & Pen Tester at University of North Carolina, Greensboro
Certifications & Credentials
- MS, Computer Science – University of North Carolina, Greensboro
- BS, Mathematics – University of North Carolina, Greensboro
- GPEN, GWAPT, GXPN, GCIA, GCIA Gold–GIAC
Upcoming Events
View More
November 25 2025
2025 November Webinar: AI in Code Development: Make It Fast AND Secure
With an uptick in vibe coding and AI-assisted coding practices in general, organizations are finding their teams are trying to take advantage of the speed and efficiency of AI in development, but this is often at the expense of security. LLMs lean towards functionality over security in code generation tasks. Generated code can contain vulnerabilities such as missing input validation, SQL injection, weak authentication, hardcoded credentials and outdated cryptographic algorithm use. These risks are further amplified by unvetted training data, insecure prompting patterns and a lack of standards for integrating SAST/DAST into AI-assisted development pipelines. Add to that the growing threat of prompt injection, data poisoning and model supply chain compromise, and the attack surface expands fast.
December 03 2025
2025 Q4 Symposium: Agentic AI: Understanding and Securing the Next Wave of AI Systems
The buzz around Agentic AI – the latest form of AI systems designed to autonomously make decisions and act – is rampant. As security leaders grapple to understand the nuances of this next wave of AI excitement, there are many considerations to take into account to determine if, where and how to experiment and accelerate its use within your environment. In this symposium, IANS Faculty cuts through the noise and shares practical insights and recommendations to aid your understanding of the technology, its risks and guardrails for adoption within your enterprise.