Leon Denard has eleven years of professional experience in the Information Technology field. The most recent years have focused on red teaming, penetration testing, security automation, security architecture, and incident response. Prior roles have focused on systems engineering supporting developers on Windows, AIX, Solaris, and Red Hat Enterprise Linux.


Georgia Southern University - 2012
Bachelors of Science in Information Technology
Minor in Information Systems
Concentrations in SAP, Networking, and Datacenter Administration


July 2021 - Present | Compuquip Cybersecurity

Sr. Off-Sec Engineer / Red Team Lead

  • Tested Sentinelone against Atomic Red team and wrote custom alerts to catch attacks
  • Developed Ansible playbooks to deploy custom SOAR platform, and perform regular system and application updates
  • Wrote a slack bot to aid in SOC investigations to query for WHOIS, ASN, Shodan, InternetDB, Screenshot, CVE Search, and pull Greynoise data
  • Performed penetration test, and vulnerability assessments of customer infrastructure
  • Audited and tested Active Directory infrastructure for common exploits, weak password combinations, configuration issues, and accounts with over-provisioned permissions
  • Automated generation of penetration test and vulnerability assessment reporting
  • Hardened company external and internal infrastructure
  • Modified a Gophish platform to remove built-in IOCs to perform phish testing on customers and employees
  • Developed application to monitor Tor ransomware sites
  • Developed Application to generate reports of SentinelOne agent health
  • Served as a subject matter expert on SentinelOne agent deployment on Linux for a client with 33k+ endpoints
  • Deployed and maintained password cracking systems to audit organizations password complexity using 100gb of collected password dumps
  • Placed in DEFCON's password village for Crack Me If You Can competition (1st - 2021, 2nd - 2022)

May 2021 - July 2021 | ScienceLogic

Sr. Python Developer - Solutions

  • Scripted local development setup for team
  • Audited VMware vSphere test environments to make scalability improvements
  • Setup various VMware vSphere test environments (e.g. vSAN, SRM) to fully test new monitoring automation being written

March 2020 - May 2021 | Intercontinental Exchange / NYSE

Manager, Cybersecurity Automation - Information Security

  • Automated tracking of randomized Red Team tests deployed across the enterprise to identify detection gaps
  • Remotely on-boarded two new direct reports during a pandemic
  • Created detections that align with MITRE ATT&CK framework
  • Automated auditing of open issues to see if they needed to be re-evaluated based on updated CVE data
  • Created a fully REST API to pull data on users, machines, IPs, domains, firewall rules, and incidents based on user- inputted search term
  • Maintained server infrastructure that was core to the whole Information Security department as it tracked information on application compliance and ran over 170 reoccurring tasks
  • Deployed and wrote custom integrations for augmented reality tool, Polarity, to increase collaboration and provide instantaneous data during an incident or daily workflow

February 2018 - March 2020 | Intercontinental Exchange / NYSE

Senior Cybersecurity Engineer - Information Security

  • Mentored teammates with on-boarding, python scripting, malware analysis, and architecture of new products being built out
  • Managed incidents from infection to containment to remediation
  • Lead effort with a PoC to prove password complexity policies were too simplistic
  • Wrote custom modules to consolidate open-services found via vulnerability scanners, Masscan, NMap, and Shodan to identify unauthorized services available to the internet and influenced policy creation to remediate problems found
  • Wrote custom module to identify websites without hardened SSL/TLS and sites that answer only with http
  • Wrote automated testing to make sure email security controls worked and to alert the user if they failed
  • Data-mined and created custom management and c-level reports about the phish testing data to identify and alert users that needed further training
  • Maintained, monitored, and tuned many IDS/IPS systems for email and web traffic
  • Maintained, monitored, and tuned antivirus and memory protection policies to align with business needs and protection
  • Monitored logs for anomalous events and initiate incident response processes to remediate issues
  • Maintained, and used sandboxed environments to do static analysis and detonate malware
  • Malware Analysis Crash Course by the Mandiant Flare team

October 2016 - February 2018 | Intercontinental Exchange / NYSE

Cybersecurity Engineer - Information Security

  • Automated analysis of user reported phish emails to expedite triaging and, in some cases, process the report without human interaction which was estimated to over 2000 man-hours a year saved
  • Wrote web-based utility to query 24+ APIs for everything from user information to domain/IP information to file hash reputation to quickly aid in investigations
  • The Shellcode Lab by Threat Intelligence Pty Ltd

January 2016 - October 2016 | ACI Worldwide

Senior Systems Administrator - Corp IT

  • Member of Architecture Council as the Systems Security Subject Matter Expert
  • Utilized Security tools such as nmap in scripts to identify and auto-remediate vulnerabilities by shutting off insecure services or configuring insecure application configurations to be secure
  • Subject matter expert on vulnerability remediation and mass automation for Unix, Linux, and Windows on operating systems and applications
  • Wrote scripts to scan for SSH banners to establish baseline to find honeypots on the network
  • Wrote scripts to automate internal Red Team's screenshotting of found vulnerabilities saving hundreds of man hours
  • Managed remediation of penetration test results
  • Regularly Audited Systems for Security threats and insecure configurations via scripts
  • Lead and managed effort to remediate overall company-wide vulnerability reports
  • Lead efforts to close many open audit items against various departments due to security concerns
  • Wrote scripts to validate and remediate vulnerabilities and then presented the data in a web application dashboard to track progress
  • Regularly Architected large solutions to enhance user-end experience
  • Data mined Vulnerability reports to find patching gaps

November 2013 - January 2015 | ACI Worldwide

Unix Systems Administrator - Corp IT

  • Lead programming and culture change effort to remediate over one million vulnerabilities in a year after switching to authenticated scans
  • Wrote various scripts to fix audit issues and other scripts to automate long intensive processes to comply with policy
  • Worked closely with the Security department to stay on top of patching, recently found exploits/vulnerabilities, and configuration issues
  • Assisted end-users with performance issues, configuration needs, hardening of applications, and other day-to-day operations
  • Monitored the datacenter with daily walks to look for hardware failures

June 2012 - November 2013 | EarthLink

Information Security Analyst - Enterprise Information Security

  • Automated tedious functions of fraud and abuse work saving 3 hours a day
  • Coordinated with infrastructure teams for vulnerability remediation as subject matter expert on system and application vulnerabilities found with scans and manual audits of systems
  • Developed in-house applications to report and act on spam, phishing and other acceptable use policy violation trends based on POP logs, SMTP logs, and 3rd party intelligence
  • Created a database to track trends of abuse such as dictionary attacks, directory harvesting, and recidivism
  • Development automated processes to shutdown accounts with malicious/abusive activity
  • Conducted analysis of trending threats and how to mitigate those risk
  • Provided incident response for server compromises and other cases involving malicious intent

December 2010 - June 2012 | Morris Technology LLC

System Administrator - Development

  • Maintained production Linux and Windows servers in a virtualized environment for web applications that hosted over 40 different news sites
  • Wrote various scripts to automate labor intensive processes
  • Interfaced with customers to resolve various daily operational issues
  • Provided desktop support company wide
  • Added new email (exchange) accounts that synced with Postini
  • Added and organized users into Active directory
  • Added/Updated DNS records to correspond with company needs
  • Scaled application servers to adjust for the growing load

Summer 2009 | Briarwood Academy

Intern - IT Department

  • Participated in the creation of Linux based file servers
  • Used imaging servers to re-image an entire computer lab
  • Updated desktop machines; RAM and Operating System
  • Assisted in the architecture, creation, and migration of critical IT auxiliary services



  • Red Hat Enterprise Linux
  • Solaris
  • AIX
  • HP-UX
  • CentOS
  • Ubuntu
  • Mac OS X
  • Windows Server
  • Debian
  • Arch Linux


  • Bash
  • Python
  • Powershell
  • PowerCLI


  • VMware vSphere
  • VMware View
  • Jenkins
  • Apache
  • MySQL
  • Microsoft Active Directory
  • Wireshark
  • Nginx
  • Git
  • Django
  • Tanium
  • Ansible


  • VMware vSphere/ESXi
  • KVM/Libvirt
  • Docker
  • Kubernetes


  • Solarwinds
  • Nagios
  • ScienceLogic SL1

Security Tools

  • NMAP
  • Nessus
  • Nexpose
  • Qualys
  • Metasploit
  • InsightDR
  • InsightVM


  • DHCP
  • SNMP
  • SMTP
  • DNS
  • SCP


  • Cloudflare
  • Cisco Firepower
  • FireEye NX/EX
  • BroIDS/Corelight
  • Darktrace
  • Vectra


  • Cisco Threatgrid
  • FlareVM


  • Exabeam
  • Cylance
  • Symantec
  • Sentinelone

Threat Intelligence

  • Anomali Threatstream
  • Threatconnect
  • Gerynoise



  • Python scripts to automate common linux systems engineering tasks:
  • - Command Central
  • Denard.me - Blog to host technical guides on how to setup applications or systems:
  • - Denard.me
  • RSS concentrator for security and systems operations news
  • - Dashboard
  • LCrawl.com - API driven site to dynamically look at websites and detect possible malicious elements
  • - LCrawl
  • IPRep - API driven site to consolidate multiple IP reputation data sources into a single, fast lookup by a single IP or by CIDR. This site also keeps the first and last seen dates.
  • - IPRep


  • Wrote over 3500 lines of code to pre-process all user-reported phishing reports to cut triage time down to minutes or automatically close the report
  • Wrote custom SSL/TLS scanner to identify sites that had weak ciphers or no SSL/TLS implementation
  • Consolidated all phish reports and phish testing into a single view webpage in-order to identity groups or
  • regions of users needing hands-on training to avoid being victims of phishing
  • Wrote scripting to interface with Nexpose scanners and label vulnerabilities for the respective departments to remediate
  • Wrote tests to make sure that internet available applications had proper IP whitelisting
  • Maintained visualization tools to show active attacks on internet exposed applications
  • Automated password cracking organization-wide (once a week) with Hashcat and Nvidia GTX 2080 to identify areas where password complexity was lacking which required writing a custom ESE database parser
  • Wrote PowerShell scripting to uninstall out-of-date versions of java cross all company owned workstations and servers
  • Implemented Jenkins server to manage all scripts across many build servers
  • Wrote scripts to keep java up-to-date on Linux systems
  • Wrote scripts to configure and secure SNMP using version 3 to properly monitor 2000+ systems
  • Wrote application to pull and parse vulnerability reports to auto report users with default passwords or insecure applications
  • Wrote web application for all of Corp IT and Developers to track remediation effort of vulnerabilities found during weekly scans
  • Consolidated all scanning data into one, central webpage to allow one to file tickets for remediation easily with respectable departments
  • Helped with the tuning of vulnerability scanners, resolved vulnerabilities, and assisted/guided other departments in the remediation of vulnerabilities to resolve more like 1 million vulnerabilities in a single quarter
  • Wrote scripting to change root password on 2000+ systems ranging from Solaris, HP-UX, AIX, and Linux based operating systems which saved 40 man-hours every 45 days
  • Wrote several python/Django applications for monitoring fraud and abuse statistics ranging from dictionary attack and directory mining to recidivism
  • Wrote perl/bash scripts to automate securing of abusive accounts
  • Wrote a web interface for an Ops Team Dashboard to monitor email queue for spikes in fraudulent activity
  • Implemented PXE Boot and TFTP server to remotely install XenServer for a rolling hypervisor upgrade for a cluster of servers running 40 high traffic news sites with minimal downtime
  • Implemented Zenoss Core Open Source IT Management monitoring software to monitor equipment corporate wide
  • Wrote bash scripts interfacing with Dell Open Manage for daily reports of hardware statuses and server disk space usage
  • Upgraded and expanded python web server cluster to newer operating systems for PCI compliance
  • Researched alternative software to replace Windows file servers with a Linux-based operating system
  • Researched monitoring systems for a transition to Nagios for improved secure monitoring of Linux machines over SSH
  • Trouble shot errors occurring from an expanding web infrastructure

Home Lab Projects

  • Virtualized pfSense firewall with multiple VLANS to isolate IoT devices, DMZ, and testing from regular endpoints
  • Graylog server for firewall logs, WIFI logs, speed test, and syslog from Linux machines
  • Used Ansible to create playbook to deploy, configure, update, and monitor VMs
  • Running a 2 node VMware vSphere cluster
  • Multiple versions of Windows Server Active Directory server to test out common domain exploits such as Mimikatz, DCSync, and Kerberoasting
  • Magic Mirror to display current weather data and twitter feed powered by a Raspberry Pi
  • DNS server for local domain, caching, and blocking of ads and malware domains
  • Git server to house custom code and scripts in version control
  • FreeNAS for backups
  • Password cracking build on Archlinux to fast parsing and cracking of password hashes
  • On-perm Kubernetes cluster to run honeypot servers re-deployed/re-built hourly from my gitlab server to experiment with a full CI/CD
  • Zeek to capture JA3s of network connections on local network