Principal Staff Members
Insomnia's technical team consists of thirteen full time members, including five principal consultancy members, with well over 40 years combined commercial information security experience: Brett Moore, Adam Boileau and Mark Piper. Mr Boileau is the only practicing consultant in New Zealand to currently hold the UK CREST certification, a requirement for performing penetration testing for Her Majesty's Government.
Insomnia's junior consultants are always paired with and supervised by principal consultants, with a strong corporate focus on maintaining the quality of work delivered regardless of the staff members involved.
Brett, Adam and Mark are all well respected and visible members of the New Zealand information security industry, with a significant history of research, technical leadership and a thorough, multidisciplinary approach to information security.
Beyond consultancy, Insomnia and its staff are involved in industry forums such as the NZ Internet Task Force, the In2Security industry mentor programme, and participate in security research and conferences domestically and internationally.
Having conducted vulnerability assessments, network reviews and penetration tests for the majority of the large companies in New Zealand, company founder Brett Moore brings with him over ten years' experience in information security.
Brett has extensive experience with penetration testing and has performed hundreds of assessments for clients in software development, security, travel, finance, telecommunications, media, manufacturing, aerospace, military, and accounting services. As the lead technical consultant at Insomnia Security, he works with clients to discover and solve network and application problems that threaten their business goals and assets, helping them understand the risks that could affect their industry and organisation, and clarifying the difference between technical and business concepts.
Brett has released numerous technical white papers and postings in relation to security issues and how companies can address them in their specialised environments, and is considered an expert on various aspects of computer security. His body of work also includes deep investigation into such topics as Windows shatter attacks and heap exploitation where he has pioneered both attack and defensive techniques.
Over the past years, Brett has also worked with companies such as SUN Microsystems, Skype Limited and Microsoft Corporation by reporting and helping to fix security vulnerabilities in their products. During this time he has also spoken at a number of security conferences both locally and overseas, including Microsoft's by-invitation only internal security conference BlueHat.
Adam brings extensive experience with networking, Unix, wireless, reverse engineering and code review. With a background including Unix systems administration, programming, ISP network engineering and product development combined with over eight years' security consultancy experience, he is well equipped to tackle complex and technical enterprise security challenges.
As a principal security consultant at Insomnia Security, Adam has conducted security reviews across a large range of industries, and has a deep interest in the core backbone networking infrastructure that large enterprises deploy.
In addition, Adam heads up the Insomnia Security vulnerability research team, and is highly skilled at creating functional attack tools, which are often used by our attack team to improve testing efficiency.
Adam has presented at industry conferences including Blackhat, Defcon, Ruxcon and Kiwicon, and gained recognition for some of his security tools, including SSH session hijacking and Firewire forensics and authentication bypass. Adams's pioneering research into Firewire memory access has led to the development of tools utilised by criminal investigation teams worldwide.
More recently, Adam has undertaken research in cloud-scale security-focussed network reconnaissance and data-mining. This has resulted in the implementation of a country-scale system, providing situational awareness for national CERTs and other operational security practitioners. Mr Boileau has presented this by invitation at national CERT-sponsored events in Europe, where it is in active use by these groups.
Beyond Insomnia, Adam is co-host with Patrick Gray of the multi-award winning weekly information security news podcast, Risky Business and has appeared as a guest panelist on TV3's Media 3.
Mark has worked in the security consulting space for the last ten years, and specialises in enterprise web application security. His background of network engineering and complex system integration provides him with a solid understanding of large interactive environments, and he commonly finds issues in the data exchange between such systems.
Mark has a background in operational systems and network administration in critical infrastructure, telecommunications and internet service provider roles. An effective written communicator, he produces high-quality deliverables and is an effective, professional interface with clients.
Within Insomnia, Mark leads complex code reviews of enterprise-scale multi-tiered applications for Insomnia's top-tier international customers. His combined approach of code analysis with targeted, goal-oriented penetration testing results in effective coverage of complex multi-million-line software packages, and delivers customers meaningful security improvement.
Mark is particularly focussed on education and engagement, regularly presenting to customer engineering teams, law-enforcement, students and software developers. His independent research for these presentations ranges widely from penetration-testing methodology, secure software development through to state-sponsored cyber-war.