Knowledge without sacrifice.

About Us

Odin’s Eye was formed out of a passion for IT security and the desire to make a positive impact in the IT industry. In the profile section below or in our LinkedIn accounts you will see that the individuals that make up Odin’s Eye have decades of experience working for a diverse and global company; this includes: collaboration with teams that are stretched across time zones, understanding and respect for cultural differences, effective communication skills to a wide variety of audiences, and the ability to thrive in ambiguous situations.

From beginning to the end, clients will be working with the individuals that are conducting the assessments. Why is this important? This is not based on a discussion with a salesperson, a regional company representative, or a penetration tester without experience in the business world lacking communication skills. We offer a customizable customer-driven approach to our assessments to ensure that you, the client, are receiving exactly what was agreed upon.

Penetration Testing requires persistence, attention to detail, the ability to see a situation through a unique perspective, and curiosity. Curiosity that has consistently brought us new opportunities for growth within our professional careers for we are eager to branch out into new technologies and arenas within IT. The aforementioned skills are essential to the execution phase of a security assessment; but we offer more than that… At Odin’s Eye we also have a high level view of IT security and its role in an organization; we understand that decisions need to be made intelligently when security gaps are identified. This requires that risks are accurately documented, represented, discussed and weighed against the resource and monetary constraints that all organizations face.

Why Odin’s Eye? Odin was a Norse God that sacrificed one of his eyes so that he could see what was not visible. The phrase “Knowledge without sacrifice.” is a reference to Odin’s sacrifice and our commitment to you, our client, to share with you our insights into your IT security risk profile with options. Options that dictate the cost of the engagement from a general health assessment to an in-depth all-inclusive companywide assessment.

For more insight into who we are, please read our individual profiles below and feel free to contact us through our Contact form or on LinkedIn.

Odin’s Eye, LLC LinkedIn Profile

Kenny Herold

- LinkedIn Profile

Professional Experience

Fifteen years of IT experience, twelve years of IT security experience and over four years leading and executing penetration testing engagements for a Fortune-10 multinational company as well as leading technical requirements adherence for PCI Compliance. A total of 9 years penetration testing.

SANS (System Administration, Networking, and Security Institute) training: SEC542 Web Application Penetration Testing and Ethical Hacking, SEC561 Intense Hands-on Pen Testing Skill Development (with SANS NetWars), SEC575 Mobile Device Security and Ethical Hacking, SEC617 Wireless Ethical Hacking Penetration Testing and Defenses, SEC642 Advanced Web Application Penetration Testing and Ethical Hacking, SEC660 Advanced Penetration Testing Exploit Writing and Ethical Hacking. Offensive Security training in Penetration testing with BackTrack (PWB) and Penetration testing with Kali (PWK), McAfee Incident Response and Forensics. GIAC Web Application Penetration Testing certification GWAPT.

Exposure to a diverse set of enterprise deployments of base technologies to manage data, authentication, authorization, and configuration. Engagements including custom applications, 3rd party applications, hosted solutions, and protocol level analysis by utilizing industry standard techniques including automated and manual analysis. Experience penetration testing in non-native-language solutions; a suite of Korean applications, and one application in Chinese.

Technical Experience

Use of vulnerability scanning tools Qualys Vulnerability Scanner, Nessus Vulnerability Scanner, and McAfee Vulnerability Manager. Exploitation tools Core Impact. Penetration testing distributions BackTrack, Kali, MobiSec, and Samurai Web Testing Framework. Penetration testing framework Metasploit. A long list of Mobile Security testing tools for Android and iOS mobile devices. Web Application Penetration Testing, NTOSpider, BurpSuite Professional, W3af, Zed Attack Proxy, Fiddler, etc. Use of real-time analysis tools from Windows SysInternals, Wireshark. Fuzzing tools from Codenomicon Defensics. Experience with PowerShell from an investigative security context. Static Code Analysis, Fortify SCA. Experience in programming languages Perl and Python.

Acknowledgements

Core Impact custom module, Juniper CVE

Julie Herold

- LinkedIn Profile

Professional Experience

9+ years of leading and executing development projects for a top 10 Fortune 500 company; 8+ years of general security experience and 14+ years of IT experience. 5 years of penetration testing. Knowledgeable developer with a technical, abstract, and practical understanding of security threats, risks, and vulnerabilities as they relate to the enterprise. This is evident with many years knowledge of a multitude of programming languages through comprehension, adaptation and retention of the evolution of technology for creating and assessing applications, integrations, and IT infrastructure. As a strong innovator of next-generation solutions, systems, and applications driving major improvements to assigned project deliverables; this has been proven by a definitive leadership approach in steering system architecture decisions and projects from conception to release.

Technical Experience

Use of vulnerability scanning tools Qualys, McAfee Vulnerability Manager. Static Code Analyzer Fortify. Proficiency with Metasploit and Kali penetration tesing framework and distribution. Web Application Penetration Testing, AppSpider, BurpSuite Professional, W3af, Zed Attack Proxy, Fiddler, etc.Programming Languages Microsoft .NET (VB and C#), Java, C, C++, Perl, PHP, CGI, HTML, Java Script, jQuery, Microsoft PowerShell and ActionScript. Databases Oracle and SQL. Use of real-time analysis tools Fiddler and Wireshark.