I’m a Principal Infrastructure Security Engineer by day. The majority of my work day is spent on things like securing Azure, AWS, Terraform, DevOps workflows, Windows Security and Active Directory.

Prior to my current role, I spent many years working on Active Directory and Security at Microsoft and was awarded the Microsoft Certified Master (MCM) credential for Active Directory along the way. I later moved into the Windows Kernel Engineering team and worked on Windows 8 and 10.

I fought my way through the Offensive Security OSCE (& the OSCP, OSWP and GXPN) and take every chance I can to do Offensive Security work. I only mention the certifications because while I love my day job, I am passionate about exploit development and both Offensive Security and SAN’s have excellent courses and exams to test yourself in that space. I’m also part of the Synack Red Team where I get a chance to look for vulnerabilities in systems on an ad-hoc basis.

This website is a small effort to contribute to the broader security community. I try to add notes when something comes up that seems interesting and/or potentially useful to others.

If you work for a charity or non-profit organization that helps people and you could use some security (or infrastructure) advice please get in touch. I’d be genuinely happy to assist where I can. I love this stuff 😊


Chad Duffey

Blue Team -> Exploit Development & things in-between

Back to Overview