Ken Pickering - Medfield, Massachusetts, United States | Professional Profile | LinkedIn (original) (raw)

Activity

Licenses & Certifications

• Sun/Oracle J2SE 5 Software Developer

Sun Microsystems

Volunteer Experience

Member, Program Advisory Committee

ITT Technical Institute

Nov 2012 - Dec 2016 4 years 2 months
Education
Involved in curriculum and student advisement.

Publications

• Encounters of the Third Kind between Pentesting and Automated Planning

Workshop on Problem Solving using Classical Planners (CP4PS) at AAAI 2012 Conference. July 22, 2012

Penetration Testing (in short pentesting) is a methodology for assessing network security, by generating and executing possible hacking attacks. As pentesting tools have evolved and have become more complex, covering new attack vectors, and shipping an increasing number of exploits, the problem of controlling the pentesting solution successfully became an important question. A computer-generated plan for an attack would isolate the user from the complexity of selecting suitable exploits for the…
Penetration Testing (in short pentesting) is a methodology for assessing network security, by generating and executing possible hacking attacks. As pentesting tools have evolved and have become more complex, covering new attack vectors, and shipping an increasing number of exploits, the problem of controlling the pentesting solution successfully became an important question. A computer-generated plan for an attack would isolate the user from the complexity of selecting suitable exploits for the hosts in the target network. Additionally, the possibility of incorporating an attack planning phase to the tool would allow for optimizations based on exploit running time, reliability, or impact on Intrusion Detection Systems.
In this talk, we will discuss the difficulties of solving this attack planning problem, and present the first industrial-scale solution that we obtained by integrating our pentesting tool with a classical planner. The basic idea was to model the actions available in the pentesting tool (namely exploits) and the information about the target network (machines, connectivity, operating systems, and running applications) in the PDDL language. This PDDL model allowed us to evaluate different planners until we decided to use Metric-FF (developed by Jörg Hoffman), based on its performance. As a result, we were able to obtain plans that minimize the average runtime of the attacks in real-world scenarios.
See publication

• Code Theft is Not Really Theft

Core Security Blog April 12, 2012

The government ruling that “code theft” does not constitute as actual criminal theft might not seem at first to be a huge deal. But in reality – at least to software companies that produce their own intellectual property – it does pose a significant challenge.
See publication

• Why Corporate Sponsored Hacking is a Good Thing

Core Security Blog February 28, 2012

Google Inc recently posted a challenge offering up to $1M to successful hackers at CanSecWest who can hack the Chrome Web Browser. In contrast to Adobe’s recent decry of the ethical hacking movement, Google seems to have gone the opposite direction and embraced the independent security community.
See publication

• I LoveYou, Not Your Spam

Core Security Blog February 14, 2012

Valentine’s Day! The day we show the affection to those special to us in our lives… and a day many will click on emails that are e-cards, special offers or social networking invites.
It’s no secret that those that seek to infiltrate our networks will use social trends and *gasp* a holiday representing goodwill.
See publication

• The Day the LOLcats Died

Core Security Blog January 19, 2012

Yesterday’s ‘technology blackout’ was a pretty profound moment for our industry. Not often do corporations align their political and policy views.
See publication

• We Are All Commanders

Core Security Blog January 17, 2012

I wanted to talk a little about why I (and the rest of my team) like working on our Insight product this week. There are very few times in someone’s career where they can work on something that’s technologically cutting edge AND addressing an industry need.
See publication

• Drop the SOPA

Core Security Blog December 20, 2011

Once again, the government has shown themselves to be uneducated when it comes to forming technology policy. SOPA has very deep impact on the Internet at large, and gives the US government the ability to regulate search and content providers who (under the mysterious clarification) are distributing or linking to copyrighted content (be it movies or even images a holder wishes to enforce).
See publication

Patents

• Digital Debt Obligiation Transaction System to Facilitate Non-Cash Payments Without Using Personally Identifiable Information Data

Filed June 6, 2014 US 62/008,964

Projects

• CoreSec

Nov 2012

Worked as a part of the control service team on adding a feature that enabled customized search for the user. Did mainly core Java programming. Work also involved interacting with the products database using SQL, unit testing, and having a working knowledge of Hibernate and Spring frameworks.
Other creators

• Core Insight Enterprise

Dec 2009 - Present

Preempt business risk with predictive security intelligence
CORE Insight™ Enterprise is the first security intelligence solution that enables you to continuously predict IT security threats and preempt business risk. By combining advanced threat simulation with real-world threat replication, Insight allows you to:
- Improve security, optimize budgets and increase efficiency
- Predict threats without disrupting operations
- Reveal the business implications of security…
Preempt business risk with predictive security intelligence
CORE Insight™ Enterprise is the first security intelligence solution that enables you to continuously predict IT security threats and preempt business risk. By combining advanced threat simulation with real-world threat replication, Insight allows you to:
- Improve security, optimize budgets and increase efficiency
- Predict threats without disrupting operations
- Reveal the business implications of security exposures
- Eliminate data overload and gain actionable information
- Connect real risks to specific operational and business goals
- Make the right decisions to ensure business continuity
Other creators

• 
  See project

Languages

• English

Native or bilingual proficiency

Recommendations received

More activity by Ken

Other similar profiles

Explore collaborative articles

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Explore More

Others named Ken Pickering in United States

30 others named Ken Pickering in United States are on LinkedIn

See others named Ken Pickering

Add new skills with these courses