Our Credentials & History

Get to Know Alasdair Before You Get to Know Alasdair

Dave Russell’s Experience and History

Dave “fizzgig” Russell started life as a developer in 1996 and got his first real taste of security in 1999 while reviewing a classic ASP application that handled taxpayer data. The resulting analysis was thrilling, and he turned that into a full-time security career shortly thereafter.

Initially focusing on application security, which was still a new concept, he eventually branched out and began conducting full-featured pentests. During this time, he released several tools to the security community, the most notable of which were pwdump6 and fgdump - a program still in use and mentioned in books to this day! (He’s blown away every time he sees it.) He also contributed to the Medusa project, an improved and modernized version of the venerable Hydra tool.

As security evolved, he took up significant interest in “applied” security – using security as not only a protection mechanism but also a business-enabler. Focusing on the more business-centric side of security, he became a Payment Card Industry Qualified Security Assessor (PCI QSA), Payment Application QSA (PA-QSA) and helped to found one of the first forensics programs after the old PCI QIRA program transitioned to the PCI Forensic Investigator (PFI) program. He has done extensive work in the HIPAA/HITECH space as well as helping businesses harness security capabilities using frameworks like NIST.

A speaker at a number of conferences including the Infragard SuperConference and Toorcon twice as well as publishing several webinars, Dave enjoys public speaking and presenting, and conducts security training for customers.

Dave holds CISSP, CSSLP and GCFA credentials.

Matthew Jach’s Experience and History

Matthew is a highly creative, client-focused leader whose specialty is providing security consultation, direction, and information security strategy development for companies ranging from small local businesses, to government agencies, to large international enterprises. With nearly 20 years of professional consulting experience, he has provided information security services for internal corporate operations, on developing improved defensive postures and strategies, and the offense side of the equation performing customized penetration testing. In addition to his strong technical skills, Matthew has a knack for facilitating communication and being able to bridge the gap between the technical side of information security and the ‘non-geek’ yet equally complex business side. The combination of these experiences and skills allows Matthew to work closely with customers to achieve better security and risk management capabilities.

Matthew holds CISSP, CISM, and CRISC credentials.

Stacy Jach’s Experience and History

Stacy has spent over 20 years working in accounting and finance, with 5 years relating directly to the world of IT. Her first full-time job was working as a loan clerk in a small credit union. A few months later, they had an opening for an accounting clerk. She jumped at this opportunity because the accounting office was in the basement, hidden away from public view. She has always been a bit of an introverted number-cruncher. While working there, she handled wire transfers, ACH payments, and various other behind-the-scenes accounting tasks. In the years that followed, she worked at several different companies and gained experience with A/R, A/P, sales & use tax, depreciation, G/L entries and payroll. This variety of accounting work was of significant value to her. In May of 2015, she played an integral role in getting Alasdair up and running.