InfosecStuff is an information security research and consulting firm based in Raleigh, North Carolina.  It was started in 2008 by Mark Baldwin who also serves as the principal researcher and consultant at InfosecStuff.  Mark has over 15 years of direct experience in the field of information security and possesses a solid understanding of the threats to information systems.  Moreover, he understands how to use technology and processes to address those threats and mitigate risks to businesses.  Throughout his career, Mark has built and maintained information security programs that have improved system security, reduced risks, and successfully achieved compliance (PCI, Sarbanes-Oxley, HIPAA) for a variety of enterprises in numerous industries.

Presently, Mark is focusing his research on web application security, threat and vulnerability analysis, and web-based malware.  Mark’s research is published on InfosecStuff.com as well as other information security outlets such as Infosec Island.  He is also frequently used as an expert source for online IT sites such as CSOonline.com. He is also working with organizations to test web applications for vulnerabilities before being deployed onto production systems and to design networks that are resistant to both network and application layer attacks.  Using both open source and commercial tools, black and grey box testing techniques, and robust network designs, Mark has helped his clients improve the security of their web applications as well as reduce their cost by integrating security early in the software development and network design process.  By doing so, organizations can greatly improve the security of their applications at a much lower cost than would be required to do so after an application has gone into production.

Mark is currently a Certified Information Systems Security Professional (CISSP), a SANS GIAC Certified Incident Handler (GCIH) and a Certified Information Security Manager (CISM).  He is also a member of the Eastern North Carolina Chapter of Infragard.  He can be contacted by email at mark at infosecstuff.com.

View Mark Baldwin, CISSP's profile on LinkedIn