Summary
Overview
Work History
Education
Certification
Websites
Toolsets
Timeline
Generic

Ryan Thomason

Mount Juliet,TN

Summary

Seasoned cybersecurity professional with 20+ years of experience in Red Team operations, penetration testing, and offensive/defensive security. Expert in simulating advanced adversary techniques to assess organizational resilience and uncover critical vulnerabilities. Holds multiple premier offensive security certifications, including CRTO (Certified Red Team Operator), CRTL (Certified Red Team Lead), Certified Expert Penetration Tester (CEPT), and Certified Penetration Tester (CPT). Additional credentials include Root9B Offensive Cyber Operator, Certified Reverse Engineering Analyst (CREA), and Certified Computer Forensics Examiner (CCFE), underscoring deep expertise in adversary emulation, incident response, digital forensics, and malware analysis. Proven leader in developing and executing effective remediation strategies across complex enterprise environments.

Overview

2026
2026
years of professional experience
1
1
Certification

Work History

Principal Red Team Operator

United Healthcare Group - OPTUM
10.2024 - Current
  • Adversarial Simulation & Assessment: Participate in adversarial simulations and red team assessments to evaluate and enhance UnitedHealth Group's security posture, identifying vulnerabilities and improving detection and response capabilities. Perform OSINT gathering to identify potential targets and attack vectors.
  • Tool Development: Build custom tools, write shellcode loaders, Beacon Object Files (BOFs), and reflective loaders for Cobalt Strike to support red team operations. Set up and maintain C2 infrastructure for command and control during assessments.
  • Automation & Emerging Technology Research: Develop automation scripts to optimize red team tasks, including creating and testing payloads to circumvent EDR solutions. Continuously research emerging technologies and industry trends to stay ahead of evolving threats.
  • Social Engineering Attacks: Plan and execute social engineering tactics, including phishing and spear-phishing campaigns, to test human vulnerabilities and assess overall security awareness within the organization.

Senior Lead Technologist, Incident Response

Booz Allen Hamilton
6 2023 - 10.2024
  • Supported cybersecurity initiatives by collaborating cross-functionally with the Cybersecurity Operations Center (CSOC). Researched emerging cyber threats, focusing on adversary methods, cyber warfare techniques, and offensive capabilities.
  • Resolved complex malware and intrusion issues through computer host analysis, forensics, and reverse engineering. Analyzed and reported on malware events, files, and network intrusion vulnerabilities. Recommended countermeasures for malware and malicious code exploiting systems.
  • Led response team in monitoring systems, logs, and network traffic, identifying and mitigating incidents. Developed and executed Standard Operating Procedures, managed shift schedules, and ensured SLA compliance.


Senior Advisor, Vulnerability Management Research

Dell Technologies
04.2022 - 06.2023
  • Conducted extensive research and monitoring of new vulnerabilities, attacks, and exploits on infrastructure components and software, significantly bolstering security protocols.
  • Engaged with cross-functional teams, including Threat Intel and Red Team, to assess risks and provide actionable security recommendations. Contributed inputs, IOCs, and specific monitoring strategies to secure impacted assets and components until remediation.
  • Researched existing exploit code for new and critical vulnerabilities and developed proof-of-concept exploit code for testing and evaluating mitigation solutions.

Digital Forensics Analyst

United States Navy, USN
09.2017 - 04.2022
  • Conducted over 100 comprehensive forensic investigations, delivering critical evidence for NCIS and AFOSI criminal proceedings and regulatory actions
  • Expertly performed memory forensics and advanced data recovery techniques to uncover hidden and deleted information, significantly contributing to successful case resolutions.
  • Authored detailed forensic reports and testified as a subject matter expert in legal proceedings, ensuring the integrity and accuracy of digital evidence presented in court.

Digital Forensics & Incident Response Lead

United States Navy, USN
08.2014 - 09.2017
  • Led a dedicated DFIR team in performing advanced host analysis and memory forensics, successfully identifying and neutralizing complex malware threats.
  • Developed and implemented a custom network monitoring platform utilizing Security Onion, BRO/Zeek, and the ELK stack to detect network traffic anomalies.
  • Personally conducted in-depth host-based analysis focusing on memory forensics with Volatility, uncovering critical indicators of compromise and providing actionable intelligence for incident response efforts.

NSA Digital Network Exploitation Analyst

United States Navy, USN
06.2011 - 07.2014
  • Directed and executed high-impact Computer Network Exploitation (CNE) operations, resulting in critical intelligence collection and offensive cyber capabilities enhancement.
  • Pioneered advanced exploitation techniques, achieving a 50% increase in successful penetration of high-value targets
  • Led cross-functional teams in the development and deployment of custom exploitation tools, improving operational efficiency and effectiveness.
  • Conducted detailed analysis of adversary networks, identifying key vulnerabilities and exploitation vectors to inform strategic cyber operations.
  • Trained and mentored junior analysts in CNE methodologies, fostering a highly skilled team capable of executing complex cyber missions.

NSA Red Team Operator

United States Navy, USN
07.2008 - 06.2011
  • Led 11 red team engagements over 3 years, successfully identifying vulnerabilities and weaknesses in network security.
  • Played a key role in Cyber Flag/Cyber Guard exercises, testing and qualifying cyber protection teams.
  • Conducted comprehensive meetings for Rules of Engagement (ROE), ensuring clarity and adherence to operational guidelines
  • Successfully exfiltrated targeted data as defined in the ROE, demonstrating the effectiveness of security protocols and identifying critical gaps.

NSA/CSS System Administrator

United States Navy, USN
3 2002 - 7 2008
  • Maintained cryptologic systems, involving Linux scripting and Windows Active Directory administration.
  • Improved system uptime by 20% through proactive maintenance and efficient troubleshooting.
  • Developed and implemented advanced Linux scripts to automate routine tasks, improving system efficiency and reducing manual workload by 30%.

Education

Master of Science - Cybersecurity Technology

University of Maryland Global Campus
05-2026

Bachelor of Science - Software Development & Security

University of Maryland Global Campus
05.2022

Certification

  • Certified Red Team Lead (CRTL)
  • Certified Red Team Operator (CRTO)
  • SpecterOps Adversary Tactics: Red Team Operations (AT-RTO)
  • BC Security Advanced Threat Emulation: Evasion – Black Hat USA 2025
  • Root9b Offensive Cyber Operator
  • NSA Red Team Operator (Journeyman)
  • Certified Reverse Engineering Analyst (CREA)
  • Certified Expert Penetration Tester (CEPT)
  • Certified Penetration Tester (CPT)

Toolsets

  • Red Team Operations: Cobalt Strike, Metasploit Framework, Powershell Empire, BloodHound, Responder, Mimikatz, PowerSploit, Impacket, Burp Suite, Sliver, Shellter, Veil.
  • Forensics Software: EnCase, FTK Forensic Toolkit, Magnet Forensics, Cellebrite, X-Ways, Volatility
  • Malware Analysis: IDA Pro, Ghidra, OllyDbg, x64dbg, WinDbg, Radare2, CFF Explorer, PE Studio, Dependency Walker, Process Explorer, Process Hacker, ProcMon, RegShot, FakeNET, Fiddler, Wireshark, TCPView, Mandiant Redline, REMNux, FLARE, SIFT, Cuckoo Sandbox, Sysinternals Suite, Detect It Easy (DIE), PEiD, Immunity Debugger, YARA, VirusTotal, Rekall
  • Network Forensics: Wireshark, tcpdump, Bro/Zeek, Snort, Suricata, TShark, Splunk, ELK Stack (Elasticsearch, Logstash, Kibana), Nmap, Security Onion.
  • Programming Languages: Intel Assembly x86/64, C & C++, Python, JAVA

Timeline

Principal Red Team Operator

United Healthcare Group - OPTUM
10.2024 - Current

Senior Advisor, Vulnerability Management Research

Dell Technologies
04.2022 - 06.2023

Digital Forensics Analyst

United States Navy, USN
09.2017 - 04.2022

Digital Forensics & Incident Response Lead

United States Navy, USN
08.2014 - 09.2017

NSA Digital Network Exploitation Analyst

United States Navy, USN
06.2011 - 07.2014

NSA Red Team Operator

United States Navy, USN
07.2008 - 06.2011

Bachelor of Science - Software Development & Security

University of Maryland Global Campus

Senior Lead Technologist, Incident Response

Booz Allen Hamilton
6 2023 - 10.2024

NSA/CSS System Administrator

United States Navy, USN
3 2002 - 7 2008

Master of Science - Cybersecurity Technology

University of Maryland Global Campus

Similar Profiles

  • Andrea Gamez

    Andrea GamezAndrea Gamez

    Physician Assistant at United Healthcare Group/OptumPhysician Assistant at United Healthcare Group/Optum

  • Bob Brunner

    Bob BrunnerBob Brunner

    Regional Account Manager at United Healthcare Group - Optum Specialty PharmacyRegional Account Manager at United Healthcare Group - Optum Specialty Pharmacy

  • DIANA QUIROZ

    DIANA QUIROZDIANA QUIROZ

    Associate Patient Care Coordinator at United Healthcare Group - OPTUMAssociate Patient Care Coordinator at United Healthcare Group - OPTUM

  • Amanda Woodlee

    Amanda WoodleeAmanda Woodlee

    Business Office Manager/ Human Resources Manager at Stoner PropertiesBusiness Office Manager/ Human Resources Manager at Stoner Properties

  • IRODA JURAEVA

    IRODA JURAEVAIRODA JURAEVA

    Teacher at UZBEKISTAN STATE WORLD LANGUAGES UNIVERSITYTeacher at UZBEKISTAN STATE WORLD LANGUAGES UNIVERSITY

CREATE PROFILE
Ryan Thomason