I'm Derek Martin — a red team analyst at BNP Paribas CIB, where I simulate advanced persistent threats against the infrastructure of a Tier 1 global investment bank. I design and execute full-scope engagements covering network, web application, and Active Directory penetration testing, social engineering, and adversary simulation mapped to MITRE ATT&CK.
What I do day-to-day
I build custom offensive tooling in Python, PowerShell, and Go for payload delivery, C2 communication, and defense evasion. I lead purple team testing cycles — roughly 15 per month — collaborating with detection engineers to validate and improve alerting coverage across the enterprise. When I'm not actively breaking things, I'm producing executive-level engagement reports that translate complex attack chains into business risk.
Before offensive security
I spent 8+ years in software engineering. Most recently, I was Director of Ad Technology at Metric Theory, where I led a 3-person engineering team building API integrations for 10+ advertising platforms, ETL pipelines on BigQuery, and internal tools serving 180+ clients and $157MM+ in managed spend. That engineering background is core to how I operate — I write my own tools, automate entire engagement phases, and think like a developer when I'm looking for attack surface.
The non-linear path
I started my career as an auditor at PwC, worked in accounting and financial analysis, pivoted into ad tech and SaaS development, and eventually found my way to offensive security through Hack The Box, bug bounties, and a relentless curiosity about how things break. I hold a CPA alongside my OSCP+, CISSP, and CPTS — which gives me an unusual perspective on both the technical attack surface and the regulatory/governance context that makes findings actionable.
Certifications
- OSCP+ (Offensive Security Certified Professional Plus)
- CISSP (Certified Information Systems Security Professional)
- CPTS (Certified Penetration Testing Specialist)
- ISC2 Cybersecurity Certification
- CPA (Certified Public Accountant)
Education
B.S. Accounting and B.S. Finance from Villanova University (2002–2006). Continuous learning through Hack The Box (25+ challenges), HTB Academy Pentester Track, and Cybrary.it coursework.