About
Brad Doctor is a senior technology and security executive with more than 20 issued…
Activity
-
My wife Kathy just got nominated for a James Beard Award ‼️ For anyone outside the food world: the Beards are the Oscars of food. There is nothing…
My wife Kathy just got nominated for a James Beard Award ‼️ For anyone outside the food world: the Beards are the Oscars of food. There is nothing…
Liked by Brad Doctor
-
Two cities. Same focus. Boston and New York behind us. Another roadshow centered on building relationships that matter and a community that shows…
Two cities. Same focus. Boston and New York behind us. Another roadshow centered on building relationships that matter and a community that shows…
Liked by Brad Doctor
Experience
-
-
-
-
-
-
-
-
-
-
-
Licenses & Certifications
Volunteer Experience
-
Guest Lecturer - ITP Masters program
University of Colorado Boulder
- 2 years 1 month
Education
I led the security component for the ITP program for two semesters. This included a hands-on lab component with a CTF element, and was very well rated by the masters students.
-
Secretary and President
ISSA Denver Chapter
- 1 year 1 month
Science and Technology
Voted in as the chapter Secretary, then assumed President role after the former President resigned due to relocation.
Publications
-
Simply Secure. How Reducing IT Complexity Reaps Amazing Security Benefits
VMware on VMware Blogs
See publicationHow reducing complexity helps security posture
-
Level 3 Communications corporate security blog
Level 3 Communications
See publicationTopical articles on the security industry.
Patents
-
Hybrid cloud network monitoring system for tenant use (#2)
Issued US 10,944,811
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first…
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.
-
APPARATUS, SYSTEM AND METHOD FOR IDENTIFYING AND MITIGATING MALICIOUS NETWORK THREATS (#3)
Filed US 20200344246
Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat
-
Apparatus, system and method for identifying and mitigating malicious network threats (#2)
Issued US 10,721,243
Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat.
-
Authentication system and method
Issued US 10,708,276
A system includes least one processor in communication with a memory storing instructions, the at least one processor to receive an authentication request comprising authentication information from a user requesting access to a computing device connected to a communications network, determine a type of authentication request sent by the user, transmit the authentication request to an appropriate authentication server responsive to the type of authentication request, receive an authentication…
A system includes least one processor in communication with a memory storing instructions, the at least one processor to receive an authentication request comprising authentication information from a user requesting access to a computing device connected to a communications network, determine a type of authentication request sent by the user, transmit the authentication request to an appropriate authentication server responsive to the type of authentication request, receive an authentication response from the appropriate authentication server, determine a permission level for the user requesting access to the computing device and attach the permission level to the authentication response, and transmit the authentication response to the user requesting access to the computing device.
-
APPARATUS, SYSTEM AND METHOD FOR IDENTIFYING AND MITIGATING MALICIOUS NETWORK THREATS
Filed US 20190104136
-
Apparatus, system and method for identifying and mitigating malicious network threats
Issued US 10,129,270
Implementations of the present disclosure involve a system and/or method for identifying and mitigating malicious network threats. Network data associated is retrieved from various sources across a network and analyzed to identify a malicious network threat. When a threat is found, the system performs a mitigating action to neutralize the malicious network threat.
-
System and method for a security asset manager #4
Issued US 10,097,575
See patentImplementations of the present disclosure involve a system and/or method of performing security asset management. The system and/or method may schedule vulnerability scanners to scan the various portions of one or more networks and obtain the results of the vulnerability scans. IP addresses may be assigned to each of vulnerability scanners to scan. The system obtains the results of the vulnerability scans and may adjust the results of the scans according to configuration of the one or more…
Implementations of the present disclosure involve a system and/or method of performing security asset management. The system and/or method may schedule vulnerability scanners to scan the various portions of one or more networks and obtain the results of the vulnerability scans. IP addresses may be assigned to each of vulnerability scanners to scan. The system obtains the results of the vulnerability scans and may adjust the results of the scans according to configuration of the one or more networks that an IP address is associated with. The system and/or method may also assign and reassign IP addresses amongst the scanners to optimize scanning speed.
-
SYSTEM AND METHOD FOR A SECURITY ASSET MANAGER #4
Filed US 20180091545
See patentImplementations of the present disclosure involve a system and/or method of performing security asset management. The system and/or method may schedule vulnerability scanners to scan the various portions of one or more networks and obtain the results of the vulnerability scans. IP addresses may be assigned to each of vulnerability scanners to scan. The system obtains the results of the vulnerability scans and may adjust the results of the scans according to configuration of the one or more…
Implementations of the present disclosure involve a system and/or method of performing security asset management. The system and/or method may schedule vulnerability scanners to scan the various portions of one or more networks and obtain the results of the vulnerability scans. IP addresses may be assigned to each of vulnerability scanners to scan. The system obtains the results of the vulnerability scans and may adjust the results of the scans according to configuration of the one or more networks that an IP address is associated with. The system and/or method may also assign and reassign IP addresses amongst the scanners to optimize scanning speed.
-
HYBRID CLOUD NETWORK MONITORING SYSTEM FOR TENANT USE (#1)
Issued US 9,860,309
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first…
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.
Other inventors -
-
System and method for a security asset manager - #3
Issued US 9,838,414
-
System and method for a security asset manager #2
Issued US 9,503,481
-
Method and system to associate a geographic location information with a network address using a combination of automated and manual processes
Issued US 9,413,712
-
AUTHENTICATION SYSTEM AND METHOD #1
Issued US 9,202,031
-
Method and system to associate geographic location information with a network address using a combination of automated and manual processes
Issued US 9,021,080
-
HYBRID CLOUD NETWORK MONITORING SYSTEM FOR TENANT USE (#2)
US 20180109602
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first…
Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM.
-
Method and apparatus for estimating a geographic location of a networked entity
US 6,684,250
-
Method and system to collect geographic location information for a network address utilizing geographically dispersed data collection agents
US 7,809,857
-
Method and system to initiate geolocation activities on demand and responsive to receipt of a query
US 7,472,172
-
Method and system to modify geolocation activities based on logged query information
US 7,072,963
-
Network Monitoring System with Enhanced Performance
US 20090092057
Honors & Awards
-
CSO Magazine CSO50 2016 honoree for top industry program
CSO Magazine
-
2011-2013 Level (3) ELP leadership graduate
-
-
2012 GTI Leadership recognition
-
More activity by Brad
-
The tide is changing. Background screening can no longer be static or one-dimensional—it has to be continuous. This morning at Collaborate 2026…
The tide is changing. Background screening can no longer be static or one-dimensional—it has to be continuous. This morning at Collaborate 2026…
Liked by Brad Doctor
-
For those it concerns, Last week I resigned as Candriam CISO, I am in the transition phase to a new job, more on this soon (you saw these posts…
For those it concerns, Last week I resigned as Candriam CISO, I am in the transition phase to a new job, more on this soon (you saw these posts…
Liked by Brad Doctor
-
Excellent way to start this Thursday morning! Thrilled to share more recognition for the First Advantage team. 👏 #WeAreFA
Excellent way to start this Thursday morning! Thrilled to share more recognition for the First Advantage team. 👏 #WeAreFA
Liked by Brad Doctor
-
If you're attending the conference, I look forward to seeing you outside around the fire.
If you're attending the conference, I look forward to seeing you outside around the fire.
Liked by Brad Doctor
-
Our Aramco champion Lauren Coughlin is back for the JM Eagle LA Championship! Sending best wishes to our Brand Ambassador for a great weekend on the…
Our Aramco champion Lauren Coughlin is back for the JM Eagle LA Championship! Sending best wishes to our Brand Ambassador for a great weekend on the…
Liked by Brad Doctor
-
Introducing the sponsors behind Collaborate 2026. ✨ Join us in welcoming ID.me, Premier Biotech, SambaSafety, Fama Technologies Inc., Amazon Web…
Introducing the sponsors behind Collaborate 2026. ✨ Join us in welcoming ID.me, Premier Biotech, SambaSafety, Fama Technologies Inc., Amazon Web…
Liked by Brad Doctor
-
With the Mythos discovery and remediation efforts completely dominating the airwaves lately, it’s easy to get swept up in the noise. However, I’d be…
With the Mythos discovery and remediation efforts completely dominating the airwaves lately, it’s easy to get swept up in the noise. However, I’d be…
Liked by Brad Doctor
-
Shortly after my first book, Never Enough, came out in 2021, I received a call from an unknown number. On the other end was UConn MBB coach Dan…
Shortly after my first book, Never Enough, came out in 2021, I received a call from an unknown number. On the other end was UConn MBB coach Dan…
Liked by Brad Doctor
-
Are you an expert in your field, daydreaming about your next career move? Chances are, we've got a match for you! From roles in product and…
Are you an expert in your field, daydreaming about your next career move? Chances are, we've got a match for you! From roles in product and…
Liked by Brad Doctor
-
Yesterday marked two years at First Advantage, and I am grateful for the opportunity to work alongside such thoughtful, driven, and high‑integrity…
Yesterday marked two years at First Advantage, and I am grateful for the opportunity to work alongside such thoughtful, driven, and high‑integrity…
Liked by Brad Doctor
-
A new Crowdstrike article was published highlighting the partnership with Lumen Technologies. There are some good quotes in there, but I might be a…
A new Crowdstrike article was published highlighting the partnership with Lumen Technologies. There are some good quotes in there, but I might be a…
Liked by Brad Doctor
-
Honored to have been nominated as a 2026 CFO of the Year by the Atlanta Business Chronicle. Huge thanks to the First Advantage team, and especially…
Honored to have been nominated as a 2026 CFO of the Year by the Atlanta Business Chronicle. Huge thanks to the First Advantage team, and especially…
Liked by Brad Doctor
-
Our First Advantage brand ambassador, Lauren Coughlin, just dominated in Las Vegas. What a win!
Our First Advantage brand ambassador, Lauren Coughlin, just dominated in Las Vegas. What a win!
Liked by Brad Doctor
Other similar profiles
Explore more posts
-
Daniel Young
Here’s a pattern I’m seeing more often: More sites. More assessments. More reporting expectations. Same headcount. Security teams are being asked to scale output without scaling structure. So what happens? Assessments become episodic. Reporting takes too long. Prioritization becomes subjective. And leaders spend more time translating risk than reducing it. This isn’t a capability issue. It’s an architecture issue. At some point, physical security has to operate with the same operational discipline as finance and IT. Otherwise it stays in permanent catch-up mode. For security people overseeing medium to large portfolios (20+ sites): What’s currently your biggest bottleneck volume, visibility, or validation? And why do you think this is?
1 Comment -
CYBER DEFENSE MAROC
Not all alerts are created equal. Master alert triage by focusing on context: asset criticality, attack vector, and threat intelligence. Prioritize what threatens your crown jewels first, then tackle the noise. Efficient triage = faster response, less burnout. Your SOC’s secret weapon? Smarter, not harder. 🔍 #Cybersecurity #AlertTriage
-
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
1 Comment -
The Cyber Security Hub™
Download Pentera Labs Report - revealing three new critical injection points in the ingress-nginx controller, building on Wiz’s IngressNightmare CVE. These overlooked vulnerabilities could let attackers hijack traffic, spoof headers, or reach unauthorized backend services - They exist in one of the most widely used ingress controllers in Kubernetes, putting countless environments at risk. This research highlights how small misconfigurations can lead to major exposure in modern cloud-native architectures. What’s Inside: ✅ 3 new injection vulnerabilities in ingress-nginx ✅ How attackers find and exploit CVEs in open source ✅ Actionable tips to secure your Kubernetes environment https://lnkd.in/eHtX6EdP
1 Comment -
CVERiskPilot
CVERiskPilot Beta 2.0 is live. We built CVERiskPilot to help security teams turn raw vulnerability exports into evidence-backed, reviewable remediation decisions without overstating certainty. Beta 2.0 includes: - Multi-tenant authenticated workflows - Uploads for JSON, SARIF, CSV, and XLSX - Findings triage and deep review - Remediation ticket workflows - Executive reporting - Billing and release-readiness foundations - Auditor-facing self-assessment and evidence-tracking views What matters most to us is trust: - Clear tenant isolation boundaries - Reviewable workflows - Advisory AI, not black-box automation - Evidence-oriented operations and release discipline This is still beta, and we’re treating it like beta: real workflows, real hardening, real feedback loops. If you lead vulnerability management, platform security, or security operations and want early access or want to help shape the product, we’d love to connect. #CyberSecurity #VulnerabilityManagement #AppSec #SecurityOperations #DevSecOps #SaaS #B2B #BetaLaunch
-
Corero Network Security
🚨 Just released: Corero’s 2025 Threat Intelligence Report 🚨 DDoS atacks are no longer just big floods.They're frequency, evasion, and protocol pivoting. Key insights: • 11 attacks/day avg. in 2024 • Mid-size attacks declining • Multi-vector attacks on the rise Read the release: https://bit.ly/44kLkn0
-
Emutare
Operationalizing Trust: Fixing the Broken Feedback Loop in Modern SOCs Is your security team chasing ghosts or hunting threats? The "swivel chair" workflow is costing you talent and money. Stop adding more tools and start fixing the broken feedback loop. Discover how to build a human-centric SOC for 2026. Link to the article: https://lnkd.in/dEds7SaQ #CyberSecurity #SOCBurnout #CISO
-
Cymulate
Security leaders: Are you prioritizing what matters, or just reacting? The latest Cymulate blog lays out a CISO's roadmap for real-world threat exposure management. From scoping to mobilization, learn how to validate exposures continuously, prioritize by impact and lead with confidence. It’s time to shift from possible threats to provable threats—and act on what really matters. 🛣 Read the full roadmap: https://hubs.li/Q03DhDXh0
-
Morphisec
🔍 Adaptive Exposure Management (AEM) shifts the paradigm in cyber defense - from visibility to elimination of attacker opportunities. With AEM, your team gains: - Prioritized insights into the exposures that matter most - Continuous monitoring of misconfigurations and control gaps - Automated protection via AMTD for systems you can’t patch right away This datasheet explains how Morphisec turns exposure into defense. Want to learn more? Check out our platform overview: https://hubs.ly/Q03LwhVp0 Follow Alexei Rubinstein, Brad LaPorte, Jayakumar Kurup, CISSP, Michael Gorelik, Richard Benigno, and Ron Reinfeld for more cyber updates!
-
Reach Security
Most security teams are stuck in reactive mode—chasing configs, alerts, and tickets. AI agents take that off their plate by finding, prioritizing, and validating exposures automatically. The result? Security architects and practitioners finally have the space to be proactive—driving strategy, architecture, and transformation instead of firefighting minutiae. #cybersecurity #aiincybersecurity
-
Axoflow
What if your SIEM isn’t the problem — but your data strategy is? 🤔 Security leaders aren’t short on alerts. They’re drowning in them. Pipelines sprawl. Ingest costs spike. Visibility breaks down. And still… threats slip through. It’s not just noise. It’s chaos — and it’s costing teams time, clarity, and control. We launched *Data Strikes Back* to cut through that chaos. 4 episodes are live now. Hosted by syslog-ng creator and our CEO Balázs Scheidler, joined by leading minds like 🇳🇱 Filip Wijnholds, Suheil Bukhzam, Vikas Gopal, and John Jorgensen. This isn’t a rebellion. It’s a return to discipline, structure, and insight. Which episode hit home for you? Listen to the podcast here: https://lnkd.in/dwdSh3KH #SIEMOps #SOCWorkflows #SecurityData #LogPipelineStrategy
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top contentOthers named Brad Doctor
5 others named Brad Doctor are on LinkedIn
See others named Brad Doctor