Jesper Larsson

Jesper is a freelance security specialist and vulnerability researcher with several years experience working for multinational clients spanning several fields. He has been active in the IT Industry since 2003 and with Cure53 since 2016 as a penetration tester focusing on technical infrastructure with focus on orchestrations, infrastructure-as-code, deployment pipelines, cloud implementation and integrations. He has been instrumental in implementing secure infrastructure solutions worldwide.

Throughout his different projects Jesper has audited numerous open source projects for a plethora of foundations and companies, such as the CNCF, Mozilla foundation and Linux foundation.

One of jesper passions is online privacy. Throughout his different projects with Cure53 ha has audited a large number of VPN providers and their supporting infrastructure. As a part of on ongoing assignment Jesper acts as the Security advisor for the Swedish based VPN Provider Mullvad, Where privacy is the number one focus area for its clients.

Experiences

Skills

• Security Advisor
  Take advantage of our years of experience as we help you establish a security plan from start to finish.
  We’ll also support you in maintaining a security culture, including setting goals, managing your threat model, examining risks, and creating incident response processes. Consider us your mentor, educator, or sounding board for all aspects of IT security.
  
• Penetration Testing
  Whether you’re in the private or public sector, we offer a wide variety of penetration tests ranging from classic web applications and network infrastructure to cloud deployments and ICS/SCADA systems.
  Our preference for white-box testing allows for comprehensive audits and a wide array of methodologies.
• Internal - External Network Security Assessment (Windows/Linux)
• Security Assessments
  Wherever you are in a project’s phase, assessing the situation at bird’s-eye level provides invaluable insight. We’ll identify any security gaps found between the current design and the expected outcome, and give you our analysis of how to proceed
• Cloud & Infrastructure Architecture
  As infrastructure becomes more complex and reliant on third parties such as AWS, Azure, and Google Cloud Services, understanding all aspects of the security model is important for maintaining both reliable and secure networks. We’ll help you navigate the security pitfalls faced when designing, implementing, and maintaining modern and secure infrastructures.
• Embedded Testing
  IoT devices, implementations for routers and home optimization systems, and even toys – we provide thorough testing for your embedded device. Embedded testing is not only an effective way to reveal bugs and improve performance but also helps to reduce risk for the end user and can decrease your development costs.


Programming Languages & Tools

Interests

In the hopes of helping to make the Internet a better place, I have audited numerous open source projects for a variety of nonprofits such as the Cloud Native Computing Foundation, Mozilla foundation and Linux foundation.

In order to introduce new security rockstars and security companies I co-founded Security Fest - www.securityfest.com, an annual conference held in Gothenburg, Sweden, as a means to help spread industry knowledge. In my spare time, I hosts and produces a podcast called Säkerhetspodcasten www.sakerhetspodcasten.se, the first security releated podcast in Sweden.

Publications, Research & Talks

• Talk DefCamp - Security pitfalls in script-able infrastructure pipelines
• Talk OWASP Gothenburg - Hacking embedded systems for fun and profit
• Pre confrences interview for DefCamp
• RCE Juniper Firewall SRX-series - CVE-2018-001
• Public Report - Mullvad VPN
• Public Report - TunnelBear VPN
• Public Report - Dapr
• Public Report - CNCF RunC
• Public Report - CNCF Helm
• Public Report - CNCF Habor
• Public Report - CNCF gRPC