The Bench

Hi. We’re breakers, builders, and the people in between.

We do this because we love it, and we stick around to help you fix what we find.

REC—— —— ——
CAM 04 · THE BENCH● MOTION
Specialties

The disciplines on the bench.

Software doesn’t find zero-days. People do. These are the disciplines you’re hiring, and the kind of work each one does.

Red Team

Full-scope adversary simulation across cyber, physical, and human, chained to a named objective.

Reached global data access at a $100B+ retailer in 12 days, undetected.

Vulnerability Research

Original research and novel exploitation: the zero-days a scanner has no signature for.

Hardware / Firmware

Embedded, firmware, and device security down to the silicon and the bus.

Firmware implants and supply-chain tampering, demonstrated on real devices.

Cloud & AI / LLM

Identity-graph attack paths in the cloud, and the security of the AI you ship.

Agent tool-abuse and prompt-injection chains against production-style AI stacks.

OT / ICS

Industrial and control systems, tested with uptime and safety as hard constraints.

Plant-floor reachability from corporate IT, proven without stopping a line.

Application Security

Business-logic and authorization flaws: the bugs that require understanding the app.

Broken object-level authorization and workflow abuse past clean scanner runs.

Purple Team

Detection engineering. Every technique either gets caught or earns a new detection.

ATT&CK coverage lifted measurably across live SOC stacks.

Where we came from

The people on this bench came up in operations: government, defense, finance, and frontline security work, in environments where the testing was real and a mistake carried consequences. That’s the experience behind every engagement. Years spent in demanding places, doing this work when it counted.

Leadership

The people who run OSec never left the work.

Mark Stamford, Founder & CEO

Mark Stamford

Founder & CEO
25+ years · UBS · KPMG

Mark started playing with computers at age 8 and grew up to gather over 25 years in cybersecurity, operations, and more. Before founding OSec he worked at UBS and KPMG.

Erin Murtha, Chief Operations Officer

Erin Murtha

Chief Operations Officer
20+ years · ex–Homeland Security

Erin brings over 20 years in organizational performance, growth, and client success. Her prior work includes Homeland Security, running projects of critical national importance.

Cayce Mahon, CTI Director

Cayce Mahon

CTI Director
10+ years · threat intel & vuln research

Cayce leads the CTI team. With over a decade in offensive security operations, he heads threat intelligence and vulnerability research at OSec.

Christian Kimball, Technology Director

Christian Kimball

Technology Director
20+ years · physical security & threat intel

Christian has over 20 years in IT, security, risk management, and building security risk programs. He runs offensive engagements and specializes in physical security and threat intelligence.

Dayse Morales, Head of Customer Success

Dayse Morales

Head of Customer Success
Startup operator · co-founder, Medly NYC

Dayse is a startup operator with a decade in operations, growth, and customer success across tech, edtech, and cannabis. She co-founded and exited the e-commerce startup Medly NYC.

Jimmy Fisher, CTEM Director

Jimmy Fisher

CTEM Director
U.S. Army veteran · OSCP

Jimmy is a cybersecurity practitioner and U.S. Army veteran with multiple certifications, including the OSCP, specializing in offensive security and penetration testing.

Matt Landers, Assessment Director

Matt Landers

Assessment Director
20+ years · vulnerability research

Matt’s career spans over 20 years discovering and researching security vulnerabilities. He is happiest finding unintended uses for common technology stacks.

Mike Jaworski, Dev Team Lead

Mike Jaworski

Dev Team Lead
Full-stack developer · ex–LPL Financial

Mike is a full-stack developer working across front-end, back-end, and cloud: Angular, .NET, Python, SQL, and AWS. Before OSec he built advisor-facing planning tools at LPL Financial.

Spencer Lindgren, Operations Lead

Spencer Lindgren

Operations Lead
Healthcare security · ex–UNC Chapel Hill

Spencer’s background is healthcare technology, encryption, security, and compliance. He has held roles at the telemedicine provider Vigilint and Patronus Medical, and was an assistant adjunct professor at UNC Chapel Hill.

Advisory board

They’ve defended what we go after.

Neil Bryden

35+ years · ex-CISO, KPMG

Neil has over 35 years in IT risk and security, including CISO roles at KPMG and other global enterprises. He has advised CISOs across industries, with depth in governance, architecture, and strategy.

Robert Hayes

Former Microsoft senior fellow

Robert holds board, director, and advisory roles at public and private organizations, mitigating security risk through complex business transformations. A recognized cybersecurity expert and former Microsoft senior fellow.

Philip Niedermair

Cyberspace Solarium Commission

Philip has over 35 years helping companies expand through corporate development, strategic alignment, and relationship building. He is a Senior Advisor to the Cyberspace Solarium Commission.

John Quigg

Johns Hopkins APL · ex-DoD

John is a senior staff member at the Johns Hopkins University Applied Physics Laboratory, supporting the DoD’s work in cloud, 5G, and cyber situational awareness. His background runs from the Airborne Rangers to the DoD.

Chris Reid

Brigadier General (ret.), U.S. Army

Chris is Chief of Staff for Elastic’s US Public Sector. He retired after 36 years in the US Army, where he served as a Brigadier General across Cyber and Special Operations assignments at home and overseas.

Book a 30-min call