About

Herm Cardona: Your Cybersecurity Consultant

Greetings, I’m Herm Cardona, a seasoned cybersecurity consultant specializing in ethical hacking, penetration testing, and data security.

With 20 years of service to the country—7 in Army active duty and 13 as a Foreign Service Specialist in the US Department of State—I bring a unique blend of operational experience, intelligence analysis, and hands-on technical expertise. Over the past 9 years, I have conducted penetration testing for organizations such as Computer Sciences Corporation, DXC Technology, Baptist Health, and Winmill Software, strengthening their security postures against evolving threats.

I hold multiple industry-recognized certifications, including OSCP, CASP+, MITRE ATT&CK, CSI Linux Dark Web Investigator, ChatGPT for Ethical Hacking, and Maltego Advanced, which attest to my proficiency in identifying vulnerabilities, assessing cyber threats, and conducting in-depth investigations. My expertise extends to Wi-Fi attacks, hardware hacking (Internet of Things), physical security (certified locksmith), and radio electronics, holding both an FCC General Radiotelephone Operator License (GROL) and an Amateur General license.

My analytical and reporting skills were honed during my tenure as an intelligence analyst at the Bureau of Intelligence and Research (INR) at the U.S. Department of State. Additionally, I hold a Master’s degree in Strategic Intelligence from the National Intelligence University, further reinforcing my ability to assess and mitigate security threats from a strategic perspective.

With this diverse skill set, I offer a comprehensive approach to cybersecurity, bridging digital and physical security to protect critical assets against emerging threats.

What I Offer:

  • Penetration Testing: As an authorized penetration tester, I specialize in pinpointing vulnerabilities in systems, applications, and networks. My OSCP certification reflects my ability to use advanced techniques to uncover weaknesses and provide actionable solutions.
  • Security Education: I am passionate about knowledge sharing. My articles, tutorials, and code examples are designed to demystify complex cybersecurity concepts and help clients bolster their defenses.
  • Dark Web Investigation: Leveraging my CSI Linux Dark Web Investigator certification, I delve into the hidden corners of the internet to uncover potential threats and protect your digital footprint.
  • Artificial Intelligence: I leverage Generative AI tools like ChatGPT, ChatGPTBypass, and ShellGPT to expedite repetitive tasks, write scripts, generate social engineering pretexts, create chat-bots, and configure vulnerability scanners. I am certified by the EC Council on using ChatGPT for Ethical Hacking.
  • Application Security: In my present role I focus on Application Security and Web Application Penetration Testing.
  • Physical Security: Expertise in Physical Security Assessments with an Infosec and Counterintelligence focus. Certified Professional Locksmith.
  • Critical Urban Infrastructure: MIT-certified Critical Urban Infrastructure Cybersecurity Assessment Specialist
  • Cyber-Threat Intelligence: MITRE ATT&CK certified: Adversary Emulation, Cyber Threat Intelligence Analysis, SOC Assessments, and Purple Teaming
  • Counterintelligence: Former Counterintelligence Special Agent in the US Army with extensive training in the administration of security programs (Infosec, Comsec, Physical Security), personnel background investigations, and criminal investigations of national security scope, and special operations.

Why Choose Me:

  • Proven Expertise: With a history of successful projects and a track record of earning the trust of clients, I provide effective solutions tailored to your specific needs.
  • Dedication to Your Security: I am committed to helping you safeguard your digital assets. Your security is my top priority.

Let’s Secure Your Future:

Don’t leave your cybersecurity to chance. Together, we can fortify your defenses and ensure that your digital assets remain protected.

Thank you for considering me as your cybersecurity consultant. Your security is my mission.