OnDefend Welcomes Terin Williams as Associate Program Director of Strategic Policy Initiatives
Terin brings a rare perspective to cybersecurity—blending national defense experience with a passion for growing cyber talent and resilience at every level. In this interview, she shares how her work with the Army National Guard and CISA fuels her mission to make cybersecurity a true national priority.
Learn a little more about Terin and the expertise she brings in this one-on-one interview:
Q: Your most recent role as Special Assistant to the Director of the Army National Guard for US Army Cyber Matters and your leadership at CISA and the National Guard Bureau gave you a unique perspective on national cybersecurity priorities. As the government’s role evolves and public-private collaboration becomes more critical, how do you see that experience shaping your work at OnDefend to help organizations build real-world resilience in the face of growing threats?
I have had the privilege of engaging cybersecurity from multiple perspectives. At the national level, my experience includes working within the Department of Defense (DoD) and the broader federal government, providing insights into large-scale national security operations.
While state and local governments may not typically focus on national security at this scale, my role in the National Guard has offered me a unique vantage point on state-level cybersecurity initiatives. Additionally, serving as a Cybersecurity and Infrastructure Security Agency (CISA) advisor to the state has deepened my understanding of local cybersecurity challenges and strategies.
In the private sector, my position within the OnDefend ecosystem has allowed me to appreciate the industry’s approach to both cybersecurity and national security concerns. It’s refreshing to see that some private sector entities are taking national security seriously and, more importantly, are willing to do something about it!
Q: How did you get started in cybersecurity?
This is a two-part answer, really:
Part I: I was originally following the medical path, but the military kept pushing me towards information technology. I got my CISSP, and while I hated the exam, I realized my medical aspirations of helping people could be fulfilled on a computer (another passion of mine).
Part II: I started my Master’s in cybersecurity during one of my military mobilizations and got put in charge of standing up cyber in the Ohio National Guard when I returned. I attended Cyber Shield 2013 (a defensive cyber operations exercise in the National Guard) and fell in love…I credit Cyber Shield with most of my growth throughout my cyber career.
Q: Can you walk us through some career highlights?
Honestly, the highlight of my career has been all of the phenomenal people I have had the chance to work with and learn from. But I am always ecstatic about any progress we can make towards national security.
Q: What excites you most about joining OnDefend?
The mission and the people. While I am no longer a public servant, I get to continue to improve national security in the private sector with an amazing and extremely talented team!
Q: Is there a project or accomplishment you’re particularly proud of?
My kids are my greatest accomplishment and I am extremely proud of them! However I am also proud of the many people I have had the privilege to lead throughout my career. The credit is all theirs, but I have benefited from just having the opportunity to work with them!
Q: What’s something people should know about you?
I am the least photogenic person of all times!
Q: Where do you hope to see the state of cybersecurity in five years?
I would like the nation (and even the world) to treat cybersecurity like they do physical security. They will need to with AI and quantum, but I haven’t seen evidence of that yet. More importantly, I would like more people (everyone would be better) in the United States to understand their role in national security when it comes to cybersecurity!
Q: Looking ahead, what would you like your legacy at OnDefend to be?
The leaders and the talent that I help build in others AND the team effort of advancing national security for this great country.
Explore how OnDefend is reimagining security programs and going beyond compliance with experts like Terin Williams, bringing advanced threat emulation and real-world testing to protect organizations around the globe.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/
OnDefend Media Contact:
Lauren Verno, Media@ondefend.com
904-299-3669
OnDefend Welcomes Tim Tomes as Director of Training and Programs
Tim’s career spans elite Army Red Team operations, the development of groundbreaking cybersecurity tools, and thousands of hours spent shaping future defenders. His unique blend of deep technical expertise, instructional skill, and mission-first leadership sets him apart as a true force in the cybersecurity world.
Learn a little more about Tim and the expertise he brings in this one-on-one interview:
Q: What is your role at OnDefend?
In my role as the Director of Training and Programs, I’ll be working to elevate the skill set of the entire OnDefend team in the areas of application security and Red Teaming. I’ll also be working to build an external-facing training program focused on providing technical skills development opportunities in engaging and practical environments. In my role as an Associate Program Director, I’ll be working with the Independent Security Inspector team to ensure that entities operate in good faith and protect the interests of the United States through the distribution and functionality of their U.S. applications and infrastructure.
Q: How did you get started in cybersecurity?
Video games. I know it sounds crazy, but ever since I was a child, I’ve enjoyed video games. Video gaming during the 1980s and 90s was not easy. It required a deep understanding of systems, networking, and in some cases, code. My desire to play video games drove me to study and learn elements of all these disciplines. The technical skillset gained from an effort to play video games led to a degree in Information Systems and a commission in the U.S Army, where I eventually found myself as a team leader on the U.S. Army Red Team. This is where I discovered that everything technical I had learned was from the perspective of how things were supposed to work. The Red Team taught me to think about how things could work, for better or for worse. This changed my perspective on all things technical and launched me into a career in cybersecurity.
Q: Can you walk us through some career highlights?
Sure. The Red Team experience was certainly a highlight. That led to me being asked to lead the development of the Army’s cyber training program (more on this later), and participating in and winning the inaugural SANS NetWars competition at SANS Network Security 2010. Shortly thereafter, I was hired by John Strand as the first FTE for Black Hills Information Security (BHIS), where I helped John grow the company by building out the technical side of the consultancy. While working at BHIS, I created Recon-ng, which is probably what I am most known for in the security community. In an effort to share Recon-ng and other open source projects, I began speaking at conferences, which led to a talk I gave with Violent Python (TJ O’Connor) at ShmooCon 2013 in front of approximately 2500 people. I switched focus exclusively to application security around this time and began teaching web application penetration testing through SANS, and then for my own company in 2017. I’ve trained thousands of people in the public and private sectors and am known in the security community for being an expert in web application security and PortSwigger’s Burp Suite Pro.
Q: What excites you most about joining OnDefend?
Being part of a team again. Mentorship is very important to me, but I’ve spent the past eight years as a team of one. At this stage of my career, I can better serve the community by passing on what I’ve learned to the next generation rather than applying it to one-off situations. The opportunity to contribute to the growing team of application security professionals at OnDefend is definitely what I am most excited about.
Q: Is there a project or accomplishment you’re particularly proud of?
After my time on the Red Team, the Department of Defense was ramping up its cybersecurity efforts, and the Army went looking for uniformed personnel who could help build a program to train cyber operators. I was selected by the Commanding General of the Signal Corps to relocate to Fort Gordon and be the principal architect of the Army’s cyber operator training course (255S). I spent several years leading a team of talented officers and civilian personnel to establish what eventually became the basis for the U.S. Army Cyber Corps.
HoneyBadger and PushPin were two open-source software projects I built during my time at BHIS. They both focused on leveraging web-based geolocation technologies to enhance situational awareness. In the years following the release of these tools, I was made aware of situations where law enforcement leveraged these tools to increase the safety of large community events, investigate crimes, collect critical evidence, locate and apprehend fugitives, and recover abducted individuals.
Q: What’s something people should know about you?
I am an apprentice of Jesus, trying to be like him and do as he did. He was a man of action, character, humility, love, and sacrifice who elevated everyone around him. That’s who I want to be. This is what drives me. It’s the highest of standards. Impossible to achieve, but so worth trying.
Q: Where do you hope to see the state of cybersecurity in five years?
I’m not much of a visionary. I tend to focus on what is practical here and now. But if I had to answer that question, I’d say an industry of professionals that are less reliant on AI and abstractions. I do realize that this is the opposite direction of where we are headed, and in completely opposition to where most people want to go, but I’m hoping that we’ll avoid shortcuts, and do the hard right over the easy wrong. Unfortunately, I think we’ll see humanity lean too heavily on AI and lose expertise in the foundational concepts that are used to build underlying systems. A “brain drain” so-to-speak, resulting in less people with the required level of understanding to solve problems. I believe there will be fewer experts, and the gap between users and experts will grow exponentially with AI making it less necessary to understand fundamentals. Look at something as simple as video games. My entire career was built around the struggle it was to make video games work. All my children have to do is press a single button and everything just works. Mind blowing experiences are so easy to attain. Ironically, using tech has become too easy. There are so many layers of abstraction that fundamental understanding is no longer necessary to be a user, and I believe that will have a major impact over time. So, I’m hoping it doesn’t.
Q: Looking ahead, what would you like your legacy at OnDefend to be?
To leave things better than I found them in every possible way. I want to be remembered as someone that led with humility and character, elevated everyone on the team, and helped to create an accessible source of world class cybersecurity training.
Explore how OnDefend is reimagining security programs and going beyond compliance with experts like Tim Tomes, bringing advanced threat emulation and real-world testing to protect organizations around the globe.
About OnDefend
OnDefend, established in 2016, stands at the forefront of preventative cybersecurity testing and advisory services, a reputation further enhanced by the introduction of its advanced Breach and Attack Simulation (BAS) Software as a Service (SaaS) platform, BlindSPOT. OnDefend is a trusted partner, empowering organizations globally to proactively combat real-world cyber threats. From ensuring compliance with industry standards to building out mature security programs, our mission is to ensure that the security resources our customers invest in are well-utilized, effective, and provide tangible results. For more information about their services and solutions, please visit http://www.ondefend.com/
OnDefend Media Contact:
Lauren Verno, Media@ondefend.com
904-299-3669