Derek Rush, a Managing Senior Consultant, brings vast proficiency in application penetration testing and network penetration testing, both static and dynamic, to the table. With a wealth of experience, Derek has successfully performed dynamic testing for a range of high-profile clients in the healthcare, government, and logistics sectors.
His expertise is backed by a list of impressive certifications, including Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Practical Web Application Penetration Testing (PWAPT), eLearnSecurity Web Application Penetration Tester (eWPT), and eLearnSecurity Certified Professional Penetration Tester (eCPPT).
Derek has presented at industry conferences such as the North Texas ISSA Cyber Security Conference and the Middle Tennessee Cyber Summit. His insights have also been shared through podcasts and written contributions to the media.
Derek holds a Bachelor of Science in Information Security from Purdue University.
From Derek Rush
Blog / Industry
Enabling Proper PCI Testing with Internal Penetration Tests
Jun 11, 2026
Blog / Technical Research
Otto Support - Logging and Visibility in MCP Servers
May 14, 2026
Blog / Technical Research
Otto-Support - Supply Chain Risks in MCP Servers
May 13, 2026
Blog / Technical Research
Otto Support - The Confused Deputy
May 08, 2026
Blog / Technical Research
Otto Support - SSRF and Token Passthrough with MCP
May 07, 2026
Blog / Technical Research
Otto Support - Excessive Agency and Tool Privileges
May 06, 2026
Blog / Technical Research
Otto Support – An MCP, Agentic-AI Security Challenge
Apr 23, 2026
Blog / Technical Research
GenAI DevOps: More Code, More Problems
Dec 30, 2025
Event
Derek Rush to Present at Cyber AI & Automation Summit
December 4, 2024
Blog / Technical Research
Exploring Large Language Models: Local LLM CTF & Lab
Sep 11, 2024
Resource / Virtual Sessions
Beyond Checkbox Compliance: Maximizing Security Value from PCI DSS Penetration Testing
Feb 28, 2024
Blog / Industry
Enabling Proper PCI Testing with External Penetration Tests
Feb 14, 2024
Resource / Virtual Sessions
Combatting Adversaries: Proactive Social Engineering & Network Testing
Sep 19, 2023
Resource / Virtual Sessions
Combatting Adversaries: Proactive Social Engineering & Network Testing
Jan 01, 2023