Andrew Crotty
Cyber Network Defense Analyst 3, Us Army Reserves Warrant Officer
Phoenix, Arizona, United States
Actions
Andy Crotty is a TS/SCI-cleared cybersecurity professional with over a decade of experience in cyber threat detection, incident response, and security engineering across federal, financial, and enterprise environments. He currently serves as a Cyber Network Defense Analyst 3 with Leidos, supporting the Department of Homeland Security in a 24x7x365 NOSC environment. In this role, Andy leads high-impact investigations, develops and optimizes detection logic aligned to MITRE ATT&CK, and mentors junior analysts to strengthen operational readiness and cyber defense capabilities.
A U.S. Army Warrant Officer with over 15 years of military service, Andy has led teams in advanced persistent threat (APT) analysis, cyber threat hunting, and defensive operations for the Department of Defense. His civilian career includes senior roles in security operations for Wells Fargo and the State of Arizona Department of Homeland Security, where he enhanced detection strategies, streamlined incident response workflows, and strengthened enterprise security postures.
Beyond his operational work, Andy is passionate about cybersecurity community engagement and mentorship. At DEFCON 33, he served as a staff member for Noob Village, where he coordinated community-focused activities including volunteer outreach, CTF raffle setup, and securing sponsors to provide prizes. Through his YouTube channel GingerHacker and mentorship initiatives, Andy continues to guide aspiring cybersecurity professionals, sharing practical insights on breaking into the field, building technical skills, and navigating a rapidly evolving threat landscape.
Area of Expertise
Topics
From Law Enforcement to Cybersecurity: Building Skills That Matter
Transitioning into cybersecurity from a non-technical background may seem intimidating, but it’s entirely achievable with the right approach. In this talk, I’ll share my journey from law enforcement to cybersecurity, highlighting how key skills such as investigative intuition, evidence handling, and tactical thinking directly map to cybersecurity roles. I’ll discuss practical methods I used to learn technical concepts, including leveraging free and low-cost resources and hands-on labs, and building real-world experience without a traditional IT background. Attendees will leave with actionable strategies, including how to network effectively, choose relevant certifications, and translate existing skills into cybersecurity success. Whether you’re starting from scratch or pivoting careers, this session will provide practical steps to make your transition smoother and more impactful.
key Takeaways:
• How to leverage non-technical skills for cybersecurity roles (e.g., investigative techniques for threat hunting)
• Practical resources and strategies for gaining technical skills on a budget
• Networking and community engagement tactics to build credibility and opportunities
• Actionable steps to transition from any non-technical career into cybersecurity
• Lessons learned from a real-world transition: mistakes to avoid and strategies that work
GrrCON 2025 Upcoming
OopsSec: The Day I Made the DMV Even Slower
This is the tail of how a brand new Sr analyst ( Me ) and and intern took down the DMV Docusign for a day and a half. In this talk, I’ll walk you through a moment where good intentions and layered security collided with government workflows”resulting in DocuSign being blocked across a critical state agency. The culprit? A phishing report on a legitimate DocuSign email that triggered an automated block, creating an unintentional DoS on bureaucracy itself.
We’ll dive into: ( Always blame the intern ! ) just kidding !!
– The anatomy of a well-crafted, legitimate email that looked phishy enough to get blocked
– How false positives in phishing reporting workflows can lead to wide-scale operational impacts
– The (lack of) escalation paths between SOC teams and business-critical SaaS usage
– Balancing security with usability, especially when signatures mean progress
– Lessons learned in root cause analysis, user education, and incident response for non-malicious events
– This session isn’t about blaming tools”it’s about understanding how the human element, combined with automated security actions, can create unintended outages. If you’ve ever had to explain to leadership why no one can sign anything… this one’s for you.
– Also will tie in breaking into cyber as this was my first cyber job leaving law enforcement ! learned tons by both success, questions, and mistakes !
BSidesCache 2025 Sessionize Event Upcoming
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top