Jon Coon, President, is a CEH certified information security professional with over 10 years experience in application and network security, incident response and policy development, and three years experience in PCI-DSS compliance issues. Jon conducted his first application layer penetration test in 2001, and his first penetration test for PCI compliance in 2007.
Jon's past experience includes over fifteen years programming experience in client-server, database, web and e- commerce applications in several languages, architectures and platforms. In addition to conventional programming, his experience includes having personally written PCI compliant web application firewall solutions, encryption key management solutions, and central logging solutions.
Jon's security experience includes subcontracting and re-branding penetration testing services on behalf of certified QSA and ASV companies. He has personally conducted hundreds of penetration tests for PCI compliance for QSA and ASV business partners, in addition to testing performed directly for end clients. He has extensive experience with PCI penetration testing, including facilitating and coordinating communication and deliverables with QSA companies engaged in audit.
His deep testing experience does not end with PCI related testing. He has tested and subsequently compromised systems housing national law enforcement data, systems requiring HIPPA compliance, and numerous private, municipal, county and state government systems.
As High Bit's president and technical leader, Jon has mandated that all penetration tests are conducted by certified security professionals. PCI-DSS does not specify which certifications are appropriate for penetration testing. In fact, PCI-DSS does not specify that any certification is required. High Bit requires its penetration testers to hold at least one of the following industry recognized professional certifications: GSEC, GWAPT, GPEN or CEH. In addition, our penetration testers are required to have real world web development experience in at least two base languages, frameworks and platforms.