Draft:Tod Beardsley

Beardsley was born in Chicago, Illinois, in 1974. He received a Bachelor's of Science degree in Information Technology Management from Western Governors University in 2013.{{Cite web |last=Steven |date=2018-03-30 |title=Balancing Usability and Cybersecurity in IoT Devices |url=https://sdm.mit.edu/balancing-usability-and-cybersecurity-in-iot-devices/ |access-date=2025-03-08 |website=MIT SDM - System Design and Management |language=en-US}}

Beardsley has spent his career in cybersecurity in both offensive and defensive roles at various large organizations before his time in the United States federal government.

From 2010 through 2023, Beardsley was in various technical engineering, research, and management roles at Rapid7,{{Cite web |last=Girling |first=William |date=2020-09-03 |title=Rapid7 NICER - starting a conversation on internet security |url=https://fintechmagazine.com/company-reports/rapid7-nicer-starting-conversation-internet-security |access-date=2025-03-08 |website=fintechmagazine.com |language=en}} eventually managing security engineers in vulnerability disclosure and security research efforts.{{Cite web |last=Dallaway |first=Eleanor |date=2017-03-08 |title=Rapid7's Tod Beardsley: the day in the life of a research director |url=https://www.infosecurity-magazine.com/interviews/life-of-a-research-director/ |access-date=2025-03-08 |website=Infosecurity Magazine |language=en-gb}} He was originally recruited to manage the Metasploit open-source project transition into the commercial Metasploit Pro and Metasploit Express.{{Cite web |last=Shooter |first=Kayleigh |date=2020-06-10 |title=Full Episode: Tod Beardsley, Director of Research At Rapid7 |url=https://technologymagazine.com/videos/full-episode-tod-beardsley-director-research-rapid7 |access-date=2025-03-08 |website=technologymagazine.com |language=en}}{{Cite AV media |url=https://www.youtube.com/watch?si=-6l-nvpZj6QiM0ou&v=yFHA5F2crFE&feature=youtu.be |title=SecureNinjaTV Blackhat 2013 Tod Beardsley - Metasploit 10th Anniversary |date=2013-08-01 |last=SecureNinjaTV |access-date=2025-03-08 |via=YouTube}} Beardsley had been a contributor to the open-source project during his time employed at BreakingPoint Systems.{{Cite web |title=History for Home · rapid7/metasploit-framework Wiki |url=https://github.com/rapid7/metasploit-framework/wiki/Home/_history |access-date=2025-03-08 |website=GitHub |language=en}}

Metasploit was not the first security product to be relicensed from an open-source license to a proprietary license (notably Nessus, re-licensed by Tenable{{Cite web |last=Olenick |first=Doug |date=2019-03-06 |title=SC Media's 30th anniversary award winners |url=https://www.scworld.com/news/celebrating-30-years-in-cybersecuity |access-date=2025-03-10 |website=SC Media |language=en}}; and nmap which changed to the NPS license - considered non-free{{Cite web |title=Nmap Public Source License (NPSL) Version 0.92 - legal - Fedora mailing-lists |url=https://lists.fedoraproject.org/archives/list/legal@lists.fedoraproject.org/thread/GZIDC4DHXZP67LFU7P2OT2AQVDJRHZ2M/ |access-date=2025-03-10 |website=lists.fedoraproject.org |language=en}} predate it) however, Beardsley is noted for being the first to ensure that the Framework exploits and core tools remained free and MIT licensed, a first in Information Security software{{Cite web |title=Metasploit Hacking Tool Now Open for Licensing |url=https://www.darkreading.com/cyber-risk/metasploit-hacking-tool-now-open-for-licensing |access-date=2025-03-10 |website=www.darkreading.com |language=en}}{{Cite web |title=metasploit-framework/LICENSE at master · rapid7/metasploit-framework |url=https://github.com/rapid7/metasploit-framework/blob/master/LICENSE |access-date=2025-03-10 |website=GitHub |language=en}}.

Prior to joining CISA and contributing to securing U.S. elections{{Cite web |title=Election Security {{!}} Cybersecurity and Infrastructure Security Agency CISA |url=https://www.cisa.gov/topics/election-security |access-date=2025-03-08 |website=www.cisa.gov}} as a member of the Vulnerability Response section for coordinated security disclosure, vulnerability management, and vulnerability response & coordination (CSD/VM/VRC); Beardsley was already involved in United States election security. Beardsley spoke publicly at the 27th DEF CON conference in 2019 with the talk Securing Voting Systems Beyond Paper Ballots{{Cite AV media |url=https://www.youtube.com/watch?si=yTspB53XRbZe2zTS&v=lfYqNObOhNU&feature=youtu.be |title=Tod Beardsley - Securing Voting Systems Beyond Paper Ballots - DEF CON 27 Voting Village |date=2019-12-11 |last=DEFCONConference |access-date=2025-03-08 |via=YouTube}} as well as threat modeling at the 2020 RSA Conference.{{Cite AV media |url=https://www.youtube.com/watch?si=rG_JS1LYBo9Sa8WI&v=UsZoHJTuEvg&feature=youtu.be |title=Hacking & Securing Elections - Tod Beardsley - RSAC 2020 |date=2020-02-25 |last=Security Weekly - A CRA Resource |access-date=2025-03-08 |via=YouTube}} He is a registered Travis County Election Judge.{{Cite web |date=2025-02-04 |title=Cybersecurity 2025: Risks & Strategies |url=https://www.austinforum.org/events/february-4-2025 |access-date=2025-03-08 |website=The Austin Forum on Technology & Society |language=en-US}}

Beardsley joined CISA in 2023, and worked on the KEV database, the first catalog of its kind managed by the US federal government{{Cite web |title=Known Exploited Vulnerabilities Catalog {{!}} CISA |url=https://www.cisa.gov/known-exploited-vulnerabilities-catalog |access-date=2025-03-10 |website=www.cisa.gov |language=en}}. While he did not oversee its 2024 redesign directly, he is notable for being the first to open-source the database synched to CISA, marking the first open-sourced governmental-backed exploit database of its kind{{Citation |title=cisagov/kev-data |date=2025-03-10 |url=https://github.com/cisagov/kev-data |access-date=2025-03-10 |publisher=Cybersecurity and Infrastructure Security Agency}}

In addition to his talks on election security, Beardsley has spoken publicly on a variety of cybersecurity topics. He has spoken at a variety of conventions such as DEF CON,{{Cite AV media |url=https://www.youtube.com/watch?si=SKgwur4RzXB2v2rw&v=cP3HuNsIi4g&feature=youtu.be |title=DEF CON 29 Voting Village - Tod Beardsley - A Deep Dive on Vulnerability Disclosure |date=2021-09-22 |last=DEFCONConference |access-date=2025-03-09 |via=YouTube}}{{Cite AV media |url=https://www.youtube.com/watch?si=2y9UDFoF0cjA9h4l&v=Y8Cpio6z9qA&feature=youtu.be |title=DEF CON 22 - Jim Denaro and Tod Beardsley - How to Disclose an Exploit Without Getting in Trouble |date=2015-01-01 |last=DEFCONConference |access-date=2025-03-09 |via=YouTube}} FirstCon,{{Cite web |title=Program Agenda / 36th Annual FIRST Conference |url=https://www.first.org/conference/2024/program |access-date=2025-03-09 |website=FIRST — Forum of Incident Response and Security Teams |language=en}} B-Sides,{{Cite web |title=BSidesLV 2016 Schedule |url=https://bsideslv2016.sched.com/ |access-date=2025-03-09 |website=bsideslv2016.sched.com |language=en}} the RSA Conference,{{Cite web |date=2022-04-22 |title=The Future of Vulnerability Disclosure Processes (Rapid7) |url=https://www.rsaconference.com/library/Presentation/USA/2022/The%20Future%20of%20Vulnerability%20Disclosure%20Processes%20Rapid7 |access-date=2025-03-09 |website=RSA Conference |language=en}}{{Cite web |title=Tod Beardsley, Rapid7 {{!}} RSA Conference 2020 |url=https://techstrong.tv/videos/rsa-conference-san-francisco-2020/tod-beardsley-rapid7-rsa-conference-2020 |access-date=2025-03-09 |website=Techstrong TV |language=en-US}} and South by Southwest (SxSW).{{Cite web |title=KEV Confidential: Tales of True Crime in the Digital Age |url=https://schedule.sxsw.com/2025/events/PP153751 |access-date=2025-03-09 |website=SXSW 2025 Schedule |language=en}}

Beardsley is a founder of Austin, Texas-based Austin Hackers Anonymous (AHA!), an InfoSec meeting and working group of professionals, as well as acting CVE Numbering Authority (CNA) point-of-contact for the organization since 2023.{{Cite web |title=Tod Beardsley |url=https://schedule.sxsw.com/2025/speakers/2938 |access-date=2025-03-09 |website=SXSW 2025 Schedule |language=en}} Beardsley is notable for gaining AHA! its CNA status, making it the first professional research meetup to do so worldwide and one of only 300 CNAs around the world that existed at the time.{{Cite web |url=https://www.cve.org/PartnerInformation/ListofPartners/partner/AHA |access-date=2025-03-10 |website=www.cve.org}}{{Cite web |last1=Parra |first1=Dex Wesley |date=March 10, 2023 |title=Austin Hackers Group Gets Recognition From Global Body |url=https://www.austinchronicle.com/news/2023-03-10/austin-hackers-group-gets-recognition-from-global-body/ |access-date=2025-03-09 |website=www.austinchronicle.com |language=en-US}}

Along with fellow cybersecurity expert Jen Ellis, Beardsley hosted the Security Nation podcast from 2019 through 2023.{{Cite web |title=Luminary. A new way to podcast |url=https://luminarypodcasts.com/listen/jen-ellis-and-tod-beardsley/security-nation/02bed738-7706-4981-8a6e-4f52c483d751 |access-date=2025-03-08 |website=luminarypodcasts.com |language=en}} Since 2020, he has produced the horror podcast Podsothoth: A Lovecraft Book Club with his partner under his production company, Huge Success, LLC.{{Cite web |title="Huge Success, LLC" in podcasts |url=https://www.listennotes.com/search/?q=%22Huge%20Success,%20LLC%22&scope=podcast&only_in=author |access-date=2025-03-08 |website=Listen Notes |language=en}}

At some point between January and May of 2020, Texas senator John Cornyn blocked Beardsley on X (then twitter). After multiple phone calls, emails, letters, and faxes to the senator's office in order to remove the block; Beardsley filed suit in court - claiming, "Cornyn has knowingly and willfully censored and punished (Beardsley), and others, with a reckless and callous disregard for constitutional rights." and "Cornyn engaged in 'viewpoint-based discrimination and censorship' on a public forum"{{Cite web |title=Sen. Cornyn unblocks Twitter critic after lawsuit |url=https://www.statesman.com/story/news/politics/2020/05/01/sen-cornyn-unblocks-twitter-critic-after-lawsuit/1259222007/ |access-date=2025-03-09 |website=Austin American-Statesman |language=en-US}}

This lawsuit followed similar twitter-blocking lawsuits at the time, specifically against U.S. Representative Alexandria Ocasio-Cortez (who settled out of court and unblocked the plaintiff, Dov Hikind{{Cite news |last=Gold |first=Michael |date=2019-11-04 |title=Ocasio-Cortez Apologizes for Blocking Critic on Twitter |url=https://www.nytimes.com/2019/11/04/nyregion/alexandria-ocasio-cortez-twitter-dov-hikind.html |access-date=2025-03-09 |work=The New York Times |language=en-US |issn=0362-4331}}) and President Donald Trump, who was ordered to unblock users by the New York Court of Appeals.{{Cite news |last=Savage |first=Charlie |date=2018-06-05 |title=White House Unblocks Twitter Users Who Sued Trump, but Appeals Ruling |url=https://www.nytimes.com/2018/06/05/us/politics/trump-twitter-account-lawsuit.html |access-date=2025-03-09 |work=The New York Times |language=en-US |issn=0362-4331}}

Cornyn unblocked Beardsley the day after the suit was filed. A spokesman for the senator said Beardsley was "inadvertently" blocked.

Beardsley has a variety of published works{{Cite web |title=Tod Beardsley |url=https://scholar.google.com/citations?user=SbB2geMAAAAJ&hl=en&oi=ao |access-date=2025-03-09 |website=scholar.google.com}} including exploits in Internet of Things devices such as baby monitors{{Cite web |title=Google Scholar |url=https://scholar.google.com/scholar?hl=en&as_sdt=0,44&cluster=16050669878281148751 |access-date=2025-03-09 |website=scholar.google.com}} and insulin pumps,{{Cite journal |last1=Stanislav |first1=Mark |last2=Beardsley |first2=Tod |date=2015 |title=Hacking iot: A case study on baby monitor exposures and vulnerabilities |url=https://scholar.google.com/citations?view_op=view_citation&hl=en&user=SbB2geMAAAAJ&citation_for_view=SbB2geMAAAAJ:W7OEmFMy1HYC#:~:text=%5BPDF%5D%20from%20kasperskycontenthub.com |journal=Rapid7 Report}} phishing attacks,{{Cite web |title=‪Evolution of phishing attacks, January 2005‬ |url=https://scholar.google.com/citations?view_op=view_citation&hl=en&user=SbB2geMAAAAJ&citation_for_view=SbB2geMAAAAJ:9yKSN-GCB0IC#:~:text=Scholar%20articles-,Evolution%20of%20phishing%20attacks,%20January%202005,-T%20Beardsley%C2%A0-%20Downloaded |access-date=2025-03-09 |website=scholar.google.com}}{{Cite web |title=‪Phishing Detection and Prevention‬ |url=https://scholar.google.com/citations?view_op=view_citation&hl=en&user=SbB2geMAAAAJ&citation_for_view=SbB2geMAAAAJ:zYLM7Y9cAGgC#:~:text=Scholar%20articles-,Phishing%20Detection%20and%20Prevention,-PCF%20Solutions |access-date=2025-03-09 |website=scholar.google.com}} and intrusion detection.{{Cite web |title=‪Intrusion Detection and Analysis: Theory, Techniques, and Tools‬ |url=https://scholar.google.com/citations?view_op=view_citation&hl=en&user=SbB2geMAAAAJ&citation_for_view=SbB2geMAAAAJ:u5HHmVD_uO8C#:~:text=Scholar%20articles-,Intrusion%20Detection%20and%20Analysis:%20Theory,%20Techniques,%20and%20Tools,-TA%20Beardsley,%20GG |access-date=2025-03-09 |website=scholar.google.com}}