I'm Shane Jones — independent offensive security consultant with over a decade running adversary simulation and penetration testing programs at enterprise scale.

Most recently at TrustedSec as Security Consultant II, I served as the internal GCP subject matter expert, built custom enumeration and exploitation frameworks, and led engagements across network, application, cloud, and social engineering disciplines.

The AI security practice grew out of that work. Adversarial testing of LLM applications uses the same operator mindset as red team engagements — assume the constraints are wrong, look for the gap between policy and implementation, find what produces leverage. I run engagements using promptfoo, Garak, and manual prompt-engineering against live endpoints.

The secure development practice is where the security and engineering sides converge. I've been writing production code for 17+ years, most of that in a professional context. When clients need a system architected, built, or reviewed with security baked in from day one rather than retrofitted at the end, that's the work.

Before TrustedSec: Red Team Consultant at BMO Harris, Security Consultant at Optiv for three years, and Information Security Analyst at JPMorgan Chase where I earned my OSCP and coordinated a global NAC deployment.

I work independently. Direct access, no account managers, clear scope from day one.

LLM Red-Team Prompt Injection promptfoo Garak OWASP LLM Top 10 RAG Security Agent Abuse GCP Red Team Vertex AI AWS Azure / Entra Golang Python Bash Terraform Ansible MITRE ATT&CK D3FEND AI-Assisted Phishing

Ohm Security Advisory

Principal Consultant · 2025–Present

TrustedSec

Security Consultant II · 2022–2025

BMO Harris

Red Team Consultant · 2020–2022

Optiv Security

Security Consultant · 2017–2020

JPMorgan Chase & Co.

Information Security Analyst · 2015–2017

United States Air Force

Security Forces · 2007–2008

Certifications

Offensive Security Certified Professional (OSCP)

GCP Red Team Expert (GRTE)

Featured

On the record.

Public appearances and conversations about the work. More to come as the AI security practice expands.

P-2

LLM-Assisted Phishing in Practice — BSides SATX 2026

Speaker · Upcoming

First public presentation of the AI-assisted phishing methodology I built at TrustedSec. Walks through a real adversary simulation against a national enterprise — executive voice cloned from a single podcast appearance, help-desk pretext, network admin credentials in about five minutes. Covers what worked, what didn't, where defensive controls catch this kind of operation and where they don't. Practitioner-focused, no vendor pitch. The same methodology I run under AI/ML Security engagements.

Talk details →

P-1

Hacking with AI — TrustedSec Security Noise, Ep. 7.18

Podcast Guest · June 2025

Sat down with Geoff Walton and Skyler Tuter to talk about AI in offensive security — voice cloning during live engagements, the AI tooling that actually moves the needle in pentesting, and how to bypass IVR systems with cloned audio. The voice-clone work referenced in the episode is the same engagement methodology I now offer under AI/ML Security.

Watch on YouTube →

Contact

Reach out.

Engagement scope, references, or just a conversation about what you're trying to figure out.

Get in touch