Penetration Testing and Vulnerability Assessment

Program Director

Rosemarie Pelletier, DPA

Welcome to Norwich University's Penetration Testing Courses

As a leader in cyber security education, Norwich University understands the network security challenges faced by organizations today. The goal of our Penetration Testing and Vulnerability Assessment courses is to help you and your organization stay at the forefront of this ever-changing field. Learn how to strengthen the defense of your network today.

Read Bio

Dr. Pelletier served as the Secretary of the Virginia State Technology Council where she advised the Executive and Legislative branches on technology policy issues. She chaired the Transportation Technology Advisory Panel in writing the Transportation Technology Blueprint for the Commonwealth of Virginia. She was appointed by Governor George Allen to the Joint Committee on Technology and Science to study and advise on technology and science policies. Appointed by Governor Mark Warner, Dr. Pelletier served on the statewide speakers bureau to address transportation funding issues throughout the Commonwealth. She combines her knowledge and experience in technology policy with her education in public policy and public administration to bring the best of both worlds to Norwich University.

Featured Faculty

Cris Ewell, PhD

Dr. Cris Ewell is the Chief Information Security Officer at Seattle Children’s Hospital, a not-for-profit pediatric hospital, academic medical center, and research institute. As the senior leader in the information security program, he has full strategic and operational oversight for building and managing the security framework, teams, programs, and policies to decrease exposure, drive awareness, and minimize risk for the organization. Along with Seattle Children’s, he has worked with several other organizations to help them implement risk management practices to address information security risks and to promote meaningful dialogue about the information security program with executive management and board members. Prior to joining Seattle Children’s, he served as the director of information security operations at the University of Washington, chief security officer for PEMCO Corporation, and chief technology officer for Breakwater Security. He is certified information systems security professional (CISSP), certified information security manager (CISM), and is a member of IEEE, ACM, AHIMA, and several local information security organizations.

Read more »
Thomas Hyslip, ScD

Dr. Thomas Hyslip is currently the Resident Agent in Charge of the Department of Defense, Defense Criminal Investigative Service (DCIS), Cyber Field Office, Eastern Resident Agency. Prior to joining the DCIS in 2007, he was a special agent with the U.S. Environmental Protection Agency, Criminal Investigation Division, and the U.S. Secret Service. Throughout his 17 years of federal law enforcement, he has specialized in cybercrime investigations and computer forensics. He has testified as an expert witness on computer forensics and network intrusions at numerous federal, state, and local courts. He is also a Lieutenant Colonel in the U.S. Army Reserves and is currently assigned as an Assistant Professor of Preventive Medicine at the F. Edward Hébert School of Medicine, Uniformed Services University of the Health Sciences. LTC Hyslip has a mix of active duty and reserve assignments spanning over 20 years including assignments with the U.S. African Command, Office of Inspector General, the Department of Defense, Office of Inspector General, and the U.S. Army Reserve Information Operations Command. In 2005 LTC Hyslip deployed to Iraq with the 306th Military Police Battalion and earned a Bronze Star, Purple Heart, and Combat Action Badge. He received his doctor of science degree in information assurance from Capitol College in 2014. He previously obtained a master of science degree from East Carolina University and a bachelor of science degree from Clarkson University.

Read more »
Tom Paulger, CISSP, SANS Forensic Analyst, Penetration Tester and Intrusion Analyst, Certified Cisco Academy Instructor

Tom Paulger is a cyber security analyst who has developed and taught numerous courses for Norwich University's College of Graduate and Continuing Studies. He served as Battalion Commander for the Army’s first Information Operations Training Battalion, and has taught extensively in support of the National Guard two-week long Computer Network Defense Team course as well as the Incident Response Handler’s Course. He has also participated in the development of vulnerability assessment courses, wireless assessment and legal and ethics courses for the military and has helped develop and participated in several cyber exercises, most recently, Quantum Dawn 2. He began his career in information assurance as a trooper with the Vermont State Police, as part of the team that implemented a statewide law enforcement records and dispatch system. His last 13 years at the VT Department of Public Safety involved system and network administration, training, business process re-engineering, program management and information security in all its aspects. He holds numerous IT certifications, including the CISSP, SANS Forensic Analyst, Penetration Tester and Intrusion Analyst and is a Certified Cisco Academy Instructor. He is currently a cyber security subject matter expert at Norwich University Applied Research Institute.

Read more »


Donald Holden, MBA, CISSP-ISSMP

Don Holden is a principal consultant with Anvil Security Consulting and adjunct professor at Norwich University. He has more than 20 years’ experience in information systems, security and vulnerability assessments, security standards development, encryption, business continuity and disaster recovery in both industry and government. He has participated in HIPAA assessments of a major healthcare insurer and a multi-practice e-health records (EHR) implementation. As a security juror he evaluated EHR systems submitted for certification by CCHIT. Previously He was a technology leader for SRI Consulting. Some of his previous achievements include leading a cyber-insurance joint venture project, developing privacy and encryption policies for healthcare companies, major financial institutions and recommending standards-based IT security policies for a federal financial regulator. He was a contributor to the Congressional “Corporate Information Security Working Group on Best Practices and Metrics” and the WEDi/SNIP “Whitepaper on HIPAA Security Policies and Practices.” He received the 2008 Distinguished Faculty Award for Norwich University's Master of Science in Information Security & Assurance program. He has an MBA from Wharton and is a Certified Information System Security Professional (CISSP) and Information System Security Management Professional (ISSMP).

Matt Plass, DSc, CISSP, C|EH, CPT, MCP

Dr. Mathias Plass is currently the Security Architect for Ulta Beauty. As a senior leader on the IT Risk Management team, he is responsible for managing Ulta’s disaster recovery, governance and compliance, and maintaining the risk management posture of the organization. Prior to joining Ulta, he served as the Principal Security Engineer for WOW – Cable Internet and Phone, Technology & Security Manager for Home Run Inn Inc., and as a programmer with Safeco Insurance, Castle Metals and Chicago Title and Trust. He is a certified information systems security professional (CISSP), ethical hacker (C|EH), penetration tester (CPT), and network professional (Network+). He received his doctor of science degree from Capitol Technology University in Laurel, Maryland in 2015; a master of science degree in information assurance in 2012 from the University of Maryland University College in Adelphi, Maryland; and his bachelor of science degree from the University of Illinois at Chicago in 1996.

Charles Pak, PhD, CISM, CRISC, CISSP, ITIL, SSCP, MCSE, MCT, Security +, CCNA

Dr. Charles Pak has taught information systems courses for over 25 years as an IS practitioner and professor. He has managed U.S. Federal Government data centers for over 25 years, including personnel. He has designed, tested, implemented, and maintained many of these enterprise network sites (largest in the world) that encompass distributed sites across the U.S. as well as the international sites. He has managed state-of-the art systems for military and federal government missions for which he was deployed. His research topics include cyber security, critical infrastructure protection (CIP), PKI, cyber counter terrorism, and risk assessment & management. He has published several research papers in information security. He earned his PhD in information security from Nova Southeastern University, a master of science degree in network security from Capitol Technology University, and a bachelor of science degree in electrical engineering from Penn State University. He holds several industry certifications: CISM, CRISC, CISSP, ITIL, SSCP, MCSE, MCT, Security +, and CCNA.


Tijan Drammeh works for the Washington Metropolitan Transit Authority (WMATA), the second largest transit authority in the U.S. as an Information Systems Security Officer (ISSO). In his current role he leads the group that works to ensure that the authority complies with various industry and government regulations as well as its own security policies - PCI DSS, HIPAA, SOX, critical infrastructure protection regulations etc. In addition, his team reviews all IT infrastructure architecture proposals from a risk perspective and act as the last gate before any approval is granted for implementation. Prior to WMATA, he designed, architected and maintained fairly complex IT infrastructures for both private and public sector organizations (MCI, Verizon, UMUC), running mostly large UNIX and Linux operating systems. He received an MBA from University of Maryland University College, his master of science degree in electrical engineering from George Washington University, and a bachelor of science degree in electrical engineering from Lagos University in Nigeria. His areas of professional interest include cyber security policy implementation, critical infrastructure protection (SCADA), business continuity, risk management, compliance and audits, vulnerability management and project management. He holds several industry certifications: CISSP, CISA, CEH, CBCP, CSSA and PMP.

Mike Albrethsen, MST, BSE, OSCP, CNSS 4011-4015