Lets Automate It

from Josh Rickard



My name is Josh Rickard and I am a creator and automator of things. I’m an experienced IT & DFIR (Digital Forensics & Incident Response) professional that loves to automate and release open-source tools to help the Information Security community.

github actions
Digital Ocean


Senior Detection Validation Engineer

Red Canary / Colorado / October 2022 to January 2023

Due to a reduction in force my position was let go. I was part of Red Canary’s Detection Enablement division focusing on proving detection capabilities at scale.

  • Assisted with development of a rails web application to streamline testing of attacker techniques and tools.
  • Assisted with development of infrastructure using terraform and ansible to build, deploy and execute several attack testing frameworks across multiple operating systems, EDR products and more

Senior Security Solutions Architect

Swimlane / Colorado / Dec 2018 to October 2022

I am part of the Swimlane research team which focuses on innovative security automation, building content and giving back to the security community.

  • Automated complex and unique processes used by some of the largest private, public and governmental organizations in the world
  • Implemented integrations with many critical security operations products
  • Released many open-source tools like pyattck, atomic-operator, soc-faker and more
  • Contributed by writing several blogs, presenting on webinars and at conferences
  • Ideation to implementation for several internal tools and frameworks, including content migration and generation

Manager, Reporter Solutions Engineering

Cofense / Virginia / Dec 2015 to Nov 2018

Managed, designed and implemented features for all Cofense Reporter products which grew the product from 2 million to 15 million installs globally.

  • Designed and managed day-to-day operations of new innovative products utilizing internal and external developers, from conception to market release
  • Introduced automation tools for generation, verification and support of Cofense Reporter products, reducing support costs and reducing development time by 300%
  • Technical Product Owner for 3 scrum teams (9 engineers & 6 quality assurance engineers)

Security Analyst - Specialist

University of Missouri / May 2012 to Dec 2015

I held several roles but I was a security analyst part of the university’s digital forensics & incident response team. I was also an IT systems analysts and a system administrator during my time at the University. Some focus areas in which I was worked on during my time are:

  • Managed Vulnerability Management enterprise wide
  • Managed A/V for thousands of endpoints
  • Secure Group Policy creation and application across the enterprise
  • Operating system deployment automation services
  • Tool developer, including some open-source software
  • Managed servers across multiple departments
  • And more!

Open-Source Projects

You can see a full list of all my open-source projects on my GitHub. Here are a few highlights.

  • pyattck - A Python Package to interact with the Mitre ATT&CK Framework
  • atomic-operator - A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments
  • soc-faker - A python package for use in generating fake data for SOC and security automation

✍ Blog & Writing

I have written for many websites, but you can find most of my writing on my blog at letsautomate.it. You can find additional links to blogs, articles and more in which I was interviewed for, wrote myself, or was mentioned in here


  • Past President & Board Member of the Central Missouri InfraGard chapter (January 2015 - December 2018)
  • SC Media (SC Magazine) Reboot Leadership Awards awarded me in the Influencers category in 2019.
  • An official maintainer of the Atomic Red Team project (January 2023)

Past Presentations

You can view my past presentations and some recordings here.