Red Spectrum

About

Johnathan Drozdowski — Senior Red Team Specialist and founder of Red Spectrum.

Johnathan Drozdowski is a Senior Red Team Specialist with 12+ years of experience operating across government, defence, and enterprise environments — from Canadian Armed Forces networks and classified military infrastructure to large-scale financial sector AD estates.

Red Spectrum exists because most security assessments answer the wrong question. A list of findings tells you where you’re vulnerable. A well-executed red team engagement tells you whether your people, processes, and controls would actually stop a determined attacker — and what they’d miss if they didn’t.

Experience

Senior Red Team Specialist (2021 – Present) Enterprise financial sector — large-scale AD environment, mature SOC

  • Develops custom C2 infrastructure and adversary emulation profiles mapped to MITRE ATT&CK, replicating real-world threat actors against enterprise environments supporting thousands of users
  • Leads purple team exercises validating SOC detection coverage and strengthening incident response playbooks
  • Delivers executive-level reporting translating technical findings into business risk and remediation strategy

Senior Security Analyst / Senior Penetration Tester (2019 – 2021) Enterprise financial infrastructure — web, mobile, and internal networks

  • Conducted full-scope penetration tests across enterprise infrastructure, web, and mobile environments, identifying critical vulnerabilities prior to adversary exploitation
  • Authored penetration testing policies and procedures, standardizing engagements and improving team onboarding
  • Provided digital forensic support to internal investigations using EnCase

Lead Incident Handler (2017 – 2019) Provincial healthcare infrastructure

  • Triaged and coordinated response to security incidents across clinical and operational systems
  • Developed a security capability matrix identifying defense-in-depth gaps, presented to senior leadership to drive strategic investment
  • Coordinated with the Canadian Cyber Incident Response Centre (CCIRC) on threat intelligence sharing

Lead Cyber Incident Handler (2016 – 2017) Military SOC — classified C4ISR infrastructure

  • Led the Computer Forensics and Analytics team within a Cyber Security Operations Center
  • Performed penetration testing demonstrating attack paths into mission-critical systems
  • Designed and deployed a custom SIEM, significantly improving threat visibility across classified and unclassified networks

Information Systems Security Officer (2013 – 2016) Government — Canadian Armed Forces base network, 5,000+ users

  • Led an IT security team delivering awareness and incident response training, reducing user-driven incidents
  • Performed digital forensic analysis supporting military justice investigations
  • Conducted Certification and Accreditation (C&A) across multiple networks and delivered threat intelligence briefings to senior leadership

Certifications

  • OSEP — Offensive Security Experienced Penetration Tester (2026)
  • OSCP — Offensive Security Certified Professional (2019)
  • OSWP — Offensive Security Wireless Professional (2023)
  • EnCE — EnCase Certified Examiner (2021)
  • Kestrel TSCM CTO — Certified Technical Operator, Professional Development TSCM Group

The Kestrel CTO certification covers modern TSCM methodology including dimensional geo-location heat mapping, Total Energy Capture (TEC)™, and analytical IQ capture and playback using Software Defined Radio (SDR) resources.

Training

  • Adversary Tactics: Identity-Driven Offensive Tradecraft — SpecterOps (2025)
  • Hacking and Securing Cloud Infrastructure — NotSoSecure (2024)
  • Physical Penetration & Electronic Access Control Hacking — Red Team Alliance (2023)
  • Intrusion Operations — FortynNorth Security (2022)
  • Adversary Tactics: Red Team Operations — SpecterOps (2022)

Capabilities & Tooling

Red Team / Offensive Active Directory compromise and privilege escalation · C2 infrastructure development and traffic obfuscation · EDR/AV evasion · Adversary emulation using MITRE ATT&CK · Detection validation and purple teaming · Cloud and hybrid environment penetration testing · Physical penetration and access control · TSCM (RF spectrum, wired-line, SDR-based IQ capture)

Offensive Tooling Cobalt Strike · Mythic · Outflank · BloodHound · Rubeus · Metasploit · Nmap · Masscan

Forensics & IR EnCase · Volatility · Cuckoo Sandbox · AssemblyLine

Frameworks MITRE ATT&CK · HTRA · ITSG-33 · NIST 800 Series

Why Red Spectrum

A “red spectrum” is the full visible range of where adversaries operate — from quiet recon on the dim end, to active intrusion in the middle, to loud post-exploitation at the bright end. Most security programs only watch part of that range. Red Spectrum’s job is to walk the whole thing, and leave clients with a map of where they’re actually exposed.

Get in touch →