Derek Rush

Manager, LBMC Information Security


Anatomy of a Phish

Abstract: Anatomy of a Phish focuses on what the phishing process looks like from the point of view of an attacker and what Information Technology departments can do to help address the threat of phishing. The presentation will cover the initial steps of a phishing engagement, the reconnaissance performed, putting the reconnaissance together into a phishing approach, selecting a good domain to phish from, and a few case studies of phishing attempts. The latter third of the presentation covers both technical and administrative controls to help limit the damage of a successful phish or to stop phishing attempts all together.

Abstract of an Abstract

It’s time to pull back the curtain and do an educational deep dive into what goes into a phishing campaign in order to make it successful. Awareness of phishing tactics are key in preventing phishing attempts.

Learning Objectives

List the best practices that an Information Technology department can take to limit, mitigate, and make users more aware of phishing attempts.

Implement security awareness and education campaigns for their organization using ideas contained within the presentation.

Describe what the internal processes of a phishing campaign look like and be able to conduct a phishing campaign for their organization using freely available tools.

Additional Details

Mark Burnette – (615) 309-2447
Stewart Fey – (615) 309-2479

Past Speaking Events

  • Birmingham ISACA Chapter Event on 2/16/2017 and 2/17/2017
  • Healthcare Financial Management Association on March 20 through March 23 2016
  • Cyber Eagles Security Club seminar on Information Security Consulting

Blogs and Articles


Derek Rush leads Penetration Testing engagements for many of LBMC Information Security’s clients around the country. He has worked in both the telecommunications vertical and the healthcare vertical during his career, most recently serving as Security Operations Center Manager with United HealthCare Services. Derek began his career in Information Security during the process of obtaining a degree in Information Security from Purdue University.

Notable accomplishments include leading a company’s PCI program to successfully obtain compliance, completion of the Wharton School of Business Emerging Leadership Program, effective management of both onshore and offshore security teams, facilitating Sarbanes Oxley and PCI-DSS audits, and deploying numerous security-centric technologies at an enterprise level.

Derek continues researching and learning about security in order to better serve clients. His current focus is on penetration testing of enterprise environments and auditing clientele for HIPAA, PCI-DSS, and current state assessments. He is a member of the International Information Systems Security Certification Consortium and holds the CISSP and PCI QSA certifications.  As a part of his client service responsibilities, Derek conducts security penetration tests for LBMC’s clients and helps clients comply with the PCI (credit card) security rules.