About the Authors Tony Flick (CISSP) has been working in the information security field for more than seven years and is currently a principal with FYRM Associates. Tony's back- ground is in network and application security, assessments, compliance, and emer- ging technologies. In the energy industry, Tony has performed network and application penetration testing, written and reviewed security policies and proce- dures, and provided guidance for utility companies and related technology ven- dors. He graduated from the University of Maryland, College Park, with a Bachelor of Science in Computer Science and a Bachelor of Science in Mathe- matics. Tony has spoken at Black Hat, DEF CON, ShmooCon, ISSA, and OWASP meetings on Smart Grid and application security concepts. Additionally, Tony has been recognized as a security subject matter expert and utilized by numerous media outlets including the Associated Press (AP), SC magazine, Dark Reading, and eWeek. Justin Morehouse (CISSP, CISM, MCSE) has been working in the information security field for over eight years, primarily focusing on the areas of attack and penetration. He has performed over 200 security assessments for Fortune 1000 companies and Federal government agencies and is currently the assessment lead at one of the nation's largest retailers. Justin has developed numerous tools includ- ing PassiveRecon and GuestStealer, and has spoken at DEF CON, EntNet, ISSA,