- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
select a course
Washington, DC - December 9 - 16, 2006
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
SANS training gives me the tools I need to do my job.
-Michael Hiramoto, NCI
Special Offer: Register for CDI East 2006 and receive 10% discount on Secure Storage & Encryption Summit. Send your CDIEAST2006 invoice number to tuition@sans.org and request your discount.
Faculty for SANS Cyber Defense Initiative East 2006
Richard Bejtlich
Richard Bejtlich is founder of TaoSecurity (www.taosecurity.com). He was previously a principal consultant at Foundstone. Richard created network security monitoring operations for ManTech and Ball Corporations. From 1998 to 2001 then-Captain Bejtlich defended global American information assets in the Air Force Computer Emergency Response Team (AFCERT). Formally trained as an intelligence officer, Richard is a graduate of Harvard University and the United States Air Force Academy. He wrote "The Tao of Network Security Monitoring" and "Extrusion Detection," and co-authored "Real Digital Forensics." He also writes for his Web log (taosecurity.blogspot.com) and teaches at USENIX.- Richard will be teaching:
- SPECIAL Enterprise Network Instrumentation
Chris Brenton
Chris Brenton is a private consultant with over ten years experience in the field. He is one of the founding members of the initial Honeynet Project, one of the original Internet Storm Center handlers, and started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Security track. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.- Chris will be teaching:
- SEC 502.1 TCP/IP for Firewalls
- SEC 502.2 Packet Filters
- SEC 502.3 Firewalls
- SEC 502.4 Defense In-Depth
- SEC 502.5 Forensics, VPNs and Wireless
- SEC 502.6 Network Design and Assessment
Dr. Eric Cole, Ph.D.
Dr. Eric Cole is an industry recognized security expert, with over 15 year's hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and a Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books including Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker. Eric is also a senior scientist with Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow. Dr. Cole is actively involved with The SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware.- Dr. Eric will be teaching:
- MGT 414.1 Overview and Access Control Systems & Methodology
- MGT 414.2 Telecommunications, Network & Internet Security and Security Management Practices
- MGT 414.3 Applications & Systems Development and Cryptography
- MGT 414.4 Security Architecture & Models and Operations Security
- MGT 414.5 Business Continuity Planning and Law, Investigations & Ethics
- MGT 414.6 Physical Security
Jason Fossen
Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute's week-long Securing Windows course (SEC505), maintains the "Windows day" of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He was graduated from the University of Virginia, received his Master's degree from the University of Texas at Austin, and holds a number of professional certifications. He currently lives in Dallas, Texas.- Jason will be teaching:
- SEC 505.1 Windows Active Directory and DNS
- SEC 505.2 Windows Group Policy
- SEC 505.3 Windows PKI, Smart Cards & EFS
- SEC 505.4 Windows IPSec, VPNs and Wireless Security
- SEC 505.5 Securing Internet Information Server
- SEC 505.6 Windows Scripting for Security
- SEC 520 Microsoft ISA Server
David Hoelzer
Since 1985, David has had almost any position that you can imagine in the information technology field, ranging from programmer analyst up to chief information security officer. He has been teaching for SANS since 1999, managing and authoring the majority of the audit related materials for SANS in addition to some of the secure coding courses from SANS-SSI. David currently serves as the Chief Information Officer for Enclave Forensics and the Director of Consulting for Cyber-Defense, a subsidiary of Enclave Forensics. He is a research fellow with the Internet Forensics Lab and an adjunct research associate with the UNLV Center for Cybersecurity Research.- David will be teaching:
- MGT 512.1 SANS Security Leadership Essentials I: Managing the Plant, Network, and Information Architecture
- MGT 512.2 SANS Security Leadership Essentials II: Defense In-Depth
- MGT 512.3 SANS Security Leadership Essentials III: Internet Security Technologies
- MGT 512.4 SANS Security Leadership Essentials IV: Secure Communications
- MGT 512.5 SANS Security Leadership Essentials V: The Value of Information
- MGT 512.6 SANS Security Leadership Essentials VI: Management Practicum
Rob Lee
Rob Lee is a Principal Consultant for MANDIANT, a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. Government. Rob has over 11 years experience in computer forensics, vulnerability discovery, intrusion detection, and incident response. Rob graduated the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations and computer forensics. Prior to joining MANDIANT, he worked on contracts for a variety of government agencies, where he was the technical lead for a vulnerability discovery team, contractor lead for cyber forensics branch, and led a security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition. In addition to working for MANDIANT and the SANS Institute, Rob is currently pursuing his MBA at Georgetown University in Washington D.C.- Rob will be teaching:
- SEC 508.1 Forensic and Investigative Essentials
- SEC 508.2 Forensic Methodology Illustrated Using Linux Part I
- SEC 508.3 Forensic Methodology Illustrated Using Linux Part II
- SEC 508.4 Windows and NTFS Filesystem Forensics
- SEC 508.6 Advanced Forensics and the Forensic Challenge
Stephen Northcutt
Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.- Stephen will be teaching:
- MGT 512.1 SANS Security Leadership Essentials I: Managing the Plant, Network, and Information Architecture
- MGT 512.2 SANS Security Leadership Essentials II: Defense In-Depth
- MGT 512.3 SANS Security Leadership Essentials III: Internet Security Technologies
- MGT 512.4 SANS Security Leadership Essentials IV: Secure Communications
- MGT 512.5 SANS Security Leadership Essentials V: The Value of Information
- MGT 512.6 SANS Security Leadership Essentials VI: Management Practicum
Mike Poor
Mike is a founder and Senior Security Analyst for the DC firm InGuardians LLC. In his recent past life he has worked for Sourcefire, as a research engineer, and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications, and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress, and is a Handler for the Internet Storm Center.- Mike will be teaching:
- SEC 503.1 TCP/IP for Intrusion Detection
- SEC 503.2 Network Traffic Analysis Using TCPdump - Part 1
- SEC 503.3 Network Traffic Analysis Using TCPdump - Part 2
- SEC 503.4 Intrusion Detection Snort Style
- SEC 503.5 Security Information Management and Intrusion Analysis – Part 1
- SEC 503.6 Security Information Management and Intrusion Analysis – Part 2
- SEC 514 Advanced Network Worm and Bot Analysis
Marcus Sachs
Marcus Sachs serves as Executive Director of Government Affairs for National Security Policy at Verizon in Washington, D.C. Prior to joining Verizon in August 2007, he was the deputy director of SRI International's Computer Science Laboratory. Marcus has served as the director of the SANS Internet Storm Center since 2003, and is an internationally recognized computer security expert. He brings over 26 years of professional experience to SANS including 20 years of active military service as an officer in the United States Army and two years of national cyberspace security policy development as a Presidential appointee to the National Security Council staff in the George W. Bush administration. Marcus was the first cyber security official assigned to the Department of Homeland Security in 2003 where he developed the initial concept and strategy for the creation of the United States Computer Emergency Response Team. He was also a founding member of the Defense Department's Joint Task Force for Computer Network Defense, created in 1998 as the first US military organization designed to fight foreign threats in cyberspace. A graduate of the US Army Command and General Staff College, Marcus also holds a Masters degree in Computer Science with a concentration in Information Security, a Masters degree in Science and Technology Commercialization, and a Bachelor of Civil Engineering degree. He is currently pursuing a Ph.D. in Public Policy with a concentration in Science and Technology. Marcus is a licensed Professional Engineer in the Commonwealth of Virginia.- Marcus will be teaching:
- SEC 401.1 SANS Security Essentials I: Networking Concepts
- SEC 401.2 SANS Security Essentials II: Defense In-Depth
- SEC 401.3 SANS Security Essentials III: Internet Security Technologies
- SEC 401.4 SANS Security Essentials IV: Secure Communications
- SEC 401.5 SANS Security Essentials V: Windows Security
- SEC 401.6 SANS Security Essentials VI: Unix Security
- MGT 405 Critical Infrastructure Protection
Richard Salgado
Richard P. Salgado is a Senior Legal Director with Yahoo! Inc., where he focuses on international privacy, security and law enforcement compliance matters. Prior to joining Yahoo!, Mr. Salgado served as Senior Counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code and other technology-driven privacy crimes. Mr. Salgado also regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence and related criminal conduct. Mr. Salgado is a lecturer in law at Stanford Law School, where he teaches a Computer Crime seminar; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School, and as a faculty member of the National Judicial College. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his J.D. from Yale Law School.- Richard will be teaching:
- SEC 508.5 Computer Investigative Law for Forensic Analysts
Dave Shackleford
Dave Shackleford, Director of Configuresoft's Center for Policy & Compliance, is a course and exam author for the SANS Institute, where he also serves as a GIAC Technical Director. He is the co-author of Hands-On Information Security from Course Technology, as well as the “Managing Incident Response” chapter in the Course Technology book, Readings and Cases in the Management of Information Security. Previously, he worked as CTO for the Center for Internet Security, as well as for a security consulting firm in Atlanta. He has also worked as a security architect, analyst, and manager for several Fortune 500 companies. He has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture and engineering. His specialties include incident handling and response, intrusion detection and traffic analysis, and vulnerability assessment and penetration testing.- Dave will be teaching:
- AUD 507.1 Auditing Principles & Concepts
- AUD 507.2 Auditing the Perimeter
- AUD 507.3 Network Auditing Essentials
- AUD 507.4 Auditing Web-Based Applications
- AUD 507.5 Advanced Systems Audit: Windows XP/2003
- AUD 507.6 Advanced Systems Audit: Unix
Ed Skoudis
Ed Skoudis is a co-founder and Senior Security Analyst with InGuardians, a Washington DC based information security consulting firm. Ed teaches SANS Security 504, "Hacker Techniques, Exploits and Incident Handling," and 517, "Cutting Edge Hacking Techniques," on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed numerous security assessments, provided detailed expert witness services in cases involving major credit card theft, and responded to computer attacks for clients in the financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the books Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004, 2005, and 2006 Microsoft MVP awards for Windows Server Security, and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Predictive Systems, Global Integrity, SAIC, and Bell Communications Research (Bellcore).- Ed will be teaching:
- SEC 504.1 Incident Handling Step-by-Step and Computer Crime Investigation
- SEC 504.2 Computer and Network Hacker Exploits - Part 1
- SEC 504.3 Computer and Network Hacker Exploits - Part 2
- SEC 504.4 Computer and Network Hacker Exploits - Part 3
- SEC 504.5 Computer and Network Hacker Exploits - Part 4
- SEC 504.6 Hacker Tools Workshop
Joshua Wright
Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to significantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics.- Joshua will be teaching:
- SEC 617.1 Wireless Architecture, RF Fundamentals
- SEC 617.2 Auditing Wireless Networks - Hands-on
- SEC 617.3 WLAN Hacker Tools and Techniques Part I - Hands-on
- SEC 617.4 WLAN Hacker Tools and Techniques Part II - Hands-on
- SEC 617.5 WLAN Hacker Tools and Techniques Part III - Hands-on
- SEC 617.6 Designing a Secure Wireless Infrastructure - Hands-on