Last Day to Save $250 on SANS Chicago 2014

Mentor: Bios

Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

Banning, Chadwick

Chadwick Banning started his career in technical support. His technical aptitude saw him move up to Systems and Network Administrator and finally to Technical Director for an educational startup. Currently, Chadwick is a Linux Administrator at the Rimm-Kaufman Group, an online digital marketing firm. Over the course of his career he has garnered experience in everything from desktop support and web development to systems administration and information security. He holds a wide-range of certifications including GCED, CCNA Security, RHCSA, RHCE, MCITP: Server Administrator, LPIC-I, A+, Security+, and Network+ as well as a BA in Mass Communications from Virginia Tech. He is excited about mentoring because he enjoys getting his passion for security rub off on other people.

Barone, Joshua

Joshua Barone has 10 years of experience as a software developer with 5 years specialized in security design and development. Joshua Barone has a core background in Java, .Net, Python, and security development. Joshua specializes in .Net and Java Enterprise technologies, Web Services, Agile Methodologies, Open Source, and Test-Driven Development. He is familiar with a variety of platforms (Windows, Mac OS X, Linux, Unix), databases (PostrgreSQL, MySQL, MSSQL, Oracle), J2EE Application Servers, Software Development Methodologies and Tools. Joshua is also experienced in security vulnerability assessment for platforms and applications. Joshua Barone is a Certified Information System Security Professional (CISSP).

Bernal Michelena, David Eduardo

David Bernal Michelena holds a bachelors degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since July 2013, he is a member of Security Events team at Alstom, a world leader company in energy and transport solutions. Alstom has a huge network, formed by about 80,000 hosts and servers distributed worldwide. He was attracted by the challenge that represents defending such a large network, having the opportunity to use and enhance Alstom cutting edge technologies and applying his forensic abilities to bring value to the team. His main activities are incident response, security patching management, malware analysis and remediation, forensic analysis, IPS/IDS and correlation management and optimization.

He formerly served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitums clients. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.

In November 2010, David was one of the main instructors in the forensics workshop on LINUX systems at the prestigious local event UNAM security conference. From August 2009 to July 2011 he worked as an incident handler and forensic analyst in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico.

In August 2010, he was one of the winners of Honeynet 5th Forensic Challenge, log mysteries. In 2011 he gave his first SANS 508 Advanced Computer Forensic and Incident Response course in Mexico, in 2013 he gave his second course. He loves teaching, specially InfoSec courses.

David is GCFA, GCFE and Access Data certified. He also likes programming in several languages and is a command line lover in LINUX and Windows as well.

On his free time, he likes to play the piano.

Blackburn, Doc

Doc Blackburn has 16 years of professional, and over 30 years of personal, experience in system and software design, server and network administration and website programming. His interest in computers started in 1982 when he first started programming in DOS on a Texas Instruments TI-99 4a and continued as a dedicated computer hobbyist until he decided to make information technology a full-time career. He ran a successful IT consulting, hosting, and design firm for 12 years until he found his passion was in systems security and compliance. His well-rounded experience includes hardware, software, network design, management, administration, systems security, and compliance. He has vast experience at various levels of information technology from support to management. Recently, he has been heavily involved in the technical design and implementation of NIH approved FISMA compliant information systems. He holds ITIL, CISSP, and GIAC GSEC, GPEN, and GSLC certifications along with a Bachelor's degree from the University of Arizona. He is currently the Security Administrator for the University of Colorado Denver.

"In my professional career I have recruited, hired, trained, and mentored many highly technical individuals to excel in their professional development and am excited to do the same as a SANS instructor. I have a blog at explaining cyber-security to non-technical users in language and terms they can understand."

Blanchard, Duane

Duane is well-rounded professional with over six years' experience in security, including cryptography, two-factor authentication, U.S. border security planning, threat entity resolution, social engineering, and non-destructive entry. Duane holds an AAS in electronic engineering, a BA in foreign langauges, an MA in linguistics. He is a CISSP and GPEN, and is working toward the GSE and OSCP. He has two patents pending and continues to pursue research professionally and independently. Ever the thrill seeker, Duane spends his free time mountain biking, kayaking, and guiding whitewater rafters. He has lived in China and Mongolia and eaten more types of protien than many people can name. He is very excited to be mentoring SEC 560 as it contains the highest volume of hands-on material of all the SANS courses, and offers something for everyone. He loves technology and teaching, and especially loves combining the two. You can keep up with Duane at and @FooLionInfoSec.

Booker, Elton

Elton Booker is a Forensic Analyst at MIT Lincoln Laboratory where he has been involved in forensic analysis, incident response, and risk assessments for the last 3 years. He began his career in criminal justice working with local and federal Law Enforcement agencies and eventually as an investigator for a local institution, while performing acquisitions and rudimentary forensic analysis. Booker started his career in Information Security as a Compliance Analyst conducting system audits, security/risk assessments and remediation to specific security functions including internal vulnerability assessments, penetration testing and malware infections. Currently he is an active member of Infragard, HTCIA, and the Computer Technology Investigators Network (CTIN). Booker's educational background includes an MS in Criminal Theory from Roger Williams University and a BS in Digital Forensics from Champlain College. He currently holds the GCFE, GCFA, GCIH, EnCE, Security+, Network+, CCE and a professional certificate in Linux Security Administration.

Borso, Serge

Over the course of Serges 10+ years as a security professional he has had the opportunity to work for various organizations and clients on all sorts of initiatives, ranging from implementing transparent biometric user authentication in online banking applications to dumpster diving and penetration testing. Serge earned his Bachelors of Science degree in Electronic Business Management and a Masters of Science degree in Computer Systems Security prior to earning the CISSP and three SANS certifications: GPEN, GCFA and GWAPT. Prior to his current role, Serge was responsible for application security, fraud prevention, audit compliance, vulnerability assessing, security awareness and the like in an electronic banking environment encompassing hundreds of servers, thousands of websites and over one million unique end users.

Bougere, Daniel

Dan Bougere has over ten years of experience in the information technology field. He currently works for ManTech International, Inc. as a Principal Security Engineer in the MCIS division for a customer in Northern Virginia. He has also been a Network Vulnerability Analyst at the NSA and an Intrusion Detection Analyst for Secure Mission Solutions on contract to the High Performance Computer Modernization Office's DREN/SDREN network. Dan holds a B.S. in Software Engineering Technology from the University of Southern Mississippi, an M.S. in Information Assurance from Capitol College, and an M.S. in Technology Studies from Eastern Michigan University. He also holds the CISSP, GCIH, GCIA and multiple other industry certifications. He is also currently pursuing the GSE certification. Dan enjoys being a computer geek, and loves spending hours talking and geeking out with fellow like minded individuals. He has done various informal and formalized training sessions, and takes pride in making sure that he keeps his students/attendees interested and involved in the subject matter. There are aspects of computer security that can be exciting for anyone, and he makes sure that carries over to his training.

Caiado, Marcelo

Marcelo has an extensive and diversified experience within the information technology sector. He has been carrying out computer forensics investigations for over 8 years. Worked with incident response / computer emergency response, being responsible for conducting investigations and responding to networking intrusion attempts. He investigated and handled privacy-related incidents and consumer complaint in liaison with Legal and Human Resources departments. Analyzed and documented, including root cause analysis, information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, including offering remediation strategies. Investigated and immediately stopped leaks and inadvertent disclosures of confidential information. Developed policies and security awareness programs. Worked with highly sensitive information in a team environment.

Marcelo enforced Firewall, Intrusion Prevention System (IPS), Demilitarized Zone (DMZ), anti-virus and anti-spam configuration and maintenance. He assisted with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements. He analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place. Audited, verified network security and gave recommendations to improve the network security. Executed wireless evaluations and security auditings. Advised organizations with current information about information security technologies and issues and researched and recommended solutions. Wrote user manuals on security softwares and computer, email and Internet user policy. Developed and implemented user security awareness programs, with seminars, conferences, folders, newsletters and helpful suggestions. Designed and reviewed Windows 2000/XP/Vista/Windows 7 and Linux security architecture.

Marcelo has assisted task forces in lawsuits as technical assistant, acting as a expert witness in civil trails. He assisted in computer crimes (cybercrime) investigations and was responsible for establishing a chain of custody for evidence. He performed customer data analysis of data requested from banks and telecommunication companies, as requested by Brazilian Attorneys. He wrote, compiled and edited reports of security activities.

Marcelo has also worked as an associate professor on some colleges training on the following subjects: Law, Investigation and Ethics; Physical Security; Systems Security and Auditing; Networking; Cryptography; Software Engineering; Data Processing Center Administration. He worked as instructor for the Security Fundamentals Course (Presidency of Republic) for over than 10 classes. He was lecturer at the most important Information Security conferences in Brazil.

Finally, Marcelo holds a Masters degree in Computer Science and a Bachelor degree in Information Systems. He also has some certifications, which illustrates his passion to learn: GIAC Certified Forensics Analyst (GCFA), GIAC Certified Incident Handler (GCIH), CISSP (Certified Information Systems Security Professional) and EnCase Certified Examiner (EnCE).

Carneiro, Smita

Smita Carneiro has been working in the IT industry for a long time. After getting an engineering degree, she worked for a company that specialized in Novell LANS. She became certified in Novell and then transitioned to Windows getting her MCSE starting with NT 4.0 and working up to 2003. She became interested in application packaging and SMS and spent more than 10 years with SMS/SCCM. Along the way she obtained GIAC certification. She now works as an Active Directory Systems Engineer for Purdue University and also holds the GCWN certification. She learnt a lot doing both SANS courses and wants to help others get interested in and learn more about security.

Chen, Jerry

Jerry Chen has been working in network security area for over 10 years, he immigrated to Canada and started his career as a network and security instructor in a private college, teaching Cisco CCNA, CCNP and Check Point CCSA, CCSE course. He got his master degree in computer networking from Ryerson University and joined financial industry as network support analyst, senior information security analyst. He gained lots of experience in security area through his daily practice in designing network security infrastructure, analyzing security logs and vulnerabilities, especially after he got trained by Sans GCIH course.

Corll, Benjamin

Mr. Corll has been in the IT industry for 14 years. Having work in the military, for government agencies, and in a corporate environment he has been able to see and learn how each entity functions. Being able to work successfully in each environment is a testament to his dedication to his work and his personality.

Not only has Mr. Corll worked in many different environments, but he has worked in many roles, both internal and external. He has been the auditor who validates processes and ensures compliance as well as being the internal security engineer who implements policies and makes changes necessary for that compliance.

Recently Mr. Corll was able to participate in the information security group at a Fortune 500 company and own (5) processes that were required for ISO 27001 certification. Thanks to his dedication in working with the auditing and compliance group, and his work with the external auditors, his company was awarded that certification.

To validate knowledge Mr. Corll has also obtained multiple security related IT certifications. These include: CISSP, SANS GCFA, and GSNA. Former certifications range from: Solaris SCSA, CheckPoint CCSE, Cisco CCNA, and MCSE+I). By having multiple SANS certifications Mr. Corll is able to reference the differing classes and make recommendations on the students attending the other courses if they want in-depth training in that area.

Cox, Alexandre

Deluce, Jason

Jason has been practicing in the technology industry for 10 years. Security has always been a major focus, and his sole focus for 4 years.

Jason has an ardent interest for following trends and identifying new technologies and relevant applications. His devotion to continuous learning and research keeps him ahead of the curve. He currently holds GSLC and GSEC certifications.

Currently employed as a Technology Security and Compliance Manager, he has working knowledge of various security related technologies and vendors. Such technologies include Rapid 7 Nexpose and Metasploit, Logrhythm SIEM, and Palo Alto Networks Next Gen Firewalls. Working specifically in the realms PCI-DSS Compliance, and SOX Compliance, Jason has experience with leading, deploying, and evaluating compliance programs.

Recently, Jason obtained his first SANS Challenge Coin (RMO) during his SEC504 training by being a member of the SEC504 Capture the Flag winning team at SANS Chicago 2013.

Jason has a great ability to communicate technical concepts in a non-technical manner, and welcomes the opportunity to share his knowledge and experience.

Druin, Jeremy

Jeremy Druin works as an internal pen-tester, incident responder, and defect-remediation expert for a multi-national transportation logistics company. Other responsibilities include web vulnerability assessment operations, setting application and database security standards, creating developer training programs, and teaching developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae 2.x training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.

Eubanks, Russell

Russell Eubanks has been a security leader in several financial and health care organizations. He has developed information security programs from the ground up and actively seeks opportunities to measurably increase their overall security posture.

Russell is enrolled in the SANS Technology Institute and has a Bachelor of Science in Computer Science. He holds several security certifications including the CISSP, CISM, GCIA, GCIH, GPEN, GISP, GSEC and GWAPT. He is a leader of the Atlanta OWASP chapter and is instrumental in helping it grow.

Fernandez, Jesse

Jesse Fernandez currently works as a Senior IS Audit Specialist in the insurance industry. In his role, Fernandez conducts complex information security audits. During 2012, Fernandez worked with the PCI Security Standards Council to develop guidance around conducting a PCI DSS risk assessment in the role of Content-Coordinator to ensure document consistency, technical soundness, and assist in the development of the table of contents. Fernandez holds the GSLC, GSEC, GCED, GCIH, CISSP, and CISA certifications, has over ten years of industry experience, and has been a guest speaker for SANS, ISACA, and the ISSA.

Foreman, Matthew

Matt Foreman is the Lead Security Consultant and a Managing Partner at Shield 7 Consulting. A Security Consulting Firm based in Maryland with customers ranging from Hospitals to Energy Companies and Fortune 1000 clients. Matt is the lead of the Penetration Testing team, and Security Architecture Team. He also is a co-founder of the Primal Security Podcast and Blog; which focuses on CTF's, Malware Analysis, Penetration Testing, and Security Research. Mr Foreman has been in the Security Industry for over ten years, and has held positions ranging from Firewall Administrator, Penetration Tester, and developing a Managed Security Practice.



Greene, Charles

After serving the country in the United States Navy for 8 years, Charles (Chip) Greene began his career in Information Technology. Over the next 18 years, Chip has held positions in Support, Design, Research and Development, Education, Disaster Recovery, and most recently in Information Security. As a Senior Information Security Analyst, Chip leads the Identity and Access Management Team at Virginia Commonwealth University Health Systems. Chip has received a Bachelor's Degree in Information Systems from Virginia Commonwealth University, and a Master's Degree in Disaster Sciences from the University of Richmond. He currently holds a GIAC Security Leadership Certification and previously held the Cisco Certified Security Professional certification. Mr. Greene was also honored with an Outstanding Educational Performance Award from the University of Richmond upon graduation from his Masters program. Education and training are extremely important to ones career and Chip believes that it is important for everyone to take advantage of the opportunities presented to them. The SANS Mentor Program is an outstanding way for Information Technology Professionals to gather, learn and develop from each others experiences and knowledge.

Hall, Luca

Luca is a Senior Penetration Tester, Lead Programmer and Senior Network Administrator for Grid32, Group One Investments, LLC. In the past he has done network and security work for the U.S. Navy, Department of Energy, Department of Defence and Brookhaven National Labratory. In the past ten years his accomplishments include Cisco CCIE in Routing and Switching, designing and building an ISP, being the lead programmer for an alert system in use by the U.S. Air Force and NASA, writing de-icing scheduling and baggage handling software in use at various airports and doing full building network installs from layer two up. Luca also currently holds the CCIE R&S, CCIP, CCSP, Elearnsecurity Silver, CEH, OSCP and OSCE, MSCE, Sun Certified Engineer & Administrator, A+, Linux+, Network+, Security+, NSA IA 4011 and other certifications.

Harmon, Matthew J.

Matthew J. Harmon brings over two decades of offensive and defensive security industry knowledge including; systems administration, international standards development, penetration testing, incident response and digital forensics, methodological risk assessments, GRC and a deep understanding of underlying technologies to his sessions.

Mr. Harmon leads and manages the risk assessment and tactical control testing consulting firm IT Risk Limited based in Minneapolis, Minnesota. In additon, he leads the (ISC)2 Twin Cities MN Chapter, present frequently, participates on several advisory boards, is organizing Security B-Sides MSP and maintains an online knowledge base of security and gardening tips at .

Links -> to:
"IT Risk Limited" ->
"(ISC)2 Twin Cities MN Chapter" ->
"Security B-Sides MSP" ->
"knowledge base" and "" ->

Harper, Daniel

Daniel Harper has been working in IT for the past 11 years, 7 of which have been with an emphasis on security. He has a Bachelor's in IT Networking and Security from Utah Valley University. When his schedule permits, Dan writes on his blog at In Dan's spare time he likes to tinker with projects such as the WiFi Pineapple, USB Rubber Ducky, and the RaspberryPi and play games with his friends and family.

Harris, David

Dave Harris is a Senior Principal Systems Engineer at General Dynamics-Advanced Information Systems. He has spent 25+ years in Information Technology including software and database design and development (Oracle, Java, C/C++, etc.), systems and system security engineering, enterprise data modeling and architecture (DoDAF). He currently works on an internal research and development program investigating the use of Big Data technologies and analytics in network defense operations. He is also currently the ISSE Lead on a program for a DoD customer which inserts automated malware detection technology into the Customers network infrastructure and is transitioning from DIACAP to NIST 800-53-based C&A in the life cycle for this program.

Dave was previously the Scrum Master for two projects involved in the development of cyber event indicator databases and automated malware analysis systems at the Dept. of Homeland Security. In addition to the PMI-ACP (PMI Agile Certified Practitioner) and CompTIA Network+ certifications, Dave holds the (ISC)2 CISSP, (ISC)2 CSSLP (Certified Software Security Lifecycle Professional) and GIAC Reverse Engineering Malware (GREM) certifications.

Dave is committed to making sure the broad exposure to actual tools and techniques of malware analysis provided in this course can be applied the next day at the students work location. Far from a death-by-powerpoint experience, we will discuss real-world situations, applications and case studies. Software developers and system administrators, especially, will appreciate the discussion of coding issues and OS data structures behind the analysis of malware.

Dave enjoys going on malware analysis and pen-testing adventures with the malware analysis lab in his man cave and networking with like-minded folks. His desire is to provide hands-on, example-oriented experiences with students and looks forward to what he will learn from students in the process of mentoring and teaching.

Harris, James

James Harris got his first job in information security at the age of 15, as the administrator of a BTI-4000 mainframe for his high school in Durham, NC, and at age 16 added a second part-time job assembling and testing computers at a small PC integrator called Dramen Computers.

After earning his degree in Physics from North Carolina State University in 1994, Jim went to work at IBM as a hardware engineer for the PC Company, specializing in the design of computer graphics and video systems. Jim was one of the founders of the Digital Display Working Group, and helped author the DVI specification. In 2000, Jims work on DVI led to a job as a Senior Field Applications Engineer with Silicon Image in, a semiconductor company specializing in high speed serial digital interface chips, where he worked helping to design Silicon Image parts into digital video and high-speed storage systems.

After the tragic events of 9/11, Jim decided to go to work as an FBI Special Agent. His first field office assignment was in the Sacramento, CA field office, where he worked mostly cybercrime matters, specializing in Internet Crimes Against Children. Jim worked heavily in Computer Forensics as a member of the FBI CART team, earning his Encase Certified Examiner status in 2007. In 2009, Jim became the supervisor of the Cyber Squad in Sacramento, as well as the Commander of the Federal Cyber Crime Task Force there. Jim earned his ISC^2 CISSP certification that same year. In 2010, Jim was selected to a supervisory position at FBI Headquarters Cyber Division, and served in a number of positions, including as the Senior Liaison Officer to the United States Computer Emergency Readiness Team (US-CERT). In 2012, Jim earned his GSEC certification, and later that same year became the Assistant Section Chief of the FBI's Counterterrorism Internet Operations Section.

Jim left the FBI in 2013 to go to work for Obsidian Analysis, A Washington, DC-based professional services firm providing analytical and policy consulting for homeland security, national security, and intelligence decision makers. As the Senior Specialist for Cybersecurity, Jim advises clients on policy and preparedness in Cybersecurity. Jim's enjoys hearing himself speak, and can't wait to teach others!

Hartman, Arlie

Arlie Hartman is an information security veteran with over 10 years experience in IT. He has worked in healthcare, manufacturing, and security consulting. Arlie has conducted compliance assesments, managed incident response, and led enterprise infrastructure projects. Arlie holds the ISC2 CISSP and GIAC GSEC certifications. You can connect with him on twitter @arliehartman or on linkedin Arlie is very passionate about developing peoples interest in information security.

Henderson, Justin

Justin Henderson is a passionate and dedicated Information Technology professional. He has been in the Information Technology field since 2005. Justin has a proven desire and ability to achieve comprehensive industry training and uses his knowledge and experience to mentor others. Justin has a high proficiency in technical platforms including operating systems, networking, security, storage, and virtualization but has also applied himself in governance, project management, as well as service management. Currently, Justin holds a Bachelors of Science in Network Design and Administration from Western Governors University and has over 40 certifications some of which are below: Networking - Cisco Certified Network Associate Virtualization - VMware Certified Professional 5 and VMware Certified Professional 5: Desktop Database - MySQL 5 Database Administrator Governance/Service/Project Management - Project Management Professional, ITIL Continual Service Improvement, Certified in Risk and Information Systems Control, Certified Information Security Manager Microsoft - Microsoft Certified Information Technology Professional: Enterprise Administrator and Microsoft Certified Security Engineer 2003: Security Security - GIAC Penetration Tester, GIAC Windows Security Administrator Certification, Licensed Penetration Tester, Certified Ethical Hacker v5, Computer Hacking Forensics Investigator, EC-Council Certified Security Analyst, Tenable Certified Nessus Auditor, Certified Sonicwall Security Administrator, Certified Information Systems Security Professional, Security+ Justin has also taught Network Security at Lake Land College. Some of his other achievements include mentoring individuals in the Information Technology field as well as developing the virtual dojo, a fully automated Cloud Computing solution showcase environment.

Hodges, Robert

Bob has a varied 29 year professional history from component level electronic design and repair of analog, digital, and RF electronics, a sound engineer, disc jockey, a network and technical analyst, a senior engineer, a department manager, to presently a corporate Information Security Officer.

Bob holds the GSEC Certification, the GCIH Certification, the GSLC certificate, and the CISSP(R) Certification. Bob told us his goal in serving as a mentor: "I would like to build information security to the same industry awareness level as network engineering. I believe that SANS and GIAC together provide and excellent program to achieve my goals. I would like to pay it back to the industry, to Sans (Stephen Northcutt, Eric Cole, Mentor Don Murdoch, et. al), and pay it forward to help others to attain there IS Security goals.

Huber, Michael

Michael Huber has been working within the IT industry since 1989 and during that time has assisted the companies he has worked for to use security as an enabler of business by focusing on a seamless nature of security to increase the effectiveness and productivity of the business.

Janzen, Cliff

From load FILENAME,8, the Start button... to touch interfaces, technology has been a constant companion (and sometimes obsession) for Cliff.

Cliff's professional career started 18+ years ago as a help desk analyst supporting mainframes and dial-up internet. He progressed through desktop support, desktop management and server administration and joined the security team in late 2008. The wide diversity of topics in security has Cliff thirsting for knowledge like he was a teenager again.

Cliff currently holds CISSP, GPEN, GWAPT, OSCP, MCSA 2000/2003 and Security+ certifications.

Occasionally (read rarely), Cliff will add something mildly informative to

Johnson, Diane

Diane has been a Technologist for over 20 years focusing on security since 9/11. She has worked in roles such as Help Desk, Pen Tester, Sys Admin, Network Engineer, Privacy Manager, Security Analytics, and Enterprise Security Architect. Her industry experience includes Retail, Healthcare, Technology, Utility, and Local Government. These roles and industry experience have garnered a deep understanding of security architecture and the underlying technologies and business processes. When not analyzing logs, hacker techniques, or packet captures; Diane is found with family, traveling, creating crafty things or playing games on and off the net. Mentoring Sec504 is exciting to Diane because it is one of the SANS courses that delves into the mindset of the attacker and often the student will leave the class with a new perspective.

King, Dennis

Dennis King is the Chief Security Officer and President of Working Security Inc., a Saint Louis provider of information security risk management, compliance, and governance services. Dennis brings over 20 years experience working with more than one hundred large and small companies across the globe including Finance, Energy, and Healthcare clients. He has led development and management of compliance and secure infrastructure solutions at IBM and other IT outsourcing, cloud, and internet service providers, brought IaaS security services to market, led HIPAA, SSAE-16/SAS70, ISO/IEC 27000, PCI-DSS assessments, and managed a variety of forensic investigations. Dennis holds CISSP, GCFA, C|CISO, PMP and CSM certifications. He earned an MBA from Washington University in St. Louis and a BS in Engineering from Purdue University.

Knaffl, Bill

Bill has a Bachelors of Science in Criminal Justice from the University of Alabama Birmingham and a Masters of Science in Technical Management from Embry Riddle Aeronautical University and currently holds CISSP and GISP. Bill began his career in computer technology in the early 1990s while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills. He has been employed with Northrop Grumman for 14 years, during which he has performed several roles including desktop support, client engineering, systems engineering, and most recently information security.

Knowles, Ben

Ben S. Knowles, BBST, CISSP, GSEC, GCIH, GCIA, LPIC-1 (adric) is a technologist and researcher in the Atlanta, Georgia, USA area. In high school, he competed at the national level in Constitutional Law. He has been a professional computer security consultant, technical trainer, and system integrator and is currently certified as a black box software tester, internet security professional, incident handler and analyst, and Linux system administrator.

Ben has lectured lower division Mass Communications, Political Science, and Computer Technology classes on Digital Media and Intellectual Property Law and has taught basic computer repair, networking, and information security classes. Currently he is a security system administrator on the incident response team at the Atlanta office of a global IT services firm.

Krishnamurthy, Sundar

Sundar is SANS-GISF and GSEC certified and a senior software development leader with IMS Appature in Seattle. He earned the title of "Professor Sundar" from his previous team at Microsoft for teaching skills and has trained multiple teams on different aspects of software development. To make you think about information security the same way you think about physical security for yourself and your family is the holy grail. He is @sundarnut on Twitter for the latest #infosec topics, trends and incidents. Sundar aims to be a mentor so he can inculcate security as a fundamental technical trait and make it the best lecture you've ever taken!

Lai, Anthony

Anthony Lai who has hybrid experience in application development, code security, penetration test, threat analysis and audit areas for 13 years. He has done vulnerability assessment, penetration, IT audit and training for government and various corporates. He is now a lead consultant and guest threat advisory of several MNCs

Anthony should be the first Hong Konger publishing GREM gold paper and speaking in Blackhat USA 2010, DEFCON 18, DEFCON 19 as well as Hack-In-Taiwan and has set up a security research group called VXRL ( in HK, which connects various hackers and security researchers in the planet and co-found Xecure Lab ( on APT research and detection service. Frankie and Anthony as well as another VX fellow, DDL, has published a case studies paper about APT case studies accepted by IEEE Malware 2011 conference.

He is the chairman of OWASP (HK Chapter), program committee of PISA, extended committee member in HTCIA (Asia Pacific Chapter) and actively provided various technical seminar sessions to the practitioners in Hong Kong.

Other certified as GREM (Gold), he is also GCFA and GWAPT holder.

Lawrence, Jason

Jason works for one of the big four accounting firms as an Incident Response Lead focusing on internal incident response and digital forensics. He has developed processes and procedures to reduce incident impact and cost, as well as early identification of incidents.

Jason also serves as the President of the Atlanta chapter of the HTCIA and on the board for directors of the Atlanta chapter of the ISSA.

On his off hours Jason enjoys teaching SANS Forensics curriculum as part of the SANS Mentor program. He holds a masters degree in information security and assurance (MSISA), and numerous security certifications such as: GCFA, GCIH, G2700, CISSP, CHFI, CEH and CISA.

Jason firmly believes that the only way to truly be secure is by educating others, and he lives by this principle. Furthermore, if you take the time and listen, you can learn from anyone, mostly from your students.

Mashburn, David

David Mashburn is currently the IT Security Manager for a global non-profit organization in the Washington, D.C. area. He also has experience working as an IT security professional for several civilian Federal agencies, and over 15 years of experience in IT. He holds a Masters Degree in Computer Science from John Hopkins University, and earned a B.S. from the University of Maryland at College Park. David holds multiple security-related certifications, including CISSP, GPEN, GCIH, GCIA, and CEH. He is also a member of the SANS / GIAC advisory board, and teaches courses in the Cybersecurity curriculum at the University of Maryland - University College.

McDonald, Price

Price has been in the IT industry for the last decade and has focused on Information Security for the past 5 years. He has worked in both the private sector and as a consultant. He is currently the Principal Security Architect for a leading public safety company. His experience includes network engineering, incident response, intrusion analysis, vulnerability assessments and penetration testing. Price currently holds several certifications such as GSEC, GWAPT, GPEN, GXPN, CICP as well as a degree in Information Systems from DeVry University.




McKenzie, Timothy

Timothy McKenzie has more than 15 years of IT and Information Security experience working in financial, government, defense contractor, and service related markets. Timothy has been trained in malware research and exploit development, expert penetration, and forensics work. He uses these skills professionally throughout his daily work, as well as placing within the top 5 in many CTF events. Timothy loves sharing the vast knowledge he has acquired to give back to the Information Security community.

McNicol, Andrew

Andrew is a security geek who enjoys learning about all things security. By day Andrew works as a DoD contractor for Secure Mission Solutions providing an array of security consulting services. By night he is researching, coding, or "geeking out" with the members of Primal Security Podcast.

Andrew holds numerous qualifications in the security industry, including, but not limited to GIAC (GPEN, GCFA, GCIA, GCIH, GREM, GSEC), OSWP, and CISSP. He plans to continue his quest for knowledge by pursuing the GIAC Security Expert (GSE) certification. Andrew looks forward to helping as many as he can on his way to GSE.



Millar, Thomas

Thomas (CISSP,GCIH) has been working in the information technology field since 1996 where he has worked in field IT service positions. Thomas worked as a Field Support technician for the faculty and staff at Santa Clara University in Northern California with a focus on malware remediation and leveraging Linux solutions to complex security and networking issues. As of May 2008, Thomas has worked as a computer forensics and incident response analyst in the Western United States. He also spent 12 months on a combat-tour deployment in Southwest Asia in a Computer Network Defense (CND) role and served as a vulnerability assessment analyst for the US Army. Thomas attended Forensics Response training at Carnegie Mellon University (CMU) and was asked to deliver and teach this course to military audiences. Thomas is currently serving as a US Army Warrant Officer for the Army Reserve Information Operations Command (ARIOC) delivering support to the National Security Agency (NSA) in their yearly service academy exercises; performs training with and supports the US Army Regional Computer Emergency Response Team-Continental United States (RCERT-CONUS); when he was deployed to the Middle East, Thomas served with the US Army Regional Computer Emergency Response Team-Southwest Asia (RCERT-SWA) and was posted all over Afghanistan and Iraq. Thomas is currently holding the certifications for the EC Councils Certified Ethical Hacker (CEH), Guidance Softwares EnCase Certified Examiner (EnCE), Comptia Security+, and SANS GIAC Reverse Engineering Malware (GREM) and Certified Incident Handler (GCIH), and the (ISC)^2 Certified Information Systems Security Professional (CISSP) certifications. n addition Thomas is currently qualified for the US Department of Defense as a Digital Media Collector as a result in training the Defense Cyber Investigations Training Academy (DCITA).

Moss, Aaron

Aaron Moss has over 10 years in Information Technology, working in positions ranging from Helpdesk to IT Manager. He is very passionate about IT, especially InfoSec. He currently holds the GIAC GSEC certification, a Bachelor's in Information Systems Security from ITT Technical Institute, and is working towards completing other non-GIAC certs, such as Cisco's CCNA and VMware's VCP. Aaron is very excited to be helping people achieve their goals, and learn something new everyday. He loved taking the GSEC course and exam and wants to help someone else accomplish their dreams too.

Neely, Lee

Lee Neely is a senior IT and security professional at Lawrence Livermore National Laboratory (LLNL) with over 25 years of experience. He has been involved in many aspects of IT from system integration and quality testing to system and security architecture at LLNL since 1986. He has had extensive experience with a wide variety of technology and applications from point implementations to enterprise solutions. Lee has worked with securing information systems since he installed his first firewall in 1989. As part of LLNL's Cyber Security Program (CSP) he leads their new technology group, working with programs to develop secure implementations of new technology. Lee was instrumental in developing LLNL's secure configurations, risk assessments and policy updates required for iOS, Android, BlackBerry and Windows Mobile Devices. He has worked to evolve solutions for both corporate and BYOD requirements. Lee worked with the SANS SCORE project to develop the iOS Step-by-Step configuration guide as well as the Mobile Device Configuration Checklist which is included in the SEC 575 course. He teaches cyber security courses at LLNL, including the new manager cyber security training, and Information System Security Officer training. Lee has a Bachelors in Computer Science from Cal State Hayward and holds several security certifications including GMOB, CISSP, CISA, CISM and CRISC. He is also the Technology Director for the ISC2 EastBay Chapter.

You can keep up with Lee @lelandneely

Offenberg, Joel

Joel Offenberg works for Vantage Systems, Inc. as a Senior Security Engineer for the Joint Polar Satellite System at NASA's Goddard Space Flight Center. He is also Vantage Systems' Chief Information Security Officer and is a member of the business development team. His current job focus is IT security planning, continuous monitoring and security critical operational systems. Joel has worked as a contractor at NASA's Goddard Space Flight Center since 1991.

Joel holds a B.A. in Physics, an M.S. in Computer Science and CISSP, PMP, GSNA and GSEC certifications. He is a founding member of Information Assurance @ Goddard seminar series, where he is also an occasional speaker.

Joel always enjoys participating in SANS as a learner and is excited to be have the opportunity to share his experience.

Overbaugh, John

John is passionate about security. He holds the CISSP, GWAPT, GSLC and GCIH certifications and is managing director for security services at Caliber Security Partners, a firm dedicated to helping clients achieve higher levels of security. Prior to joining Caliber, he was Director of Security and Compliance for Healthagen, Aetna's emerging businesses division. From 1999 to 2006, he led application security for multiple teams in Microsoft's product groups. John has 19 years of experience in information technology and software, and 15 years of experience in IT security. His security and compliance back-ground is in healthcare and secure development. John is married and enjoys time spent with his lovely wife and their six children.

Pabon, Miguel

Miguel Pabon is a recognized Information Assurance (IA) subject matter expert with over twenty years of experience. He is currently a Manager within the Corporate IT Security Organization, where he is responsible for the security integration of all company acquisitions. Prior to his current position, Mr. Pabon was Manager of IT Security Special Technologies & Analysis Team (forensics, eDiscovery, malware analysis, reverse engineering, cyber security R&D). His over20 years of combined defense and commercial experience in the fields of cyber security, information assurance, embedded systems, kernel mode and driver development, software engineering, Service Oriented Architecture (SOA), vulnerability assessments / penetration testing provide him with a unique perspective of both the defensive and offensive sides of cyber security. In 2010, Mr. Pabon was the recipient of the Raytheon IT Front Line Leadership Award, which recognizes an individual's contributions to the development of an organization and its advanced capabilities. Mr. Pabon has earned the following industry certifications: Certified Information Systems Security Professional (CISSP), GIAC Reverse Engineering Malware (GREM), Certified Forensic Analyst (GCFA), Certified Intrusion Analyst (GCIA), Security+, LAW PreDiscovery Electronic Data Discovery (EDD), ITIL V3, Six Sigma Specialist. As part of his continued educational endeavors, Mr. Pabon has earned a Bachelors Degree in Computer Engineering from the University of Puerto Rico at Mayagez, as well as being a graduate of the MIT Sloan School of Management, Management & Leadership Program.

Perryman, Kevin

Kevin Perryman started working with computers when he was 11 years old. Over the years Kevin has developed programs in 30+ computer languages, built personal computers from scratch and repaired computer hardware. Kevin has spent time reverse engineered software and data structures when the developing companies no longer supported their products. Long before it was called Forensic Data Recovery, Kevin developed his data recovery skills working for previous employers when hardware would fail. Using commercial applications, and when needed writing his own programs, to extract critical data elements from failed hard drives, floppy disk, zip drives and CD media. Kevin has developed skills in remote technical computing, data recovery, data analysis and email tracing. Kevin currently is self-employed providing IT Support to small business while also working as a Private Investigator.

Peterson, Lisa

Lisa Peterson CISA, CRISC, CISSP has worked in Information Security for 20 years, and is a Security Analyst for Progressive Insurance. Her current focus is in governance, risk and compliance. She is a part-time instructor at Cleveland State University and also speaks on security topics. She serves on the board for the Information Security Summit, the Northeast Ohio chapter of ISACA, and the Northeast Ohio chapter of CSA.

Pierson, Jeremy

Jeremy has worked in networking for the past 20 years, with an emphasis on security over the last 5. Jeremy earned a Master's Degree from the Minnesota School of Business in Information Technology. He is a founding member of Salt Lake City's hacker community, DC801. When he's not playing with packet captures or staring at source code, Jeremy can usually be found snowboarding or mountain biking throughout the Rockies.

Rivera, Domingo

Experience: Vice president of Infosec and forensics at AVM Technology, LLC Cyber Operations with U.S. Marine Corps Attorney specialized in Internet Law and president of the Rivera Law Group Accomplishments and Certs: GPEN, GCIH, GSLC CCE Admitted to the Virginia State Bar Websites: I would be excited to to mentor the course as it would be a great opportunity to apply my knowledge and skills in order to assist others and improve the profession while improving myself.

Schallock, Felix

Felix has more than 20 years of experience in IT and IT security. He held positions as IT systems engineer and IT advisory manager at a big four company. He has experience in IS management, IS auditing, IS consulting, attack & penetration testing, and IT forensics. He holds a BSc (hons) in science of computing (University of Derby) and a postgraduate certificate in business administration (Open University). His certifications include among others CISA, CISM, CISSP, GCUX, and EnCE. He was a key contributor to the OSSTMM.

He enjoys sharing his knowledge and learning from peers. He is looking forward to active discussions in class.

Scheidel, Greg

Greg Scheidel has over 20 years of hands-on experience in IT including desktop and server support, network design and implementation, application development and programming, IT service management, IT security, and information assurance. He currently leads the security branch of a large program responsible for providing security engineering, Assessment and Authorization (A&A) support and assessment activities, and general information assurance and security advice and recommendations. Greg excels at communicating with technical and non-technical stakeholders, firmly believes IT and security must serve business needs rather than exist for their own sake, and is passionate about teaching others while reinforcing and honing his own knowledge.

Simpson, James

James is a security professional with over 10 years industry experience. He has worked in web development, UI design, business analysis, data centre migration and information security. Within information security field, he has been responsible for PCI certification programs with multiple companies, security architecture and most recently working on the Computer and Incident Response Team for a 50-Billion-Euro-a-year multinational. He has professional experience in both public and private sectors as well as in financial services organisations. He brings a business perspective to the security sector.

James holds a GSEC certification, a postgraduate Diploma in Applied Business Management from Warwick Business School and a BSc Hons in Virtual Reality Systems from the University of Huddersfield.

In addition, he is a keen snowboarder and would prefer to be 4 feet deep in powder rather than sat behind a computer.

Skora, Joseph

Mr. Skora holds a M.S. degree in Information Systems and a B.S. in Computer and Information Science and has over 25 years of experience developing, deploying, integrating, and maintaining enterprise scale systems that combine hardware, software, database, and infrastructure components to solve problems in public and private sectors. He is a Sun Certified Java Programmer and Developer and passed IBM's InfoSphere Streams Technical Mastery Exam. As a result of what he learned in the SANS SEC560 Network Penetration Testing and Ethical Hacking class, Joe scored 95% on the GIAC Penetration Tester certification exam and looks forward to helping other's do the same.

Snow, Selvan

Selvan has been in IT for over 23 years, specializing in Unix/Linux Systems Administration. He has previously worked at the IBM and the US Air Force (focusing on parallel processing and Distributed Security and File Systems). As an IT Manager at Progressive Insurance, he has led teams from IT Operations to Enterprise Architecture. His current focus is IT Security Engineering and Architecture. He is also a Adjunct Professor at Cleveland State University teaching Java and Unix/Linux Systems Programming. His current efforts include an active proposal with the CIS Department to establish a DOH (Department of Homeland Security) accredited Information Security track at CSU.

Squire, Jonathan

Jonathan Squire is a founding member of the Information Security Group of a well known publishing and media company. Jonathans expertise covers a wide range of skills including security architecture, incident response, hacker attack and defense techniques, reverse engineering, and extreme curiosity in how everything works. While working at his day job, Jonathan is credited with accomplishments that include developing an Information Security model for the enterprise, architecting a secure, centralized credit card processing solution, and guiding the design of the security infrastructure deployed throughout many customer facing properties. Mr. Squire is also responsible for providing direction in governance and industry best practices. Jonathan regularly scopes and leads penetration testing and security assessment initiatives, as well as providing guidance for corrective actions and performing debriefings across all levels of the organization. In his spare time, Jonathan is known to enjoy disassembling any piece of technology that cost more than $20 just to find out what else it can do. This propensity for abusing technology is easily witnessed by viewing the buckets of broken parts strewn throughout his basement as well as the creations that rise from the rubble. Jonathan has presented on many of these creations and the flaws that allowed the security to be bypassed on these systems at conferences including BlackHat and Hack in the Box. Jonathan is very passionate about information security and always strives to challenge the status quo and to improve everything he can. Jonathan shares that passion with his student in his teaching style and his genuine willingness to share and engage students in all topics related to information security.

Sult, Lee

Lee is a Forward Deployed Security Engineer at Palantir Technologies and is a member of the InfoSec team. The InfoSec Team's mission is to protect the company and its customers from "evil". Lee's role is to be the primary contact with customers, respond to incidents and continually improve the incident response process. His day to day activities range from analyzing malware to developing procedures, conducting training, and of course writing incident investigation reports. Prior to joining Palantir, Lee was a Senior Security Consultant at Trustwave where he investigated cybercrime and data breaches. He was a member of Trustwave's SpiderLabs - the advanced security team focused on penetration testing, incident response, application security and security research. While at SpiderLabs he lead many breach investigations and had the opportunity to investigate several enterprise-wide data breaches, conduct investigations abroad, and assist with the execution of federal search warrants. Lee also maintains the CISSP, GCIH, and GCFA certifications.

VanNorman, Thomas

Tom has been working with Industrial Control System for the past 20 years in numerous industries. He was been responsible for the design, configuration and maintenance of such systems. Tom is also currently serving part-time in the Air National Guard in a Network Warfare Squadron in the Cyberspace Defense Operations career field. Tom has several certifications to include CISSP, Sec + and a Certified Control Systems Technician (CCST) through The International Society of Automation (ISA).

Waggoner, Alan

Alan Waggoner has 15 years experience working with computers systems and networks. He has a wide range of experience, including firewall management, VOIP, Novell Netware, Windows Servers, MS SQL, Exchange, Citrix XenApp, virtualization technologies, IP cameras, and policy writing. Over the years he has earned certifications from Novell, Microsoft, Citrix, and GIAC.

Waite, James

James Waite is the founder of Assuagent Ltd. He is an experienced professional with over 25 years in the IT industry. His experiences include SIEM systems design and setup, incident handling, intrusion analysis, network and perimeter security, desktop and server security. James Waite also is experienced with developing information security policies / standards / procedures. He is experienced in mid-range and mainframe operations, application development, network server operations, hierarchical storage management and LAN/WAN network design and implementation. Mr. Waites diverse experience provides a valuable understanding of the interactions of software and hardware in a heterogeneous computing and how this affects information security environments. Mr. Waites education and training includes: GIAC Certified Intrusion Analyst GCIA GIAC Certified Incident Handler GCIH GIAC Security Essentials GSEC CompTIA Security+

Wille, Rodger

Rodger has over 14 years of experience in the computer security arena as an Incident Handler and Forensic Analyst. Rodger began his career as a Signals Intelligence Analyst in the US Army conducting Cyber Threat Intelligence. After serving in the Army, Rodger continued support to the Army as a Defense Contractor with the Army Computer Emergency Response Team (ACERT) working as an Incident Handler. Rodger then moved on to a Senior Incident Handler role leading a team of incident handlers for the Regional Computer Emergency Response Team CONUS (RCERT-CONUS) where he responded to security incident involving computer infections and intrusions. Rodger is currently the Federal lead for the Research and Forensics team within the US Department of Health and Human Services Computer Security Incident Response Center (CSIRC) where he is responsible for leading network, memory and disk based forensics, malware analysis and incident response activities. Rodger holds CISSP, DoD CDFE, GCIH and GCFE certifications with goals of completing the EnCE, GCFA and GREM certifications in the near future. He is also pursuing a Masters of Science in Digital Foreniscs at the University of Central Florida. Rodger is excited to mentor his peers in DFIR and Incident Response while learning from their experiences.

Yuwono, Edward

Ed started off his humble beginnings as a tinkerer, fighting boot sector viruses then fell in love with Security.

He has worked on projects both from a technical and a managerial perspective spanning several industries and countries. Currently holding a CISSP, GPEN, GCIH, GCWN amongst others, he is working towards obtaining his GSE.

Ed enjoys socialising with like minded people, thrives on technical, social, managerial challenges and is always ready to assist with worthy challenges.