Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.
Mike Ahrendt is the Information Security Officer for Grand Rapids Community College. He has been working in the industry for several years and has a lot of his experience surrounding digital forensics, incident response, and management. He is both GCFE and GCFA certified. He has been blogging for some time at mikeahrendt.blogspot.com. He also wrote Triage-IR which can be utilized to automate the live analysis of suspected compromised machine. Mike's passion for forensics make him eager to interact with anyone who wishes to get into the topic.
Rafael is currently employed as a Pentester and Ethical Hacker at Ernst & Young. In the past, he worked as a technical security consultant for various organizations and the local government (CSIRT-CV and GVA) in Spain. In the last 7 years he gained experience doing Penetration Testing, Incident Handling, Intrusion Detection and securing environments. Rafael is also a member of the GIAC Advisory Board (SANS Proctor) and a Mentor teacher by SANS Institute. He has a five-year degree in Computer Science and currently holds the CNAP, CISA, GCIH, GPEN, GAWN, GCIA, GCFE and GCFA certifications.
Nik has over 15 years in IT, with the last 5 being more focused on Security. Currently employed as a Consultant for a Managed Security Services Provider, he spends most of his days working primarily with SourceFire, CheckPoint and QRadar (SIEM) products.
His academic credentials include a BSc Computer Science, along with PG Cert (Hons) specialization in VoIP and Wireless Broadband. He also holds industry certifications such as CISSP, GCIA, CCNP Security and R&S, CCMSE +VSX, SFCP, MCSE, MCITP/EA, BCCPA
Very self-motivated and driven, Nik likes sharing his knowledge just as much as he likes learning from others.
Derek Armstrong is an 15+ year veteran of the IT world. He started out as a civilian with the Canadian Armed Forces after receiving his Computer Science degree. Over the years he has moved up the ranks, and involved almost every aspect of IT operations and security. Currently he is a senior information security analyst with the Alberta Health Services specializing in cloud and 3rd party security. He holds the G2700, GCIH, GREM, and CISSP security certifications. Along with a mass of other certifications and courses, he has managed to engage almost every sector of information technology. In addition to his work, he is the current maintainer for the Mozilla Firefox security benchmark from CIS (Center for Internet Security). With his system administration and security background, he is thrilled at being able to pass along some of his knowledge and experience with the Hacker Techniques, Exploits & Incident Handling course from SANS.
Mark started off as a System Administrator for a company, administrating a UNIX network. He moved eventually to full service VAR where he would go to different customer sites installing, configuring and troubleshooting customer related issues. He has a broad view of the industry due to this experience and has applied his knowledge in different environments and industries, from automotive, to law enforcement. He helped to design and build a redundant data center solution across two different states providing the security architecture for it for a Health Care Organization.
Marks drive for knowledge took him in the direction of Intrusion Detection/Prevention, and later to his GCIH in Incident Handling. He was so amazed and humbled by the things being taught by the instructor that he wanted very much to teach others what he had just learned. He attended the SANS at night program to learn how to become a SANS Instructor, and knew at that time, that was the direction he wanted to go. Mark realizes that teaching as a SANS instructor gives him the opportunity to break away from vendor specific security and embrace a much broader view of threats and security related issues outside of just a few vendors viewpoint.
Mark is also a Black Belt instructor and believes, you may be an instructor, but you are always a student. This humbling attitude approach to being an instructor keeps your skills sharp. Helping others to learn helps you to learn.
David Bernal Michelena holds a bachelors degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since July 2013, he is a member of Security Events team at Alstom, a world leader company in energy and transport solutions. Alstom has a huge network, formed by about 80,000 hosts and servers distributed worldwide. He was attracted by the challenge that represents defending such a large network, having the opportunity to use and enhance Alstom cutting edge technologies and applying his forensic abilities to bring value to the team. His main activities are incident response, security patching management, malware analysis and remediation, forensic analysis, IPS/IDS and correlation management and optimization.
He formerly served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitums clients. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
In November 2010, David was one of the main instructors in the forensics workshop on LINUX systems at the prestigious local event UNAM security conference. From August 2009 to July 2011 he worked as an incident handler and forensic analyst in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico.
In August 2010, he was one of the winners of Honeynet 5th Forensic Challenge, log mysteries. In 2011 he gave his first SANS 508 Advanced Computer Forensic and Incident Response course in Mexico, in 2013 he gave his second course. He loves teaching, specially InfoSec courses.
David is GCFA, GCFE and Access Data certified. He also likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to play the piano.
Doc Blackburn, CISSP, has 15 years of professional, and over 30 years personal, experience in system and software design, server and network administration and website programming. His interest in computers started in 1982 when he first started programming in DOS on a Texas Instruments TI-99 4a and continued as a dedicated computer hobbyist until he decided to make information technology a full-time career. He ran a successful IT consulting, hosting and design firm for 12 years until he found his passion was in systems security and compliance. His well-rounded experience includes hardware, software, network design, management, administration, systems security and compliance. He has vast experience at various levels of information technology from support to management. Recently, he has been heavily involved in the technical design and implementation of NIH approved FISMA compliant information systems. He holds ITIL, CISSP, and GIAC GSEC and GSLC certifications along with a Bachelor's degree from the University of Arizona. He is a Masters student at SANS Technology Institute (STI) pursuing a Master of Science Degree in Information Security Management. He is currently the Security Administrator for the Colorado School of Public Health at the University of Colorado.
"In my professional career I have recruited, hired, trained and mentored several highly technical individuals to excel in their professional development and an excited to do the same through the SANS Mentor program. I have a blog at http://docblackburn.blogspot.com explaining cyber-security to non-technical users in language and terms they can understand."
Duane is well-rounded professional with over six years' experience in security, including cryptography, two-factor authentication, U.S. border security planning, threat entity resolution, social engineering, and non-destructive entry. Duane holds an AAS in electronic engineering, a BA in foreign langauges, an MA in linguistics. He is a CISSP and GPEN, and is working toward the GSE and OSCP. He has two patents pending and continues to pursue research professionally and independently. Ever the thrill seeker, Duane spends his free time mountain biking, kayaking, and guiding whitewater rafters. He has lived in China and Mongolia and eaten more types of protien than many people can name. He is very excited to be mentoring SEC 560 as it contains the highest volume of hands-on material of all the SANS courses, and offers something for everyone. He loves technology and teaching, and especially loves combining the two. You can keep up with Duane at FooLionInfoSec.com and @FooLionInfoSec.
Over the course of Serges 10+ years as a security professional he has had the opportunity to work for various organizations and clients on all sorts of initiatives, ranging from implementing transparent biometric user authentication in online banking applications to dumpster diving and penetration testing. Serge earned his Bachelors of Science degree in Electronic Business Management and a Masters of Science degree in Computer Systems Security prior to earning the CISSP and three SANS certifications: GPEN, GCFA and GWAPT. Prior to his current role, Serge was responsible for application security, fraud prevention, audit compliance, vulnerability assessing, security awareness and the like in a electronic banking environment encompassing hundreds of servers, thousands of websites and over one million unique end users. During his most recent SANS NetWars competition (Q2 2013) Serge placed in the top 5 and subsequently plans to take up the invitation to the tournament of champions in December 2013. Serge currently holds two SANS challenge coins.
After 10 years of consulting, Fred was rightfully pegged as the technical expert. He wouldd walk in, quickly assess the situation, highlight pertinent issues, offer insightful mitigations, and then walk away. Being the Information Security Officer at a Health Care company for the last 7 years, Fred has quickly realized that life on the other side of the fence is not as simple as that; compare a sprint to a marathon. Because of his development background, Freds contribution bridges the gap between the traditional IT Security and Software Engineering worlds. Fred has contributed to the Security world in numerous ways including publishing tools such as ApSniff or ComBust, speaking at security conferences such as BlackHat as well as teaching different security related classes.
Not only has Mr. Corll worked in many different environments, but he has worked in many roles, both internal and external. He has been the auditor who validates processes and ensures compliance as well as being the internal security engineer who implements policies and makes changes necessary for that compliance.
Recently Mr. Corll was able to participate in the information security group at a Fortune 500 company and own (5) processes that were required for ISO 27001 certification. Thanks to his dedication in working with the auditing and compliance group, and his work with the external auditors, his company was awarded that certification.
To validate knowledge Mr. Corll has also obtained multiple security related IT certifications. These include: CISSP, SANS GCFA, and GSNA. Former certifications range from: Solaris SCSA, CheckPoint CCSE, Cisco CCNA, and MCSE+I). By having multiple SANS certifications Mr. Corll is able to reference the differing classes and make recommendations on the students attending the other courses if they want in-depth training in that area.
Chris is currently a Chief Information Security Officer at Sharecat Solutions, administering the security challenges of a medium sized, multi country business. Along with a lot of security expertise, Chris also has a background in system development and application management. His vast amount of experience within the many different areas of IT has worked as an excellent precursor for his security enthusiasm.
Chris is an open, sharing, and fun person to be around. He is enthusiastic and motivating as well as positive and optimistic. A fun day for Chris is when he is penetration testing, problem solving or discussing program code or network protocols. He is passionate about security, both IT and physical security and his favorite part is web application security.
Inspired by people like Ed Skoudis, Chris is an aspiring security professional. He is driven by mottos like "Magic is just science we don't understand yet" and "Think bad, do good". Chris looks forward to teaching and sharing his experience with his students. You can learn more about Chris via:
13 years of IT Experience
Systems Development: Unix, Linux, Windows, Networking Technologies
Security: Penetration Testing, Source Code Analysis, Vulnerability Assessment, Certification and Accreditation, Security Policy
GIAC Certified Web Application Penetration Tester (GWAPT)
Certified Information Systems Security Professional (CISSP)
NSA Information Assurance Methodology (IAM)
Sun Certified System Administrator (SCSA)
Microsoft Certified Systems Engineer (MCSE)
BS Major: Computer Networking / Minor: Business Management
Why you are excited to be mentoring this course?
I am excited to teach this course because I feel that it is very important to get the knowledge of penetration testing into the hands of our network defenders. It is time for the people that are charged with the responsibility of defending our networks to be trained in the techniques that our attackers use. This allows our defenders to better test existing infrastructure and devise better mitigating strategies.
Jason has been practicing in the technology industry for 10 years. Security has always been a major focus, and his sole focus for 4 years.
Jason has an ardent interest for following trends and identifying new technologies and relevant applications. His devotion to continuous learning and research keeps him ahead of the curve. He currently holds GSLC and GSEC certifications.
Currently employed as a Technology Security and Compliance Manager, he has working knowledge of various security related technologies and vendors. Such technologies include Rapid 7 Nexpose and Metasploit, Logrhythm SIEM, and Palo Alto Networks Next Gen Firewalls. Working specifically in the realms PCI-DSS Compliance, and SOX Compliance, Jason has experience with leading, deploying, and evaluating compliance programs.
Recently, Jason obtained his first SANS Challenge Coin (RMO) during his SEC504 training by being a member of the SEC504 Capture the Flag winning team at SANS Chicago 2013.
Jason has a great ability to communicate technical concepts in a non-technical manner, and welcomes the opportunity to share his knowledge and experience.
Jeremy Druin works as an internal pen-tester, incident responder, and defect-remediation expert for a multi-national transportation logistics company. Other responsibilities include web vulnerability assessment operations, setting application and database security standards, creating developer training programs, and teaching developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae 2.x training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.
Sandra (Sandy) Dunn has over 20 years in the software and hardware industry. Initially starting out in Software and hardware sales she worked with NASA, JPL, Secret Service, IRS, and other Federal Agencies to determine their Server, PC, and Notebook sales. At HP she has worked as a Digital Sending & Security Analyst for HP MFP printers on the Competitive Intelligence team, an ACT Engineer for the Accreditation team for HP that certifies partner solutions with her focus being on security & regulatory, a Security Engineer on the Inkjet PSO team and has just joined the HP Cyber Security team as a Cyber Security Engagement Manager. She has a CISSP, Security +, ISTQB, SANS GSEC, GWAPT, GCPM and is a SANS Mentor. She has two children, a wonderful husband, too many horses and lives outside of Boise Idaho.
Linkedin Profile www.linkedin.com/pub/sandra-dunn-cissp/10/974/472/
Mark Elliott has served as an information security professional since 1999 and an information technology professional since taking his first class in computer programming in 1988. He is a retired Army Warrant Officer, having served over 34 years in the Army and the Army National Guard. He has conducted numerous red-team and blue-team assessments and is currently the lead security engineer on a government contract. He holds the CISSP, GCIH, and GCED.
Joseph W. Fisher, President, Affinity IT Security Services firstname.lastname@example.org Mr. Fisher has been providing technical consulting and training since 1993, and has literally trained thousands of students around the world in a wide variety of IT topics in Cybersecurity, Software Development, and Project Management. To combine his passion for IT security with his extensive experience in application development, Mr. Fisher formed Affinity IT Security Services to offer the following services: IT Security Assessments Secure Application Development Consulting Web Application Security Testing A hands-on practitioner, he is equally comfortable dealing with project teams and C-level executives. A dynamic and engaging speaker, in addition to his role as an consultant Joe has spoken on IT Security topics at QCon NY, OWASP NYC, JavaSIG NYC, NJMMA, Morris County Chamber of Commerce, and Regional IIB meetings. Mr. Fisher holds an undergraduate degree in Computer Science from Merrimack College, a Graduate degree in Computer Science from Rensselaer Polytechnic Institute, and an MBA from Fairleigh Dickinson University. He is a former Member of the Technical Staff at AT&T Bell Laboratories. He is an active member in the New Jersey Chapter of the Society for Information Management (SIM) and serves on its Executive Council. He also serves on the Board of the Sturge-Weber Foundation, a non-profit organization funding research and family support for affected families
David Fletcher is the network manager at Selfridge Air National Guard Base in Mount Clemens, MI. Having worked in information technology for the United States Air Force for 20 years, he has extensive experience in information technology and cyber security. Over the course of his career his roles have included network defense and intrusion analysis, network administration, database administration, and web application development. Within the Air Force he has experience supporting the legal, educational, guard/reserve, special operations, and conventional warfighting communities.
David has completed a bachelor's degree in Electrical Engineering through the University of West Florida and is currently enrolled in the Master's of Information Security Engineering program through the SANS Technology Institute. In addition, he is GSEC, GCIA, GCIH, GISP, GAWN, GWAPT, GPEN, and GCFA certified.
Jarrod started on computers in elementary school on a TRS-80, and moved through the years to the Apple II, the Macintosh, and eventually the PC. After working for a couple of years as the unofficial "computer guy" in his department, he transitioned into a full-time IT role in the mid-1990s, eventually working on projects involving wireless networking and PKI cryptography. Since then has held a strong interest in the cat-and-mouse games between attacker and defender. He's worked in a variety of industries, including medical manufacturing, financial, energy, and local government, learning that while every environment is different, no environment is truly unique. For the last few years, he's been involved in security operations at an ACS, Inc., contract at the County of Orange, overseeing a wireless networking deployment and taking a strong role in re-engineering the County's security infrastructure, among many other projects. He holds a GAWN and GCIH, and has no plans to stop with those.
Eric Fulton is a specialist in network penetration testing and web application assessments. His clients have included numerous Fortune 100 companies, international financial institutions, global insurance firms, government entities, telecommunications companies, as well as world renowned academic and cultural institutions. Eric has spoken at the global hacker conference Defcon, taught at the prestigious Blackhat Conference, and has spoken at numerous community events. Recently, Eric founded SubSector Solutions, a world-class information security company based in Bozeman Montana and mentors for the SANS Institute. Eric contracts with a diverse range of companies and governments, presents bleeding edge research at national and international conferences, and creates game-changing technologies through advanced research. In his free time Eric enjoys the Montana outdoors and lobbies for increased privacy legislation
After serving the country in the United States Navy for 8 years, Charles (Chip) Greene began his career in Information Technology. Over the next 18 years, Chip has held positions in Support, Design, Research and Development, Education, Disaster Recovery, and most recently in Information Security. As a Senior Information Security Analyst, Chip leads the Identity and Access Management Team at Virginia Commonwealth University Health Systems. Chip has received a Bachelor's Degree in Information Systems from Virginia Commonwealth University, and a Master's Degree in Disaster Sciences from the University of Richmond. He currently holds a GIAC Security Leadership Certification and previously held the Cisco Certified Security Professional certification. Mr. Greene was also honored with an Outstanding Educational Performance Award from the University of Richmond upon graduation from his Masters program. Education and training are extremely important to ones career and Chip believes that it is important for everyone to take advantage of the opportunities presented to them. The SANS Mentor Program is an outstanding way for Information Technology Professionals to gather, learn and develop from each others experiences and knowledge.
Matthew J. Harmon brings two decades of security industry knowledge, international standards development experience, penetration testing and incident response and a deep understanding of underlying technologies to his sessions. Having consulted for many fortune, government, and not-for-profit organizations, Matthew is familiar with the day-to-day challenges of businesses today. Mr. Harmon is the owner, security researcher and consultant for IT Risk Limited based out of Minneapolis, Minnesota and frequently presents at conferences and for security associations.
James Harris got his first job in information security at the age of 15, as the administrator of a BTI-4000 mainframe for his high school in Durham, NC, and at age 16 added a second part-time job assembling and testing computers at a small PC integrator called Dramen Computers.
After earning his degree in Physics from North Carolina State University in 1994, Jim went to work at IBM as a hardware engineer for the PC Company, specializing in the design of computer graphics and video systems. Jim was one of the founders of the Digital Display Working Group, and helped author the DVI specification. In 2000, Jims work on DVI led to a job as a Senior Field Applications Engineer with Silicon Image in, a semiconductor company specializing in high speed serial digital interface chips, where he worked helping to design Silicon Image parts into digital video and high-speed storage systems.
After the tragic events of 9/11, Jim decided to go to work as an FBI Special Agent. His first field office assignment was in the Sacramento, CA field office, where he worked mostly cybercrime matters, specializing in Internet Crimes Against Children. Jim worked heavily in Computer Forensics as a member of the FBI CART team, earning his Encase Certified Examiner status in 2007. In 2009, Jim became the supervisor of the Cyber Squad in Sacramento, as well as the Commander of the Federal Cyber Crime Task Force there. Jim earned his ISC^2 CISSP certification that same year. In 2010, Jim was selected to a supervisory position at FBI Headquarters Cyber Division, and served in a number of positions, including as the Senior Liaison Officer to the United States Computer Emergency Readiness Team (US-CERT). In 2012, Jim earned his GSEC certification, and later that same year became the Assistant Section Chief of the FBI's Counterterrorism Internet Operations Section.
Jim left the FBI in 2013 to go to work for Obsidian Analysis, A Washington, DC-based professional services firm providing analytical and policy consulting for homeland security, national security, and intelligence decision makers. As the Senior Specialist for Cybersecurity, Jim advises clients on policy and preparedness in Cybersecurity. Jim's enjoys hearing himself speak, and can't wait to teach others!
David Hazar is a seasoned IT security professional with a broad technical background that includes experience in both network and application penetration testing, software analysis, design, and development, database development and administration, network/server analysis, design, and administration, data center design and implementation, technical support, and telecommunications. He holds both a Bachelor of Science, Informaiton Systems and a Master of Information Systems Management from Brigham Young University. He is currently employed by Aetna as an Information Security Architect. He holds the CISSP, GCIA, GCIH, Certified FAIR Risk Analyst, MCDBA, and ITIL v3 Foundation certifications and has previously held both the CCNA and CCNP certifications from Cisco.
Justin Henderson is a passionate and dedicated Information Technology professional. He has been in the Information Technology field since 2005. Justin has a proven desire and ability to achieve comprehensive industry training and uses his knowledge and experience to mentor others. Justin has a high proficiency in technical platforms including operating systems, networking, security, storage, and virtualization but has also applied himself in governance, project management, as well as service management. Currently, Justin holds a Bachelors of Science in Network Design and Administration from Western Governors University and has over 40 certifications some of which are below: Networking - Cisco Certified Network Associate Virtualization - VMware Certified Professional 5 and VMware Certified Professional 5: Desktop Database - MySQL 5 Database Administrator Governance/Service/Project Management - Project Management Professional, ITIL Continual Service Improvement, Certified in Risk and Information Systems Control, Certified Information Security Manager Microsoft - Microsoft Certified Information Technology Professional: Enterprise Administrator and Microsoft Certified Security Engineer 2003: Security Security - GIAC Penetration Tester, GIAC Windows Security Administrator Certification, Licensed Penetration Tester, Certified Ethical Hacker v5, Computer Hacking Forensics Investigator, EC-Council Certified Security Analyst, Tenable Certified Nessus Auditor, Certified Sonicwall Security Administrator, Certified Information Systems Security Professional, Security+ Justin has also taught Network Security at Lake Land College. Some of his other achievements include mentoring individuals in the Information Technology field as well as developing the virtual dojo, a fully automated Cloud Computing solution showcase environment.
Mr. Hoffman has been working in the information field for over 15 years supporting federal government, commercial and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He holds many industry-recognized certifications such as SANS's GAWN, GWAPT and GPEN as well as the CEH and CISSP and has many years of hands-on, real-world penetration testing experience that he brings to each of his teaching engagements.
Chris is the Director of Enterprise Security Services for Continuum Worldwide. Chris has experience working across multiple industries in the areas of penetration testing, regulatory compliance, intrusion detection, and program assessments. He holds a MBA, a Masters Degree in MIS with an emphasis in Information Assurance from the Peter Kiewit Institute at the University of Nebraska-Omaha and is a SANS Institute mentor. In addition, he holds the CISSP, CISA, GSE, GCIA Gold, GSEC, GCIH, GCWN, GCFA, GWAPT, GPEN, GXPN, Splunk Certified Architect, and PCI QSA certifications.
Mike has eighteen years experience in the control system industry, in system design and delivery. Mike earned his Bachelor of Science in Electrical Engineering from Case Western Reserve University in Cleveland OH. Mike has earned his GSEC and GCIH certifications and considers information security to be an exciting area to grow in.
Yorkvik Jacqmin was born in Brussels in 1987, and completed a degree in civil engineering specialising in electronics in 2010 at the University of Louvain. After his studies, he was employed by Altran as a technical consultant, and was also part of the CERT.be (the Belgian Computer Emergency Team) as a security analyst and incident responder. In 2012 he created his own consulting company called SiSEC. He loves exchanging experiences, especially in security, with people while teaching.
Cliff's professional career started 18+ years ago as a help desk analyst supporting mainframes and dial-up internet. He progressed through desktop support, desktop management and server administration and joined the security team in late 2008. The wide diversity of topics in security has Cliff thirsting for knowledge like he was a teenager again.
Cliff currently holds CISSP, GPEN, GWAPT, OSCP, MCSA 2000/2003 and Security+ certifications.
Occasionally (read rarely), Cliff will add something mildly informative to infosecandotherstuff.blogspot.com.
Please see my linked in account for now. I will update this later:http://www.linkedin.com/pub/david-klassen/1/586/94a
Sundar is SANS-GISF and GSEC certified and a senior software development leader with IMS Appature in Seattle. He earned the title of "Professor Sundar" from his previous team at Microsoft for teaching skills and has trained multiple teams on different aspects of software development. To make you think about information security the same way you think about physical security for yourself and your family is the holy grail. He is @sundarnut on Twitter for the latest #infosec topics, trends and incidents. Sundar aims to be a mentor so he can inculcate security as a fundamental technical trait and make it the best lecture you've ever taken!
Aaron Lafferty holds a CISSP, and GSNA. He has been involved in information security for nearly a decade, and in information technology in general for over 15 years. With a BA in International Studies - Security and Intelligence from The Ohio State University, he is often looking for interesting and innovative ways to blend intelligence into information security. He currently serves on the board of the Central Ohio ISSA, and appreciates the chance to give back to the information security community through teaching.
Anthony should be the first Hong Konger publishing GREM gold paper and speaking in Blackhat USA 2010, DEFCON 18, DEFCON 19 as well as Hack-In-Taiwan and has set up a security research group called VXRL (www.vxrl.org) in HK, which connects various hackers and security researchers in the planet and co-found Xecure Lab (www.xecure-lab.com) on APT research and detection service. Frankie and Anthony as well as another VX fellow, DDL, has published a case studies paper about APT case studies accepted by IEEE Malware 2011 conference.
He is the chairman of OWASP (HK Chapter), program committee of PISA, extended committee member in HTCIA (Asia Pacific Chapter) and actively provided various technical seminar sessions to the practitioners in Hong Kong.
Other certified as GREM (Gold), he is also GCFA and GWAPT holder.
Troy is an accomplished IT Professional with extensive experience on military and commercial networks alike. His expertise at the local and enterprise levels, for both the defense and operations silos, makes him uniquely suited to address a wide range of issues that can affect systems and critical infrastructure applications.
He has spent most of his career supporting the Department of Defense, first as a Marine, then as a contractor, and finally as Civilian, although he has spent time in the private sector as a IT consultant as well. He is currently pursuing a MS in Information Systems Computer Security Management degree, has earned a BS in Computer Networking degree, and holds certifications in multiple disciplines.
His certifications include: CISM, CISSP, GPEN, CEH, MCITP: Server Administrator, MCSA on Windows Server 2008, MCSE/MCSA: Security on Windows 2003/2000, ITIL v3 Foundation, Security+, Network+, and A+.
Jason works for one of the big four accounting firms as an Incident Response Lead focusing on internal incident response and digital forensics. He has developed processes and procedures to reduce incident impact and cost, as well as early identification of incidents.
Jason also serves as the President of the Atlanta chapter of the HTCIA and on the board for directors of the Atlanta chapter of the ISSA.
On his off hours Jason enjoys teaching SANS Forensics curriculum as part of the SANS Mentor program. He holds a masters degree in information security and assurance (MSISA), and numerous security certifications such as: GCFA, GCIH, G2700, CISSP, CHFI, CEH and CISA.
Jason firmly believes that the only way to truly be secure is by educating others, and he lives by this principle. Furthermore, if you take the time and listen, you can learn from anyone, mostly from your students.
JD Lovering is an experienced IT professional with a focus on virtualization, network security, and *nix operating systems. He has deployed several multi-tiered web applications using geographically disparate data centers and global load balancing technologies. He currently works as a contractor to the Department of Defense evaluating, designing, and deploying secure multi-tiered web application architectures. Mr. Lovering holds a B.S. in Industrial and Systems Engineering from the University of Florida and several certifications including GIAC GSEC, Cisco CCNA, VMware VCP, and CompTIA Security +. He was born in Tampa, Florida and currently lives in Slidell, LA.
Currently, he is part of a team that architects, implements, supports and manages a wide variety of network security solutions while also working with other groups on a range of other activities such as incident response and electronic investigation.
Stephen says, "I have had the good fortune to see the IT and security worlds from a variety of perspectives. I have experienced the challenges of security practice on both a very small and very large scale. I very much enjoy technology and love getting my fingers into everything. Mentoring the material will help to keep it fresh in my mind and I expect that I will be able to learn some things from students as well." He looks forward to the personal networking that will also occur within this class.
He currently holds several GIAC certifications
Information security professional with 14 years experience in network and security operations. Steve has 6 years of teaching experience with last 3 years focusing on information assurance and security. He has a proven ability dissect concepts into component parts and help inexperienced or non-technical students gain an understanding of complex or non-intuitive concepts. He holds several industry certifications including the GSEC and CISSP.
Price has been in the IT industry for the last decade and has focused on Information Security for the past 5 years. He has worked in both the private sector and as a consultant. He is currently a Sr. Information Security Officer for a leading public safety company. His experience includes network engineering, incident response, intrusion analysis, vulnerability assessments and penetration testing. Price currently holds several certifications such as GSEC, GWAPT, GPEN, GXPN, CICP as well as a degree in Information Systems from DeVry University.
Timothy McKenzie has more than 15 years of IT and Information Security experience working in financial, government, defense contractor, and service related markets. Timothy has been trained in malware research and exploit development, expert penetration, and forensics work. He uses these skills professionally throughout his daily work, as well as placing within the top 5 in many CTF events. Timothy loves sharing the vast knowledge he has acquired to give back to the Information Security community.
Philip McNamara is an Information Technology veteran with 20 years experience. He started back when PC networks were new, Token Ring was something special, and PIX Firewalls booted from a floppy disk. Over the years Mr. McNamara has transitioned from Network Engineering, through Enterprise Operations to his current role in Enterprise Network Security. Though his efforts have primarily been in the Health Care market, security and incident response have always been a responsibility. As a SANs mentor, Philip would like to build on that experience and be able to share it with others.
Paul has a passion for teaching and training new cyberwarriors in the never ending arms race against malicious network intrusions.
Paul currently holds the following industry certifications:
On learning hacking techniques to better know how to defend against them;
Know thy self, know thy enemy. A thousand battles, a thousand victories. Sun Tzu
Jose Manuel Mendez is at present a security consultant for Unisys Corporation. He has been working for more than 11 years in security policies and architectures definition and implementation and deployment of them in big local and top worldwide companies as well as local government. He also has a deep knowledge and experience in the SIEM field where he has been involved in the last 4 years in SIEM projects for big telecom companies and banks. He currently holds the CISSP, GCIH, GPEN, and GSEC certifications as well as several product certifications like Cisco CCNP Security, CCSP, ArcSight ACIA, ArcSight ACSA, CheckPoint CCSE NG.
Steve maintains a deep professional and personal interest in many aspects of Information Technology, with a focus on Information Security . He has professional experience in IT and security consulting, penetration testing (external, internal, wifi, web app), network troubleshooting, server and desktop support, technical documentation management, end user education & small project management. Steve is proficient with all Windows operating systems, comfortable with Linux CLI and Cisco IOS. He is educated and certified in network, systems and security fundamentals as well as advanced topics. Steve received his CISSP from ISC2 in 2012 and maintains additional certifications from GIAC, Microsoft, Cisco, and CompTIA.
William possesses a rich background in the field of Information Technology, spanning a period of over fifteen years. He works in an eCommerce environment, which utilizes his knowledge of technology, passion for quality and security, and love for life-long learning. He has an interest in Penetration Testing, Vulnerability Management, and Identity Access Management. He has had roles in each of these as a Security Engineer.
His long-term career goals include Incident Management, Web and Application Pen Testing, and IT Middle Management.
Specialties: experience installing, supporting, and troubleshooting a variety of hardware and software. He has implemented IP video surveillance systems, as well as Voice over IP (VOIP) phone systems. He has also worked with some Log Monitoring, and Security Information and Event Management (SIEM) tools.
In his spare time, Patrick enjoys amateur radio (he holds an amateur extra class license), electronics, bowling, sailing, and photography. He is also a Debian Developer with the Debian Project.
Patrick earned a B.S. degree in Physics from the University of Toledo, and has pursued graduate studies in Astronomy and Theology.
Patrick is excited to be mentoring for SANS because mentoring provides an opportunity develop a one on one relationship with the students as they learn the material and how it applies to their environment.
Miguel Pabon is a recognized Information Assurance (IA) subject matter expert with over twenty years of experience. He is currently a Manager within the Corporate IT Security Organization, where he is responsible for the security integration of all company acquisitions. Prior to his current position, Mr. Pabon was Manager of IT Security Special Technologies & Analysis Team (forensics, eDiscovery, malware analysis, reverse engineering, cyber security R&D). His over20 years of combined defense and commercial experience in the fields of cyber security, information assurance, embedded systems, kernel mode and driver development, software engineering, Service Oriented Architecture (SOA), vulnerability assessments / penetration testing provide him with a unique perspective of both the defensive and offensive sides of cyber security. In 2010, Mr. Pabon was the recipient of the Raytheon IT Front Line Leadership Award, which recognizes an individual's contributions to the development of an organization and its advanced capabilities. Mr. Pabon has earned the following industry certifications: Certified Information Systems Security Professional (CISSP), GIAC Reverse Engineering Malware (GREM), Certified Forensic Analyst (GCFA), Certified Intrusion Analyst (GCIA), Security+, LAW PreDiscovery Electronic Data Discovery (EDD), ITIL V3, Six Sigma Specialist. As part of his continued educational endeavors, Mr. Pabon has earned a Bachelors Degree in Computer Engineering from the University of Puerto Rico at Mayagez, as well as being a graduate of the MIT Sloan School of Management, Management & Leadership Program.
Jeremy has worked in networking for the past 20 years, with an emphasis on security over the last 5. Jeremy earned a Master's Degree from the Minnesota School of Business in Information Technology. He is a founding member of Salt Lake City's hacker community, DC801. When he's not playing with packet captures or staring at source code, Jeremy can usually be found snowboarding or mountain biking throughout the Rockies.
Mike Pilkington is a senior security consultant for a Fortune 500 company in the oil & gas industry. He has been an IT professional since graduating in 1996 from the University of Texas with a B.S. in Mechanical Engineering. Since joining his company in 1997, he has been involved in software quality assurance, systems administration, network administration, and information security. Outside of his normal work schedule, Mike has also been involved with the SANS Institute as a mentor and instructor in the digital forensics program.
Listen to Mike discuss Protecting Privileged Domain Accounts during Live Response in this highly rated SANS webcast that every DFIR professional should listen to.
Rex is an experienced IT and electrical engineering professional with more than 25 years of technical experience, and has spent nearly 30 years working and playing with computers - designing them, programming them, supporting them, networking them and securing them. In addition, he has spent much of the last 20 years managing and coordinating technical projects. He currently operates an IT consulting business. In addition to his bachelor's degree in electrical engineering, Rex was among the earliest to earn GIAC certification in security essentials, and was a longtime member of the public speaking organization Toastmasters International. He is an experienced SANS mentor, and has consistently earned rave reviews from his students. Besides his work with SANS, Rex has taught technical concepts to people of all levels of technical literacy, as well as photography, radio theory to the blind, and guitar. Whether teaching, mentoring or managing projects, Rex most enjoys getting people together to help them achieve a common understanding.
Erich has been involved in starting and running security user groups, and enjoys the challenges that come from such situations, and see's the SANS courses as a great way for people and learn and is committed to helping with that.
Valter Santos is a security analyst at Portugal Telecom. He has 13 years of experience in forensic analysis, incident response, intrusion analysis and penetration testing. Valter likes to attack live malware in the morning, kill it and autopsy it by noon. He holds the GCFA, GCIA, GCIH and GSEC certifications.
Magnus has worked in the IT-industry since 1998. He holds an MSc in Computer Science from KTH, Stockholm. In 2000, Magnus co-founded Secode (http://www.secode.com), a leading provider of Managed Security Services in Northern Europe. At Secode, Magnus was one of the architects of the company's MSS offering. After leaving Secode in 2005, Magnus went on to work for the Swedish Intelligence at FRA. At FRA Magnus performed Penetration Testing, IT Forensics, Data Recovery and Network Security. He has also been responsible for delivering public demonstrations of live penetration testing. His current position is Production Lead within the area of Network Security. Magnus holds several certifications: GSEC, GREM, GCFA, GCIA, GCIH, GPEN and CISSP. Always seeking to expand his knowledge, Magnus is also very excited to help you expand yours.
Matt's experience in the industry started at the bottom rung as a high school student hacking the email server via telnet and spoofing emails. During high school he picked up a job as a computer salesmen doing IT work on the side for neighborhood clients. After high school he went to Pennsylvania Institute of Technology and obtained his associate's degree in computers and communication technology. The coursework revolved around the Cisco CCNA curriculum. After obtaining his associate's he attended Drexel University receiving his bachelor's in information technology. Throughout college Matt was apart of a small consulting company supplying IT work for charter schools in the Philadelphia area. After Drexel Matt accepted a job at Philadelphia Gas Works starting as an entry level security analyst. At the gas company Matt oversees compliance management, network configuration audits, vulnerability scans, network IPS, anti-virus suite and incident handling. Currently at PGW, Matt got his CCNA and CCNA Security certification. Matt recently passed his GSEC certification. In conjunction with day to day security operations at the gas company, Matt also handles incidents for a consulting company in charge of one hundred and fifty plus clients. Matt is excited to become a SANS mentor because he sees it as an opportunity to share his experience in different IT business styles to other security professionals in those same areas.
Michael Smith (CISSP, SANS GCIH), is the President and owner of Shore IT, LLC, and formerly of Linear Network Services, Inc. He is currently a network engineering contractor. Michael's education was at Wentworth Institute of Technology. His work experience began in 1988 with various large corporations, defense contractors, banks, health care systems, and government agencies. He specializes in Cisco and Riverbed Technologies, and concentrated in network security in his past work. Hiscurrent areas of concentration include network design, implementation, and troubleshooting. He continues to seek certifications in the network and network security fields. Michael is very task focused, and attuned to the individual learning and understanding styles of others. He is skilled at tailoring the delivery of information to different personality types according to their need. The father of nine, Mike is a seasoned veteran of mentoring his homeschooled children and is achieving great success in getting the puppy to heel.
Anuj has a passion for incident response, forensics and malware analysis, and he's very excited to meet others who are interested in learning about these areas. He loves sharing what he knows and learning from others, so he's looking forward to the mentoring experience!
Michael Springer has a passion for teaching, learning, and practicing information security. At his core, he is a problem solver who is driven by curiosity built on a foundation of security. His background combines a wide array of IT disciplines including: application development, Linux/Windows administration, and network administration expertise. He holds a masters degree in Information Assurance and Security from Illinois State University, a program that is approved by the National Security Agency. He holds a GPEN certification through SANS and GIAC as a certified penetration tester. He is active in following security trends, news, and research to keep updated on todays emerging security threats. He has developed custom applications, tools, and exploits used in penetration testing and vulnerabilities assessments. He is current a Senior IT Security Consultant at Brown Smith Wallace LLC in St. Louis Missouri. His goal is to share his knowledge and expertise in an open manor to perpetuate information security knowledge. Michael also holds the CEH Certification. LinkedIn Profile: www.linkedin.com/in/michaelspringer1/
Ron has been working in the information security field for the past 15 years. He worked as a consultant for ten years, gaining experience in many areas. For the past five years he has been working as an engineer for Cisco Systems in RTP. His focus is on evaluating the security of Cisco products and working with the development teams to implement high security standards. Ron is a subject matter expert in DISA STIGs and web application penetration testing. He also holds many industry certifications including GPEN, GCIH, GWAPT, RHCE, CCSP, CCNA, CISSP and MCSE.
Nick Thomas has 27 years of experience in the IT field. He has a Master degree in Public Management, and multiple certifications including the Certified Information Systems Security Professional (CISSP), Secruity+, Network+, GIAC Certified Incident Handler (GCIH) and GIAC Security Leadership (GSLC). Three disolved startups covered his first 16 years of employment. The LISP (for "List Processing Language") programming language, the term "artificial intelligence", 300 baud modems, dumb terminals and thin-net were the training ground. After three layoffs, Mr. Thomas obtained a master degree mixing business and computer courses. In the process, volunteering for the CMU Robotics Institute Red Racing Team and Tartan Racing team. They entered computer controlled vehicles in the DARPA Grand Challenge races in 2005 and 2006. Mr. Thomas finds cutting edge technology quite exciting. If you have read this far, he would like to suggest that you, your associates and high school children (yours, your neighbors and church youth group) should view "The Last Lecture", "Really Achieving Your Childhood Dreams" by Randy Pausch. It was presented to the CMU student body September 18, 2007 at Carnegie Mellon University. The lecture can be viewed on line or you can purchase a DVD. Randy Pausch Really Achieving Your Childhood Dreamswasnt about dying. It was about the importance of overcoming obstacles, of enabling the dreams of others, of seizing every moment (because time is all you have...and you may find one day that you have less than you think). http://www.cmu.edu/randyslecture/ http://www.thelastlecture.com/ http://bookstore.web.cmu.edu/GeneralBookDetails.aspx?type=6&BookID=822942 Also: Save the earth. It's the only planet with chocolate Currently Mr. Thomas works for the federal government in Baltimore. Hobbies include sailing, hiking, gardening, antique cars, photography and exercise.
Sterling has worked in the IT Security field since 2006. Working on the Security Operations desk for a nationwide telecommunications project with the FAA, he quickly gained experience in a multitude of technologies which provided him with the foundational knowledge that has served him well in his career since. As a Unix/Linux Systems Administrator for the largest, privately owned wireless telecommunications provider in the U.S., Sterling was involved in a number of PCI compliance driven projects and served on the PCI Compliance team. Currently, Sterling serves as a Security Consultant performing general security audits, penetration testing (network, web application, wireless, and social engineering), specialized training, intrusion investigation, etc. Sterling holds a M.Sc. from Mississippi State University in Information Systems and a Bachelor's degree from Millsaps College in Anthropology/Sociology. He holds a number of industry certifications including GSEC, GCIH, GWAPT, GCUX, RHCE, eCPPT, SCSecA, Security+, and Network+. http://lnkd.in/yhkyEx
Sven has more than 3 years of experience in IT Security and is currently part of the core penetration testing team of PwC Belgium, as well as PwCs Centre of Expertise for web applications. In addition, he was involved in the implementation of IAM Solutions and performed multiple IT audits on process level. He is able to leverage on his experience to better understand the business impact of vulnerabilities.
Sven holds a Masters in Commercial Engineering, and a major in IT Management. After his academic studies, he began his career at the Technology Consulting Department of PwC Belgium. He holds the following certifications: GWAPT, GSEC, ISO27001:2005 Lead Implementer, and TOGAF 9 Foundation.
He is passionate about helping people in increasing their knowledge, and believes that through this mentor program he can share his passion and experience with other people.
Shawna has been doing software for 15+ years, often in the security space, working with and for many large names such as McAfee, Business Objects, SAP, Microsoft, Tripwire and Nike. She's achieved certifications in Pragmatic Marketing, Project Management Professional, is a Certified Scrum Master, a CISSP holder and has worked in all aspects of software creation. She's super excited to help tomorrow's leaders shape our security future.
B.S. The Ohio State University Green Belt Certified CMMI trained Program Manager - Medical Devices Product Security Officer - 6 yrs
Andres Velazquez, President and Digital Investigations Director of MaTTica; the first computer forensics private Lab dedicated to the investigation of cybercrime in Latin America.
He has more than 30 international certifications in the area including: Certified Information Systems Security Professional (CISSP), GIAC Certified Forensics Analyst (GCFA), GIAC Certified Forensics Examiner (GCFE), AccessData Certified Examiner (ACE) and NSA INFOSEC Evaluation Methodology (IEM) by the NSA in the US.
He trains and gives advice to different law enforcement agencies in Latin America including INTERPOL and UN.
Member of the High Technology International Association (HTCIA) , Latin American Fraud and Financial Crimes Investigation Association (ALIFC), Internet Society (Mexico Chapter) and the Latin American Information Security Professionals Association (ALAPSI) where he has part of the board from 2005 to 2007. He also was a member of the Cybercrime Combat Group part of the Federal Police in Mexico and member of the Network Information Center (NIC) Mexico Consulting Committee.
He has done all kind of training in Universities, Law Enforcement Units and Organizations.
Jon Villanti is an IT Security Manager with a Fortune 50 financial services company in Houston, TX. He has 22 years of IT experience; 12 years focused in IT security.
Prior to his current role, Jon has worked as an IT Security consultant, VP of Operations, CIO / VP and CEO. Jons private sector experience is augmented by over 20 years of Air Force experience, ranging from Intelligence Operations, Fighter Pilot, and Cyberspace Operations.
As a SANS mentor Jon enjoys working with students to realize their own Eureka moments, mastering relevant curriculum in support of personal and professional goals.
Jon holds several IT Security certifications including CISSP, GPEN, GCIH and GSEC. His LinkedIn profile is http://www.linkedin.com/pub/jon-villanti/20/a51/282. You can follow @houston_jon on Twitter.
Alan Waggoner has 15 years experience working with computers systems and networks. He has a wide range of experience, including firewall management, VOIP, Novell Netware, Windows Servers, MS SQL, Exchange, Citrix XenApp, virtualization technologies, IP cameras, and policy writing. Over the years he has earned certifications from Novell, Microsoft, Citrix, and GIAC.
Jarred White has more than a decade of security consulting and engineering experience, and has occupied senior consultant and lead engineer roles at recognizable companies such as Dell SecureWorks and The Home Depot Corporation. In his current role with payment security and compliance solution provider ControlScan, White leads the Security Engineering Services team and he also serves as the companys subject matter expert for security engineering and risk-based consulting engagements. He brings considerable experience to ControlScan in the areas of penetration testing, risk analysis, social engineering and security engineering. He has consulted with companies ranked in Fortunes top 50 and top 100 companies, including financial institutions, public entities and not-for-profits. White is also an accomplished public speaker, having created and delivered presentations and engaging discussions on subjects ranging from emerging trends and best practices in information security to social networking and IT risk management. He has delivered global Web presentations on risk analysis and mitigation, and his commentary has been published in a variety of online forums. White is currently a Certified Information Systems Security Professional (CISSP) and a GIAC Web Application Penetration Tester (GWAPT).
Rodger has over 14 years of experience in the computer security arena as an Incident Handler and Forensic Analyst. Rodger began his career as a Signals Intelligence Analyst in the US Army conducting Cyber Threat Intelligence. After serving in the Army, Rodger continued support to the Army as a Defense Contractor with the Army Computer Emergency Response Team (ACERT) working as an Incident Handler. Rodger then moved on to a Senior Incident Handler role leading a team of incident handlers for the Regional Computer Emergency Response Team CONUS (RCERT-CONUS) where he responded to security incident involving computer infections and intrusions. Rodger is currently the Federal lead for the Research and Forensics team within the US Department of Health and Human Services Computer Security Incident Response Center (CSIRC) where he is responsible for leading network, memory and disk based forensics, malware analysis and incident response activities. Rodger holds CISSP, DoD CDFE, GCIH and GCFE certifications with goals of completing the EnCE, GCFA and GREM certifications in the near future. He is also pursuing a Masters of Science in Digital Foreniscs at the University of Central Florida. Rodger is excited to mentor his peers in DFIR and Incident Response while learning from their experiences.
Jeff has over 12 years in Information Technology. He enjoys Infosec and looks for every opportunity to both learn and train others on new techniques as they come to his attention. Jeff holds 9 industry certifications including the giac GCIH and GPEN. In his spare time Jeff enjoy building test networks and spending time with his wife and 2 kids. Jeff looks forward to sharing the exciting world of Incident Handling with each and everyone of you :-)
Security Strategist, Innovator, and Advisor, Joel Yonts is a seasoned security executive with a passion for information security research. He has over 20 years of diverse Information Technology experience with an emphasis in Information Security. Yonts is also an accomplished speaker, writer, and software developer with research interests in the areas of malware analysis and defense, computer forensics, and enterprise security.
Joel currently serves as Chief Scientist of Malicious Streams and as CISO of a Fortune 500 Retailer.
research site: http://www.malicious-streams.com/