Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.
Nik has over 15 years in IT, with the last 6 being more focused on Security. He is currently employed as a Manager, Cyber Security for a Managed Security Services Provider, spending most of his days leading a team responsible for IDS/IPS and SIEM technologies.
His academic credentials include a BSc Computer Science, along with PG Cert (Hons) specialization in VoIP and Wireless Broadband. Current industry certifications such as CISSP, GCIA, GCIH, CCNP Security and R&S, CCMSE +VSX, SFCA, SFCE, SWSE, MCSE, MCITP/EA, BCCPA,IBM Certified Deployment Professional - Security QRadar SIEM V7.1, ITIL, ISO9001 Internal Auditor, etc.
You can also reach out to Nik via his blog at securitynik.blogspot.com or via linkedin at http://ca.linkedin.com/pub/nik-alleyne-cissp-gcia/51/1b8/364/
Laios Barbosa is a Brazilian Army Officer and a senior network and information system security administrator at Brazilian Ministry of Defense. He has a Computer Engineering degree from the Military Institute of Engineering (IME) and a specialization in Information Security. In your career, he is responsible to administer and defend military systems and networks, composed of multiple operation systems, almost linux flavor, several network equipments and defense enterprise solutions (firewall, IPS, IDS), satellite communications, etc. He worked for the United Nations (UN) in Haiti as a peacekeeper and a system and network administrator of Brazilian Battalion. He holds some certifications as CISSP, GSEC, GCED, GCIA, GCIH, GPEN, GWAPT, OSCP (Offensive Security Certified Professional) and OSWP (Offensive Security Wireless Professional). He is a great enthusiast of security challenges and has some rewards as Capture The Flag Victor - Network Penetration Testing and Ethical Hacking - SEC560 - Cyber Defense Initiative 2012, Capture The Flag Victor - Hacker Techniques, Exploits and Incident Handling - SEC504 - SANS Boston 2013, 2nd Place - Netwars Tournament at Cyber Defense Initiative 2012, 3rd Place - Netwars Tournament at Cyber Defense Initiative 2013, Champion of South America Global Cyberlympics 2013 (EC-Council Foundation). It is a great pleasure to be a Mentor and have the opportunity to share knowledge and experience in information security and help to increase the global security awareness.
Joshua Barone has over 10 years of experience as a software developer, with a majority of that time specialized in security design and development. Joshua Barone has a core background in Java, .Net, Python, and security design principles. Joshua specializes in .Net and Java Enterprise technologies, Web Services, Agile Methodologies, Open Source, and Test-Driven Development. He is familiar with a variety of platforms (Windows, Mac OS X, Linux, Unix), databases (PostrgreSQL, MySQL, MSSQL, Oracle), J2EE Application Servers, Software Development Methodologies and Tools. Joshua is also experienced in security vulnerability assessment for platforms and applications. Joshua is a Certified Information System Security Professional (CISSP) and holds GIAC Security Essentials (GSEC) and Certified Incident Handler (GCIH) certifications, as well as a Master's in Computer Science from the University of New Orleans. He is currently a Senior Information Security Engineer for Geocent.
Check out Joshua's Blog: http://caveconfessions.com
Doc Blackburn has over 30 years of experience in system and software design, server and network administration and website programming. His interest in computers started in 1982 when he first started programming in DOS on a Texas Instruments TI-99 4a and continued as a dedicated computer hobbyist until he decided to make information technology a full-time career in 1998.
Doc ran a successful IT consulting, hosting, and design firm for 12 years until he found his passion was in systems security and compliance. His well-rounded experience includes hardware, software, network design, project management, administration, programming, systems security, and compliance frameworks. He has vast experience at various levels of information technology from technical support to security leadership roles.
He has been heavily involved in the technical design and implementation of NIH approved FISMA compliant information systems. His current work has focused on HIPAA, FERPA, PCI DSS, and FISMA compliant systems with an emphasis on IT risk management in enterprise environments.
Doc holds ITIL, CISSP, HCISPP (healthcare, HIPAA), PCI ISA (payment card industry) and GIAC GSEC, GISF, GPEN, GCPM, GCIA and GSLC certifications along with a Bachelor's degree from the University of Arizona. He is currently the IT Compliance Administrator for the University of Colorado Denver | Anschutz Medical Campus.
"In my professional career I have recruited, hired, trained, and mentored many highly technical individuals to excel in their professional development and am excited to continue to do the same as a SANS instructor. I have a blog at http://docblackburn.blogspot.com explaining cyber-security to non-technical users in language and terms they can understand."
Greg Blake is the Founder and Principal Consultant of Fusion Information Security a company that specializes in information security vulnerability assessments and penetration testing. He has almost 20 years of experience in IT within education, insurance, and defense. Over the course of his career he has responded to multiple security incidents, helped his employers secure and defend their infrastructures, conducted forensic investigations, and provided expertise regarding PCI compliance. He holds a Masters of Business Administration and a B.A. in Information Technology Management. In his career Greg has held multiple certifications including MCNE, CNA, MCP, PCI-ISA, and SANS GCIH and GCFA. Greg currently holds CISSP, GPEN, and is a certified PCI Professional. Greg is a member of the Minnesota chapter of HTCIA and Infragard. Additionally, he teaches the ISC2 Safe and Secure Online program to school age children and their parents within his community.
Over the course of Serge's 10+ years as a security professional he has had the opportunity to work for various organizations and clients on all sorts of initiatives, ranging from implementing transparent biometric user authentication in online banking applications to dumpster diving and penetration testing. Serge earned his Bachelor's of Science degree in Electronic Business Management and a Master's of Science degree in Computer Systems Security prior to earning the CISSP and three SANS certifications: GPEN, GCFA and GWAPT. Prior to his current role, Serge was responsible for application security, fraud prevention, audit compliance, vulnerability assessing, security awareness and the like in an electronic banking environment encompassing hundreds of servers, thousands of websites and over one million unique end users.
Dan Bougere has over 15 years of experience in the information technology field. Currently, he is the Director of Incident Response Services for Soteria, LLC. His prior experience includes being a Global Network Exploitation and Vulnerability Analyst at the NSA and an Intrusion Detection Analyst on contract to the High Performance Computer Modernization Office's DREN/SDREN network. Dan holds a B.S. in Software Engineering Technology from the University of Southern Mississippi, an M.S. in Information Assurance from Capitol College, and an M.S. in Technology Studies from Eastern Michigan University. He also holds the CISSP, GCIH, GCIA, GSEC, GXPN, GNFA and multiple other industry certifications. Dan enjoys being a geek, and loves spending time with fellow like-minded individuals. He has done various informal and formalized training sessions, and takes pride in making sure that he keeps his students/attendees interested and involved in the subject matter. There are aspects of computer security that can be exciting for anyone, and he makes sure that carries over to his training.
Justin Bumpus is the Manager of Information Security for one of the worlds largest private 3rd party logistics companies. Prior to his role as manager Justin worked in Network and Security consulting and assisted with risk assurance and compliance auditing. As part of his daily responsibilities Justin runs the information security program for his company, works with legal and executives to ensure contract compliance both with customers and with company vendors. Justin is also responsible for creating the information security road map and continued improvement to the overall security of the company. Justin holds several industry certifications; Microsoft Certified Systems Administrator: Messaging Administrator (MCSA), Microsoft Certified Information Technology Professional: Enterprise Administrator (MCITP), Security+, Certified Ethical Hacker (C|EH), Certified Penetration Tester (CPT), Certified Information Systems Security Professional (CISSP), and GIAC Security Essentials (GSEC). He is excited to share is personal experiences while teaching others the skills and knowledge required to be successful in information security.
As a CISSP, Robert Caruso designed the PKI client authentication portal for the Defense Logistics Agency training site to enable two-factor authentication of 22,000+ personnel located in 24 time zones using unbreakable cryptography. He has mentored high school students in the U.S. Cyber patriot competition and worked with the Boy Scouts of America to develop a new technology merit badge, Programming. Robert has also taught mainframe Cobol programmers to write web applications in J2EE where one student noted, "I had tried to learn Java programming several times, but this was the first time it made sense." An avid inventor and tinkerer, he holds a patent for a fitness entertainment hardware/software device and has developed applications for every platform from mobile apps to cloud servers. Currently, Robert is the Information Security Architect on the Strategy, Policy, and Planning team at Battelle Memorial Institute in Columbus, Ohio, where he researches current and emerging cyber threats to the enterprise. At Battelle, Robert co-authored a paper on Cyber Risk Managanament for Medical Device Design which was published in the AAMI journal in 2014. A graduate of The Ohio State University, College of Engineering in Computer Science, he also holds certifications in CISSP, GMOB, Sun Java, C++/MFC, FISMA/NIST NSTISSI-4011, CNSSI-4012, ISO-27002, and ITIL Fv3. Robert is active in the local security community in the Central Ohio Infragard, is an officer of the ISC2 chapter in Columbus, Ohio, and is on the GIAC/SANS Advisory Board.
Michael A. Curtis (Mike) has over 20 years of experience in the security field and has held several key leadership positions at Rollins, Virtual IT Experts, this.com and BellSouth.net. Additionally, Mike is active in the security community having served as a past member of the Symantec Customer Advisory Board, and is an officer in the Atlanta (ISC)2 Chapter. Mike holds a BSEE, cum laude, from Northeastern University, an MBA from Bentley College and a CISSP.
Troy Davidson is an experienced business leader and technology strategist with over 17 years of leadership experience gained at various organizations within Calgary and across Western Canada. Troy is deeply knowledgeable in the business technology disciplines of strategy and planning, organizational governance and service delivery. His focus and areas of expertise are IT Security, Mobility and Cloud Computing. He began his career with the Calgary Police Service where he spent 13 years in various leadership roles in Networking, Security, Enterprise Architecture and he finished as Acting Director of IT Strategy. He had the opportunity to work closely with many other policing agencies at the municipal and federal levels in Canada and the US. Troy Davidson is currently the Lead of Mobile Computing, Technical Security and Telecommunications for Cenovus Energy. He is involved in many transformational initiatives with security and mobility with the goal of implementing new technologies to enhance business processes, mitigating risks and enabling employees to work from anywhere, anytime and with any device, in a secure manner. Troy regularly speaks at industry events and enjoys sharing ideas with his peers in the Oil and Gas industry to drive innovation and collaboration around common challenges and opportunities in the local IT and business community. Troy is excited to be participating as a SANS instructor and to help prepare future security practitioners and leaders. His real life experiences will help others to realize the risks of current threats that leaders and security professionals face today.
Duncan is a Network Security Engineer with Altep, Inc. He has over 15 years of experience with Network Design, Network Security and Architecture with an emphasis in Network/Information Security the last 10. Duncan currently holds the CISSP, CEH, GCIH, GWAPT, and GPEN security certifications as well as being a member of the SANS/GIAC advisory board. He is currently working on completing a GCIA and GSE in the near future. He has also competed in various CTF events having two NetWars victories during his two NetWars attempts, as well as being on the winning team for the SEC504 and SEC560 capture the flag exercises.
Duncan uses the skills acquired during his daily work, as well as providing security consulting and advice to various community groups to better prepare them for the world they compute in. He loves to share his knowledge and experience with the InfoSec community and finds that taking the time to really talk to and listen to other members of the InfoSec community you can learn and get ideas form everyone, especially those people that could be your students.
You may reach out to Duncan via his Linked-In profile: www.linkedin.com/pub/duncan-del-toro-cissp/23/374/a34/
Jason has been practicing in the technology industry for 10 years. Security has always been a major focus, and his sole focus for 4 years.
Jason has an ardent interest for following trends and identifying new technologies and relevant applications. His devotion to continuous learning and research keeps him ahead of the curve. He currently holds GSLC and GSEC certifications.
Currently employed as a Technology Security and Compliance Manager, he has working knowledge of various security related technologies and vendors. Such technologies include Rapid 7 Nexpose and Metasploit, Logrhythm SIEM, and Palo Alto Networks Next Gen Firewalls. Working specifically in the realms PCI-DSS Compliance, and SOX Compliance, Jason has experience with leading, deploying, and evaluating compliance programs.
Recently, Jason obtained his first SANS Challenge Coin (RMO) during his SEC504 training by being a member of the SEC504 Capture the Flag winning team at SANS Chicago 2013.
Jason has a great ability to communicate technical concepts in a non-technical manner, and welcomes the opportunity to share his knowledge and experience.
Coming from a long background of designing, implementing and supporting enterprise IT systems, Mel Drews found himself working in information security rather by accident 10 years ago and found a passion there. His security-focused experience includes security curriculum development, penetration testing, vulnerability and risk assessment, program development, audit, and miscellaneous consulting for U.S. and international entities, primarily in government, financial services and energy sectors. Mr. Drews currently works with a global financial services firm with responsibility for software security. He holds the GCFE, CISSP, CISA and Project+ certifications.
Montez has worked in the industry since 2004. However, Montez has a passion for technology that reaches much farther back than that. A personal philosophy of "never leave an interesting problem or question to wonderment." Montez currently works as a Senior Information Security Engineer and a Senior Security Consultant, with experience that spans the gamut of information security domains, He has mastery of both soft and hard technical skills.
Chris Fortune is a 20 year veteran in IT. His experience began on a helpdesk as a co-op student and quickly escalated into increasingly challenging roles in network engineering, system engineering and telecom. Security has always been a part of Chris' work in these other disciplines as well as direct responsibility in security such as managing firewalls, IDS/IPS, AV, VPN, remote access, log management and forensics.
Chris has a Bachelor of Science in Computer Engineering from the University of Evansville and is working on a graduate certificate in Penetration Testing & Ethical Hacking from SANS Technology Institute. He currently holds the GCIA(GIAC Certified Intrusion Analyst), GCIH(GIAC Certified Incident Handler) and CeH(Certified Ethical Hacker) certifications and previously held certifications such as GCFA(GIAC Certified Forensic Analyst), CCNP(Cisco Certified Network Professional), CCDP(Cisco Certified Design Professional), and CISA(Certified Information Security Auditor). Chris is excited to mentor this course so he can give back to the security community as well as experience the material at a deeper level.
Jarrod started on computers in elementary school on a TRS-80, and moved through the years to the Apple II, the Macintosh, and eventually the PC. After working for a couple of years as the unofficial "computer guy" in his department, he transitioned into a full-time IT role in the mid-1990s, eventually working on projects involving wireless networking and PKI cryptography. Since then has held a strong interest in the cat-and-mouse games between attacker and defender. He's worked in a variety of industries, including medical manufacturing, financial, energy, and local government, learning that while every environment is different, no environment is truly unique. For the last few years, he's been involved in security operations at an ACS, Inc., contract at the County of Orange, overseeing a wireless networking deployment and taking a strong role in re-engineering the County's security infrastructure, among many other projects. He holds a GAWN and GCIH, and has no plans to stop with those.
Jon has worked in Information Technology for over 10 years, and has focused on Information Security for the last 7 years. He is passionate about security, and loves trying to ignite that passion in other people. Jon was a Warrant Officer in the Army Reserve, where he served for over 11 years. He currently maintains the GCIH, CISSP,MCSE: Security and Security+.
Allen Hadder has been in the IT field for over 20 years. Most of his 20 years of experience has been as a consultant for small to enterprise businesses in the financial, retail, and education industries.
Allen currently holds the GIAC GSEC and GCIH certification. In past years he has also earned his MCSE, Cisco CNA, Citrix CEA, and VMware VCP.
He also has a passion for teaching and educating people about information security.
Matthew J. Harmon has over 20 years of experience in incident analysis and response, secure architecture development, security auditing, penetration testing, tactical risk assessments, international standards development.
Mr. Harmon presents frequently for groups such as the Cyber Security Summit, Saint Paul College ACM Cyber Security Workshop, Metropolitan State University's Masters in Computer Forensics Capstone, and (ISC)2 Twin Cities MN on topics such as Cyber War, DDoS Survival, Java Exploits Offense and Defense, Incident Handling and Hacking Techniques, and Evidence Based Risk Assessments. He has also served on various security organization and conference advisory boards, organized the Security B-Sides MSP 2014 Conference and the Security B- Sides MSP Crypto Party and Hacker Showcase at the 2014 Cyber Security Summit.
David Hazar has been involved in information security since he began his career in 2000. In 2007, he took over the infrastructure and security teams for a business process-outsourcing firm in Utah to help them meet their own compliance requirements and contractual obligations and also those of their customers. This is where he began dedicating his time to security and has not looked back. David has worked in a wide variety of industries including government, healthcare, technology, banking, retail, and transportation. Over the last few years he has been focused on cloud security architecture, application security, and security training while working for the cloud services divisions within Aetna and Oracle. David also moonlights as an application security consultant-providing web and mobile application penetration testing.
David holds a master's degree from Brigham Young University and the following certifications: CISSP, GCIH, GWAPT, GMOB, GCIA, GCUX, Certified FAIR Risk Analyst, ITIL v3 Foundation and the Microsoft Certified Database Administrator - MCDBA
Being a SANS instructor is a great fit for David as he has provided focused, hands-on security and security tools training for over 300 developers and QA engineers over the past few years both in his current role at Oracle and in his previous role at Aetna. David says the favorite part of his job is helping people understand issues and the risk they present to the organization so they can make thoughtful and informed risk-based decisions.
In addition to working and teaching, David is currently working with Frank Kim on a Cloud Application Security course for SANS.
In David's free time, he enjoys reading; his favorite author is Brandon Sanderson. The rest of his free time is spent hanging out with his wife and four kids.
With a degree in Electrical Engineering from Purdue University, John began his professional career in 2008 in the Engineering Leadership Development Program at BAE Systems. While working as an engineer, John pursued a graduate education from SUNY Binghamton, finishing in 2013 with a Masters degree in Computer Engineering specializing in Network Security and Information Assurance.
Since earning his master's degree, John works as a Cyber Security Analyst on the Advanced Threat Defense team at GlaxoSmithKline. His responsibilities include defending against targeted attacks, performing incident response, forensics, and malware reverse-engineering. Recently, he attended the SANS FOR610 Reverse-Engineering Malware and SEC560 Network Penetration Testing & Ethical Hacking courses, and earned the corresponding GREM and GPEN certifications. Additionally, John authored a paper published by IEEE on Android and iOS application security, which he presented at the 2014 IEEE Consumer & Networking Conference.
John is a regular attendee of BlackHat and DEFCON, and in his free time studies malware samples, runs a honeypot network, and enjoys slowly turning his home into a data center. He is passionate about information security, loves learning, and is enthusiastic about helping others succeed in their studies. John maintains a web presence with his blog at 909research.com and on twitter @jhub908, where he writes on malware, spam, threat analysis, and his growing virtualization lab.
Nick is the Director of Klein & Co. Computer Forensics, the leading independent computer forensic team from Sydney, Australia. He has over fifteen years of IT experience, specialising in forensic technology investigations and presenting expert evidence in legal and other proceedings. Nick and his team have been engaged as experts in hundreds of cases including commercial litigation and electronic discovery, criminal prosecution and defence, financial fraud, corruption, employee misconduct, theft of intellectual property, computer hacking and system intrusion.
He was previously a senior director in Deloitte Forensic and a team leader in the High Tech Crime Team of the Australian Federal Police, where he worked on international police investigations and intelligence operations including counter terrorism, online child abuse, computer hacking, and traditional crimes facilitated by new technologies.
Nick has presented expert evidence in civil and criminal matters in Australia and overseas, including providing expert testimony in the Bali bombing trials in Indonesia in 2003. He has appeared before Australian State and Commonwealth Parliamentary Committees and participated in Government working groups on cybercrime issues including the Fraud Taskforce of the Australian Banking Association and the Critical Infrastructure Protection forum of the Australian Commonwealth Government. Nick is a regularly presenter at industry forums and a guest lecturer at several institutions including the School of Law at the University of New South Wales and the Centre for Transnational Crime Prevention, Faculty of Law at the University of Wollongong.
Listen to Nick discuss methods to reconstruct anti-forensics in a critical case all DFIR professionals should listen to.
Sundar is SANS-GISF and GSEC certified and a senior software development leader with IMS Appature in Seattle. He earned the title of "Professor Sundar" from his previous team at Microsoft for teaching skills and has trained multiple teams on different aspects of software development. To make you think about information security the same way you think about physical security for yourself and your family is the holy grail. He is @sundarnut on Twitter for the latest #infosec topics, trends and incidents. Sundar aims to be a mentor so he can inculcate security as a fundamental technical trait and make it the best lecture you've ever taken!
Josh has more than 10 years of experience in the cyber security industry and has worked with Government Agencies, Law Enforcement Agencies, and the Commercial sector. Josh initially started in the cyber security industry as a penetration tester and moved into incident response and forensics. Josh is currently a Principal Consultant and Team Lead within the Cyber division of BAE Systems in Australia. Josh was the lead responder for the largest incident response carried out for an Australian Government Agency. Josh has a varied background in the cyber security industry ranging from; Project Management, Lead Incident Responder, Forensics Analysis, Penetrating Testing, Secure Network Design, and Software Development. He currently holds a GCHI, GPEN and CCNA certification and also guest lectures on Digital Forensics at Universities in Sydney, Australia.
Matthew is currently the
manager of Infrastructure Vulnerability Identification at a Fortune 100 financial services institution. In his role, his team is responsible for rating and scanning for vulnerabilities. In previous roles, Mr. Martin has been responsible for building and running a security metrics program, leading a standards and policy redesign, served as a liaison to internal audit, and was a data in motion and data in use subject matter expert.
Matthew has an MS in International Economics from Valparaiso University and attended MBA school at UNC-Charlotte; as well as completed a certificate course at Harvard University in Leadership Communications. He currently holds the GSLC certification. Find Matthew on LinkedIn at www.linkedin.com/in/mattmartin and follow him on Twitter @MattMartinGFT and also at www.betterinfosec.com
David Mashburn is currently the IT Security Manager for a global non-profit organization in the Washington, D.C. area. He also has experience working as an IT security professional for several civilian Federal agencies, and over 15 years of experience in IT. He holds a Masters Degree in Computer Science from John Hopkins University, and earned a B.S. from the University of Maryland at College Park. David holds multiple security-related certifications, including CISSP, GPEN, GCIH, GCIA, and CEH. He is also a member of the SANS / GIAC advisory board, and teaches courses in the Cybersecurity curriculum at the University of Maryland - University College.
As a senior member of the Coalfire Labs Penetration Testing Team, Price works with clients across all verticals to identify and remediate vulnerabilities in their business-critical applications and networks. His areas of expertise include information and physical security, penetration testing, digital forensics and reverse engineering. His experience includes extensive work with both public and private networks specifically network and security architecture, SIEM, forensics, malware analysis, reverse engineering, incident response and penetration testing. Price currently holds several certifications such as GSEC, GWAPT, GPEN, GXPN and GREM.
Timothy McKenzie has almost 20 years of IT and Information Security experience working in financial, government, defense contractor, and service related markets. Timothy has been trained in malware research and exploit development, expert penetration, and forensics work. Timothy works for Dell SecureWorks as a red team penetration tester, focused primarily on network and web-based attacks. Timothy loves sharing the vast knowledge he has acquired to give back to the Information Security community.
Patrick Neise is currently the Director, Information Security for an integrated risk management provider in Annapolis, MD. Recently retired from the U.S. Navy, Patrick brings 20 years of operational experience in submarines and information warfare to the information security community. He holds a Masters Degree in Information Technology Management from Webster University, a B.S for the the University of Texas at Austin in Electrical Engineering and is currently pursuing a M.S. in Information Security Engineering from the SANS Technical Institute. Patrick holds multiple certifications including CISSP, CAP, GPEN, GCIH, GCIA, GCED, GPPW, GSLC, GSEC, GCCC, C|EH, and PMP. He is also a member of the SANS/GIAC and GPWN advisory boards.
Marcel Niefindt currently works as a senior consultant for Deloitte & Touche Germany. In addition to his daily business he teaches the module Secure System Lifecycle Management with the focus on Web-Application Security at the University of Applied Sciences Brandenburg in the master course Security Management. He started his career as IT-Security Administrator. Furthermore, he worked as Information Security Officer in the automotive supply industry. He holds a Bachelors degree in Computer Science and a Masters degree in Security Management (specialization: IT-Forensics) and the GWAPT certification.
In his spare time, Patrick enjoys amateur radio (he holds an amateur extra class license), electronics, bowling, sailing, and photography. He is also a Debian Developer with the Debian Project.
Patrick earned a B.S. degree in Physics from the University of Toledo, and has pursued graduate studies in Astronomy and Theology.
Patrick is excited to be mentoring for SANS because mentoring provides an opportunity develop a one on one relationship with the students as they learn the material and how it applies to their environment.
John is passionate about security. He holds the CISSP, GWAPT, GSLC and GCIH certifications and is managing director for security services at Caliber Security Partners, a firm dedicated to helping clients achieve higher levels of security. Prior to joining Caliber, he was Director of Security and Compliance for Healthagen, Aetna's emerging businesses division. From 1999 to 2006, he led application security for multiple teams in Microsoft's product groups. John has 19 years of experience in information technology and software, and 15 years of experience in IT security. His security and compliance back-ground is in healthcare and secure development. John is married and enjoys time spent with his lovely wife and their six children.
Lisa Peterson CISA, CRISC, CISSP has worked in Information Security for 20 years, and is a Security Analyst for Progressive Insurance. Her current focus is in governance, risk and compliance. She is a part-time instructor at Cleveland State University and also speaks on security topics. She serves on the board for the Information Security Summit, the Northeast Ohio chapter of ISACA, and the Northeast Ohio chapter of CSA.
Jonathan has seven years of experience in network analysis and over 15 years behind the keyboard. His experience ranges from the home lab to multi-gigabit government production environments. Recently, Jonathan decided to spread his wings and attain his GCIA certification and become a member of the SANS/GIAC Advisory Board. Jonathan's goal is to become GSE certified. In his most recent years, Jonathan has been employed as a network defense instructor for the Canadian Armed Forces and has had the privilege of training the next generation of talented individuals to conduct defensive cyber operations for the Canadian military. Jonathan is a fan of social media, and you can tweet him at @JonPulsifer or contact him through his website https://pulsifer.ca
As the Judiciary IT Security Officer for the Supreme Court of New Mexico, Wesley Reynolds is responsible for setting the stage for secure information technology for state-wide judicial entities. With a B.S. in Network Design and Management, Wesley has spent nearly 20 years with various State of New Mexico government organizations, including Children, Youth and Families, Gaming Control Board and Taxation and Revenue. Prior to specializing in Security Management, Wesley started his career doing desktop support, progressing to network and systems administration and finally complete infrastructure management.
Jonathon Ross took his first IT job on a help desk 23 years ago and has since worked as a systems administrator, netowrk engineer, and most recently as a systems engineer. Jon's journey into information security was initially a trial by fire when he suffered DDoS attacks in 1996 and later received a deeper understanding of BSD Unix from an attacker who repeatedly breached his systems. Jon has spent the last 15 years working for networking equipment vendors focusing on security products helping private companies and government agencies deploy controls, analyze security intelligence, and recover from attacks. He holds a B.S. in Computer Science, M.S. in Information Assurance as well as CISSP and GPEN certifications.
Erich has been involved in starting and running security user groups, and enjoys the challenges that come from such situations, and see's the SANS courses as a great way for people and learn and is committed to helping with that.
Felix has more than 20 years of experience in IT and IT security. He held positions as IT systems engineer and IT advisory manager at a big four company. He has experience in IS management, IS auditing, IS consulting, attack & penetration testing, and IT forensics. He holds a BSc (hons) in science of computing (University of Derby) and a MBA (Open University). His certifications include among others CISA, CISM, CISSP, GCUX, GCIH, GPEN and EnCE. He was a key contributor to the OSSTMM.
He enjoys sharing his knowledge and learning from peers. He is looking forward to active discussions in class.
Greg Scheidel has over 20 years of hands-on experience in IT including desktop and server support, network design and implementation, application development and programming, IT service management, IT security, and information assurance. He currently leads the security branch of a large program responsible for providing security engineering, Assessment and Authorization (A&A) support and assessment activities, and general information assurance and security advice and recommendations. Greg excels at communicating with technical and non-technical stakeholders, firmly believes IT and security must serve business needs rather than exist for their own sake, and is passionate about teaching others while reinforcing and honing his own knowledge.
Selvan has been in IT for over 23 years, specializing in Unix/Linux Systems Administration. He has previously worked at the IBM and the US Air Force (focusing on parallel processing and Distributed Security and File Systems). As an IT Manager at Progressive Insurance, he has led teams from IT Operations to Enterprise Architecture. His current focus is IT Security Engineering and Architecture. He is also a Adjunct Professor at Cleveland State University teaching Java and Unix/Linux Systems Programming. His current efforts include an active proposal with the CIS Department to establish a DOH (Department of Homeland Security) accredited Information Security track at CSU.
Jonathan Squire is a founding member of the Information Security Group of a well known publishing and media company. Jonathans expertise covers a wide range of skills including security architecture, incident response, hacker attack and defense techniques, reverse engineering, and extreme curiosity in how everything works. While working at his day job, Jonathan is credited with accomplishments that include developing an Information Security model for the enterprise, architecting a secure, centralized credit card processing solution, and guiding the design of the security infrastructure deployed throughout many customer facing properties. Mr. Squire is also responsible for providing direction in governance and industry best practices. Jonathan regularly scopes and leads penetration testing and security assessment initiatives, as well as providing guidance for corrective actions and performing debriefings across all levels of the organization. In his spare time, Jonathan is known to enjoy disassembling any piece of technology that cost more than $20 just to find out what else it can do. This propensity for abusing technology is easily witnessed by viewing the buckets of broken parts strewn throughout his basement as well as the creations that rise from the rubble. Jonathan has presented on many of these creations and the flaws that allowed the security to be bypassed on these systems at conferences including BlackHat and Hack in the Box. Jonathan is very passionate about information security and always strives to challenge the status quo and to improve everything he can. Jonathan shares that passion with his student in his teaching style and his genuine willingness to share and engage students in all topics related to information security.
Jon Sternstein has years of experience in the security industry and has been a lead contributor to securing a wide variety of environments from the education to financial and healthcare. Jon is the co-chair of the Technology Resources Workgroup at the North Carolina Healthcare Information and Communications Alliance (NCHICA). Jon has worked on both the offensive and defensive sides of the security industry. He graduated with a B.A. in Computer Science, minor in Business Studies, and holds GPEN, CISSP, CCNA, Certified Ethical Hacker (CEH), and many other security certifications. He has presented at DerbyCon and Raleigh Security B-Sides conferences and is one of the organizers of the Raleigh B-Sides conference.
Jon has a strong passion for security and experimenting with new technology. He has always been a supporter of teaching and knowledge sharing. Outside of security, Jon enjoys traveling the world, great music, and playing guitar.
Yee Ching is currently taking a Masters in Information Security from Royal Holloway, University of London and is passionate about Information Security. He is currently an Information Security consultant in the Professional Security Services department of e-Cop and has had several engagements including and not limited to pentesting various systems, SCADA systems and mobile applications, risk assessments, vulnerability assessments, digital forensics and incident response for several private and governmental clients.
Yee Ching is also an Adjunct Lecturer in Singapore Polytechnic where he teaches information security related modules for both the Diploma in Information Security Management and the Specialist Diploma in Cyber Security Management in Singapore Polytechnic.
Brian has 20+ years in Information Technology, ranging from systems administration to project management and information security. He is an Information Security Architect at the City of Portland. Brian obtained the CISSP certification earlier this year and has previously been certified with Linux and Solaris. Brian has always been eager to promote others learning and sharing solutions with the community.
Jeff has over 20 years in Information Technology. He enjoys InfoSec and looks for every opportunity to both learn and train others on new techniques as they come to his attention. Jeff holds 9 industry certifications including the giac GCIH, GPEN, and GWAPT. In his spare time Jeff enjoys building test networks and spending time with his wife and 2 kids. Jeff looks forward to sharing the exciting world of Incident Handling with each and everyone of you :-)