- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Las Vegas, NV - September 28 - October 6, 2008
- Event Location & Info
- Faculty
- Vendor Expo
- General Info
I have no idea how I was doing my job without this information.
-Jonathon Turner, Paycom Payroll
- Paul Asadoorian
- Tanya Baccam
- Chris Brenton
- Eric Cole, PhD
- Jason Fossen
- Jeff Frisk
- Bryce Galbraith
- Jonathan Ham
- Kevin Johnson
- Fred Kerby
- Rob Lee
- Matthew Luallen
- Seth Misenar
- John Myers
- Stephen Northcutt
- Hal Pomeranz
- Mike Poor
- Richard Salgado
- Rohit Sethi
- Dave Shackleford
- Stephen Sims
- Ed Skoudis
- John Strand
- James Tarala
- Johannes Ullrich, PhD
- Steve Whalen
- Benjamin Wright
- Lenny Zeltser
Faculty for SANS Network Security 2008
Paul Asadoorian
Paul has over 5 years experience working in the information security field. His work experience covers both major corporations and academic institutions. He currently holds two SANS GIAC certifications in intrusion detection (GCIA, GIAC Certified Intrusion Analyst) and incident response (GCIH, GIAC Certified Incident Handler). Paul also sits on the GIAC advisory board, has spent one year as a GCIA authorized grader, and continues to stay involved in the SANS Institute, contributing monthly to the SANS Advisor Newsletter. His research can be found in the book Network Intrusion Detection, 3rd edition, the SANS Reading Room web site, and SecurityFocus. Paul has presented for numerous organizations and conferences, including MIT Security Camp, and ISACA (Information Systems Audit and Control Association). Paul graduated from Bryant College with a bachelor of science in Computer Information Systems and currently works full-time for a large University, owns and operates his own security consulting business and maintains a security blog/podcast (http://pauldotcom.com).- Paul will be teaching:
- SEC 553 Up and Running with the Metasploit Framework
Tanya Baccam
Tanya is a SANS senior instructor as well as a SANS courseware author. She provides many security consulting services for clients, such as system audits, vulnerability and risk assessments, database audits, and Web application audits. Tanya has previously worked as the director of assurance services for a security services consulting firm and the manager of infrastructure security for a healthcare organization. She also served as a manager at Deloitte & Touche in the Security Services practice. Throughout her career she's consulted with many clients about their security architecture, including areas such as perimeter security, network infrastructure design, system audits, Web server security, and database security. She has played an integral role in developing multiple business applications and currently holds the CPA, GCFW, GCIH, CISSP, CISM, CISA, CCNA, and Oracle DBA certifications.- Tanya will be teaching:
- SEC 509.1 Securing Oracle Foundations
- SEC 509.2 Securing Oracle's Authentication Process
- SEC 509.3 Oracle Access Controls — Configuration
- SEC 509.4 Auditing Oracle
- SEC 509.5 Networking, Encryption, and Developer Tools
- SEC 509.6 Development and Securing Applications
Chris Brenton
Chris Brenton is a private consultant with over ten years of experience in the field. He is one of the founding members of the initial Honeynet Project and one of the original Internet Storm Center handlers, and he started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Protection In-Depth course. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.- Chris will be teaching:
- SEC 502.1 TCP/IP for Firewalls
- SEC 502.2 Firewalls, NIDS, and NIPS
- SEC 502.3 Wire Products and Assessment
- SEC 502.4 Host Level Security
- SEC 502.5 Securing the Wire
- SEC 502.6 Perimeter Wrap Up
Eric Cole, PhD
Dr. Eric Cole is an industry-recognized security expert with over 15 years of hands-on experience. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a master's degree in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author.- Eric will be teaching:
- SEC 540.1 Building a VoIP Infrastructure, VoIP Protocols Identification and Analysis, and VoIP Infrastructure Attacks
- SEC 540.2 VoIP Signaling and Media Attacks, and VoIP Countermeasures
- SEC 501.1 Defensive Network Infrastructure
- SEC 501.2 Data Loss Prevention
- SEC 501.3 IP Packet Analysis
- SEC 501.4 Vulnerability Analysis and Pen Testing
- SEC 501.5 Incident Response and Analysis
Jason Fossen
Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute's week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He graduated from the University of Virginia, received his master's degree from the University of Texas at Austin, and holds a number of professional certifications. He currently lives in Dallas, Texas.- Jason will be teaching:
- SEC 505.1 Securing Active Directory and DNS
- SEC 505.2 Security Through Group Policy
- SEC 505.3 Windows PKI, EFS and BitLocker
- SEC 505.4 Windows IPSec, RADIUS, Wireless, and VPNs
- SEC 505.5 Securing Internet Information Server
- SEC 505.6 Windows PowerShell
Jeff Frisk
Jeff holds the PMP and GSEC credentials and currently serves as the director of the GIAC program. He has worked on many projects for SANS and GIAC, including courseware, certification, and exam development. Jeff has an engineering degree from The Rochester Institute of Technology and more than 15 years of IT project management experience with computer systems, high-tech consumer products, and business development initiatives. Jeff has held various positions, including managing operations, product development, electronic systems / computer engineering. He has many years of international and high-tech business experience working with both big and small companies to develop computer hardware and software products and services.- Jeff will be teaching:
- MGT 525.1 Project Management Structure and Framework
- MGT 525.2 Project Charter and Scope Management
- MGT 525.3 Time and Cost Management
- MGT 525.4 Communications and Human Resources
- MGT 525.5 Quality and Risk Management
- MGT 525.6 Procurement and Project Integration
Bryce Galbraith
Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem. As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies as well as being a senior member of Foundstone's world-renowned attack and penetration team. Bryce also served as senior instructor and co-author of Foundstone's "Ultimate Hacking: Hands-On" series. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce currently teaches Security 504: Hacker Techniques, Exploits and Incident Handling, Security 560: Network Penetration Testing and Ethical Hacking, Security 517: Cutting-Edge Hacking Techniques, Security 550: Advanced Information Recon, Security 401: SANS Security Essentials Bootcamp Style, and Security 561: Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells for the SANS Institute. Bryce is an active member of several security-related professional organizations, he speaks at a variety of conferences, and he holds a number of certifications: CISSP, GCIH, GSEC, CEH, CHFI, Security+, and CCNA. Bryce is currently the lead consultant and co-founder of Layered Security.
- Bryce will be teaching:
- MGT 504.1 Incident Handling Step-by-Step and Computer Crime Investigation
- MGT 504.2 Computer and Network Hacker Exploits - Part 1
- MGT 504.3 Computer and Network Hacker Exploits - Part 2
- MGT 504.4 Computer and Network Hacker Exploits - Part 3
- MGT 504.5 Computer and Network Hacker Exploits - Part 4
- MGT 504.6 Hacker Tools Workshop
Jonathan Ham
Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He's been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.- Jonathan will be teaching:
- MGT 414.1 Overview and Access Control Systems & Methodology
- MGT 414.2 Telecommunications, Network & Internet Security and Security Management Practices
- MGT 414.3 Applications & Systems Development and Cryptography
- MGT 414.4 Security Architecture & Models and Operations Security
- MGT 414.5 Business Continuity Planning and Law, Investigations & Ethics
- MGT 414.6 Physical Security
- SEC 556 Comprehensive Packet Analysis
Kevin Johnson
Kevin Johnson is a senior security analyst with InGuardians, LLC. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin founded and leads the development on the Basic Analysis and Security Engine (BASE) project, the most popular Web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking. He has presented to many organizations, including Infragard, ISACA, ISSA, and the University of Florida.- Kevin will be teaching:
- SEC 542.1 Web App Penetration Testing and Ethical Hacking: The Attacker's View of the Web
- SEC 542.2 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 1
- SEC 542.3 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 2
- SEC 542.4 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 3
- DEV 422.1 Web Application Security Essentials
- DEV 422.2 Web Application Security Essentials
- DEV 422.3 Web Application Security Essentials
- DEV 522 Defending Web Applications
- DEV 538 Web Application Penetration Testing Fundamentals
- DEV 538 Web Application Pen Testing Hands-On Immersion
Fred Kerby
Fred is an engineer, manager, and security practitioner whose experience spans several generations of networking. He is the information assurance manager at the Naval Surface Warfare Center, Dahlgren Division and has vast experience with the political side of security incident handling. His team is one of the recipients of the SANS Security Technology Leadership Award as well as the Government Technology Leadership Award. Fred received the Navy Meritorious Civilian Service Award in recognition of his technical and management leadership in computer and network security. A frequent speaker at SANS, Fred’s presentations reflect his opinions and are not the opinions of the Department of the Navy.- Fred will be teaching:
- SEC 301.1 A Framework for Information Security
- SEC 301.2 Securing the Infrastructure
- SEC 301.3 Cryptography and Security in the Enterprise
- SEC 301.4 Information Security Policy
- SEC 301.5 Defense In-Depth: Lessons Learned
Rob Lee
Rob Lee is a director for MANDIANT (www.mandiant.com), a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. government. Rob is also the curriculum lead for digital forensic training at the SANS Institute (forensics.sans.org). Rob has more than 13 years' experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob also coauthored the bestselling book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. Finally, Rob was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast 2009 Awards.- Rob will be teaching:
- SEC 508.1 Forensic and Investigative Essentials
- SEC 508.2 Forensic Methodology Illustrated Part 1
- SEC 508.3 Forensic Methodology Illustrated Part 2
- SEC 508.4 Windows File System Forensics
- SEC 508.6 Advanced Forensics and the Forensic Challenge
- SEC 526 Next Evolution in Digital Forensics
Matthew Luallen
Matthew E. Luallen is a well-respected information professional, researcher, instructor and author. Mr. Luallen serves as the President and Principal Consultant of Sph3r3, LLC., a strategic and practical educational and consulting company. With Sph3r3 Mr. Luallen consults with both governmental and commercial sectors including a multi-client base of corporations, public utilities, financial institutions, law enforcement and healthcare organizations. He has provided assistance and architectural support for many information security projects including integrating compliance requirements associated with SOX, HIPAA and the NERC CIP standard. Recent endeavors include architecting and integrating protective controls for financial market transactions, virtualized environments and SCADA systems. Prior to incorporating Sph3r3, Mr. Luallen provided strategic guidance for Argonne National Laboratory, U.S. Department of Energy, within the Information Architecture and Cyber Security Program Office. In an effort to promote education and collaboration in information security Mr. Luallen is an instructor and faculty at several institutions. Mr. Luallen is adjunct faculty for DePaul University instructing the Computer Information and Network Security Masters degree capstone course. He is also a certified instructor and CCIE for Cisco Systems instructing security technologies such as firewalls, intrusion prevention, virtual private networks and general secure information architecture. As a certified instructor for the SANS Institute Mr. Luallen teaches infrastructure architecture, wireless security, web application security, regulatory and standards compliance, and security essentials. Mr. Luallen is a graduate of National Technological University with a Master's Degree in Computer Science, Mr. Luallen also holds a Bachelor of Science degree in Industrial Engineering from the University of Illinois, Urbana.- Matthew will be teaching:
- MGT 411.1 Introduction to ISO/IEC 17799/27001: Policy, ISMS & Awareness
- MGT 411.2 SANS 17799/27001 Controls & Process Improvement I
- MGT 411.3 SANS 17799/27001 Controls & Process Improvement II
- MGT 411.4 SANS 17799/27001 Controls & Process Improvement III
- MGT 411.5 Risk Management, Security Compliance and Audit Controls
- MGT 411.6 ISO-17799/27001 Implementation
Seth Misenar
Seth Misenar is a certified SANS instructor and also serves as lead consultant and founder of Jackson, Mississippi-based Context Security, which provides information security though leadership, independent research, and security training. Seth's background includes network and Web application penetration testing, vulnerability assessment, regulatory compliance efforts, security architecture design, and general security consulting. He has previously served as both physical and network security consultant for Fortune 100 companies as well as the HIPAA and information security officer for a state government agency. Prior to becoming a security geek, Seth received a BS in philosophy from Millsaps College, where he was twice selected for a Ford Teaching Fellowship. Also, Seth is no stranger to certifications and thus far has achieved credentials which include, but are not limited to, the following: CISSP, GPEN, GWAPT, GSEC, GCIA, GCIH, GCWN, GCFA, and MCSE. Beyond his security consulting practice, Seth is a regular instructor for SANS. He teaches numerous SANS classes, including SEC401: SANS Security Essentials Bootcamp Style, SEC504: Hacker Techniques, Exploits, and Incident Handling, and SEC542: Web App Penetration Testing and Ethical Hacking. Seth also serves as both virtual mentor and technical director for SANS OnDemand, the online course delivery arm of the SANS Institute.- Seth will be teaching:
- DEV 419 Web Application Security Essentials
John Myers
John Myers has thirty-plus years of Cryptography, Communications Security (COMSEC), Emission Security (TEMPEST), Computer Security (COMPUSEC), electronic data processing (EDP) security, information security (INFOSEC), and enterprise information assurance (IA) experience. Experience ranges from technician level to senior technical and managerial positions. Expertise focused on all areas of security certification and accreditation (C&A). Performed C&As on applications, stand-alone systems, local area networks, wide area networks and legacy systems. Over five years of classroom instruction, instructional systems design, and course development.- John will be teaching:
- SPECIAL Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) Training
Stephen Northcutt
Stephen Northcutt founded the GIAC certification and currently serves as president of the SANS Technology Institute, a postgraduate level IT security college (www.sans.edu). Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.- Stephen will be teaching:
- MGT 512.1 Managing the Plant, Network, and Information Architecture
- MGT 512.2 Defense In Depth
- MGT 512.3 Secure Communications
- MGT 512.4 The Value of Information
- MGT 512.5 Management Practicum
- MGT 432.1 Information Security for Business Executives
- MGT 432.2 Information Security for Business Executives
- MGT 421 SANS Leadership and Management Competencies
Hal Pomeranz
Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than fifteen years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. He is the Technical Editor for SysAdmin Magazine and was the recipient of the 2001 SAGE Outstanding Achievement award for his teaching and leadership in the field of System Administration. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming.- Hal will be teaching:
- SEC 506.1 Common Issues & Vulnerabilities
- SEC 506.2 Hardening Unix/Linux Systems, Part 1
- SEC 506.3 Hardening Unix/Linux Systems, Part 2
- SEC 506.4 Unix/Linux in the Enterprise
- SEC 506.5 Running Applications Securely
- SEC 506.6 Digital Forensics for Unix/Linux
Mike Poor
Mike is a founder and senior security analyst for the DC firm InGuardians LLC. In his recent past life he has worked for Sourcefire as a research engineer and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and Web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress and is a handler for the Internet Storm Center.- Mike will be teaching:
- SEC 503.1 TCP/IP for Intrusion Detection
- SEC 503.2 Network Traffic Analysis Using TCPdump - Part 1
- SEC 503.3 Network Traffic Analysis Using TCPdump - Part 2
- SEC 503.4 Intrusion Detection Snort Style
- SEC 503.5 Security Information Management and Traffic Analysis - Part 1
- SEC 503.6 Security Information Management and Traffic Analysis - Part 2
Richard Salgado
Richard P. Salgado serves as Google's senior counsel for worldwide law enforcement and information security matters. Previously Mr. Salgado was with Yahoo! Inc., where he focused on international privacy, security, and law enforcement compliance issues as a senior legal director. Mr. Salgado also served as senior counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code, and other technology-driven privacy crimes. Mr. Salgado regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence, and related criminal conduct. Mr. Salgado is a lecturer in law at Stanford Law School, where he teaches a computer crime seminar and an Internet business law and policy class; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School and as a faculty member of the National Judicial College. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his JD from Yale Law School.- Richard will be teaching:
- SEC 508.5 Computer Investigative Law for Forensic Analysts
Rohit Sethi
Rohit Sethi, Manager of Professional Services, Security Compass, is a specialist in threat modeling, application security reviews, and building security controls into the software development life cycle (SDLC). He has written articles on topics of application security for Security Focus and the Web Application Security Consortium (WASC). Prior to becoming a SANS instructor, Rohit taught courses on application security to hundreds of developers in fields ranging from financial services, to telecommunications, to healthcare. With a background in software engineering, Rohit emphasizes how to practically build application security controls into existing applications. Rohit holds an Honors Bachelor of Science degree in Computer Science with Software Engineering Specialization from the University of Western Ontario. He is also a Certified Information Systems Security Professional (CISSP), and a Sun certified Java programmer.- Rohit will be teaching:
- DEV 541.1 Data Validation
- DEV 541.2 Authentication & Session Management
- DEV 541.3 Access Control & Java Security APIs
- DEV 541.4 Java Language & JRE Security Topics
Dave Shackleford
Dave Shackleford is the director of risk and compliance and acting director of security assessments at Sword and Shield Enterprise Security. He is also an instructor and course author for the SANS Institute, where he serves as a GIAC technical director. Previously, Dave worked as the chief security officer at Configuresoft and the chief technology officer for both the Center for Internet Security and a security consulting firm in Atlanta. He has managed information security for a major airline and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition, he has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture, and engineering. Dave is the co-author of Hands-On Information Security from Course Technology as well as the "Managing Incident Response" chapter in the Course Technology book Readings and Cases in the Management of Information Security. Recently, Dave co-authored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the Technology Association of Georgia's Information Security Society and the SANS Technology Institute.
- Dave will be teaching:
- AUD 507.1 Auditing Principles & Concepts
- AUD 507.2 Auditing the Perimeter
- AUD 507.3 Network Auditing Essentials
- AUD 507.4 Auditing Web-Based Applications
- AUD 507.5 Advanced Systems Audit: Windows XP/2003
- AUD 507.6 Advanced Systems Audit: Unix
Stephen Sims
Stephen Sims is an information security consultant currently working for Wells Fargo in San Francisco, California. He has spent the past eight years in San Francisco working for several large financial institutions on network and systems security, penetration testing, exploitation development, risk assessment and management. Prior to San Francisco, Stephen worked in the Baltimore/DC area as a network security engineer for companies such as General Motors and Sylvan Prometric. He is one of only a handful of individuals who hold the GIAC Security Expert (GSE) Certification and also helps to author and maintain the current version of the exam. He is a SANS certified instructor and the course author of SANS’ first and only 700-level course, SEC709: Developing Exploits for Penetration Testers and Security Researchers. Stephen also holds the CISSP, CISA, and Network Offense Professional (NOP) certification, amongst others.- Stephen will be teaching:
- SEC 401.1 Networking Concepts
- SEC 401.2 Defense In-Depth
- SEC 401.3 Internet Security Technologies
- SEC 401.4 Secure Communications
- SEC 401.5 Windows Security
- SEC 401.6 Linux Security
- SEC 334.1 Networking Concepts
- SEC 334.2 Defense In-Depth
- SEC 334.3 Internet Security Technologies
- SEC 334.4 Secure Communications
- SEC 709 Developing Exploits for Penetration Testers and Security Researchers
Ed Skoudis
Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries.
Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).
- Ed will be teaching:
- SEC 560.1 Network Penetration Testing: Planning, Scoping, and Recon
- SEC 560.2 Network Penetration Testing: Scanning
- SEC 560.3 Network Penetration Testing: Exploitation
- SEC 560.4 Network Penetration Testing: Password Attacks
- SEC 560.5 Network Penetration Testing: Wireless and Web Apps
- SEC 560.6 Penetration Testing Workshop & Capture the Flag Event
- SEC 531 Windows Command-Line Kung Fu In-Depth for Info Sec Pros
John Strand
John Strand currently is the owner and senior security researcher with Black Hills Information Security, and a consultant with Argotek, Inc for TS/SCI programs. As a certified SANS instructor he teaches: 504 "Hacker Techniques, Exploits and Incident Handling," 517, "Cutting Edge Hacking Techniques," and 560 "Network Penetration Testing." He is a contributing author of Nagios 3 Enterprise Network Monitoring, and a regular contributor to SearchSecurity's "Ask the Expert" series on the latest information security threats. He also regularly posts videos demonstrating the latest computer attacks and defenses at vimeo.com/album/26207. He started the practice of computer security with Accenture Consulting in the areas of intrusion detection, incident response, and vulnerability assessment/penetration testing. John then moved on to Northrop Grumman specializing in DCID 6/3 PL3-PL5 (multi-level security solutions), security architectures, and program certification and accreditation. He has a master's degree from Denver University and is currently also a professor at Denver University. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.- John will be teaching:
- SEC 504.1 Incident Handling Step-by-Step and Computer Crime Investigation
- SEC 504.2 Computer and Network Hacker Exploits - Part 1
- SEC 504.3 Computer and Network Hacker Exploits - Part 2
- SEC 504.4 Computer and Network Hacker Exploits - Part 3
- SEC 504.5 Computer and Network Hacker Exploits - Part 4
- SEC 504.6 Hacker Tools Workshop
- SEC 517 Cutting-Edge Hacking Techniques
James Tarala
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.- James will be teaching:
- AUD 410.1 Underlying Infrastructure Concepts & Auditing
- AUD 410.2 Defense In Depth
- AUD 410.3 Internet Security Technologies
- AUD 410.4 Secure Communications
- AUD 410.5 Windows Security & Auditing
- AUD 410.6 Unix Security & Auditing
- AUD 521.1 Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant
- AUD 521.2 Meeting the Minimum: PCI/DSS 1.2: Becoming and Staying Compliant
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida.- Johannes will be teaching:
- SEC 617.1 Wireless Architecture and Analysis
- SEC 617.2 Wireless Security Exposed, Part 1
- SEC 617.3 Wireless Security Exposed, Part 2
- SEC 617.4 Wireless Security Exposed, Part 3
- SEC 617.5 Wireless Security Exposed, Part 4
- SEC 617.6 Wireless Security Strategies and Implementation
- SEC 617.1 Wireless Architecture and Analysis
- SEC 617.2 Wireless Security Exposed, Part 1
- SEC 617.3 Wireless Security Exposed, Part 2
- SEC 617.4 Wireless Security Exposed, Part 3
- SEC 617.5 Wireless Security Exposed, Part 4
- SEC 617.6 Wireless Security Strategies and Implementation
Steve Whalen
Steve Whalen, CFCE is currently a Director with Forward Discovery, Inc., an Information Security provider with offices in Washington DC, Texas, North Carolina and Delaware. Prior to joining the Forward Discovery team, Mr. Whalen served 15 years as a Delaware State Trooper. During his time with the state police, Mr. Whalen spent several years as a detective with the Criminal Investigations Unit where he investigated major crimes against persons and property. Mr. Whalen has taught law enforcement officers abroad in several countries throughout Europe, Asia, and Africa as a part of the Anti-Terrorism Assistance Program for the United States Department of State. Mr. Whalen regularly participates in the National Institute of Justice – Electronic Crime Partnership Initiative program which develops strategies for combating electronic crimes.- Steve will be teaching:
- SPECIAL .1 Macintosh Forensic Survival: Day 1
- SPECIAL .2 Macintosh Forensic Survival: Day 2
- SPECIAL .3 Macintosh Forensic Survival: Day 3
- SPECIAL .4 Macintosh Forensic Survival: Day 4
- SPECIAL .5 Macintosh Forensic Survival: Day 5
Benjamin Wright
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 24 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular popular blog at http://legal-beagle.typepad.com.
- Benjamin will be teaching:
- LEG 523.1 LEGAL 417: Legal Issues in Information Technology: InfoSec
- LEG 523.2 Business Law and Computer Security (e-Discovery!)
- LEG 523.3 LEGAL 412: Contracting for Data Security & Other Technology
- LEG 523.4 The Law of IT Compliance: How to Conduct Investigations
- LEG 523.5 LEGAL 425: Applying Law to Emerging Dangers
Lenny Zeltser
Lenny Zeltser leads the security consulting practice at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.
Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.
- Lenny will be teaching:
- SEC 610.1 Reverse-Engineering Malware: The Essentials of Malware Analysis, Part 1
- SEC 610.2 Reverse-Engineering Malware: The Essentials of Malware Analysis, Part 2
- SEC 610.3 Reverse-Engineering Malware Additional Tools and Techniques, Part 1
- SEC 610.4 Reverse-Engineering Malware Additional Tools and Techniques, Part 2
- SEC 602 Reverse-Engineering Malware: Additional Tools and Techniques
- SEC 601 Reverse-Engineering Malware: The Essentials of Malware Analysis
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy