- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Las Vegas, NV - January 24 - February 1, 2009
- Event Location & Info
- Faculty
- Vendor Expo
- General Info
Instructors have excellent hands on real life experience.
-Terry Kuxhaus, State of South Dakota
Faculty for SANS Security West 2009
Chris Brenton
Chris Brenton is a private consultant with over ten years of experience in the field. He is one of the founding members of the initial Honeynet Project and one of the original Internet Storm Center handlers, and he started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Protection In-Depth course. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.- Chris will be teaching:
- SEC 502.1 TCP/IP for Firewalls
- SEC 502.2 Firewalls, NIDS, and NIPS
- SEC 502.3 Wire Products and Assessment
- SEC 502.4 Host Level Security
- SEC 502.5 Securing the Wire
- SEC 502.6 Perimeter Wrap Up
Eric Cole, PhD
Dr. Eric Cole is an industry-recognized security expert with over 15 years of hands-on experience. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Cole has a master's degree in computer science from NYIT and a PhD from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty fellow and course author.- Eric will be teaching:
- SEC 501.1 Defensive Network Infrastructure
- SEC 501.2 Data Loss Prevention
- SEC 501.3 IP Packet Analysis
- SEC 501.4 Vulnerability Analysis and Pen Testing
- SEC 501.5 Incident Response and Analysis
- SEC 501.1 Defensive Network Infrastructure
- SEC 501.2 Packet Analysis
- SEC 501.3 Pentest
- SEC 501.4 First Responder
- SEC 501.5 Malware
- SEC 501.6 Data Loss Prevention
Jonathan Ham
Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He's been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.- Jonathan will be teaching:
- MGT 414.1 Overview and Access Control Systems & Methodology
- MGT 414.2 Telecommunications, Network & Internet Security and Security Management Practices
- MGT 414.3 Applications & Systems Development and Cryptography
- MGT 414.4 Security Architecture & Models and Operations Security
- MGT 414.5 Business Continuity Planning and Law, Investigations & Ethics
- MGT 414.6 Physical Security
Kevin Johnson
Kevin Johnson is a senior security analyst with InGuardians, LLC. Kevin came to security from a development and system administration background. He has many years of experience performing security services for Fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin founded and leads the development on the Basic Analysis and Security Engine (BASE) project, the most popular Web interface for the Snort intrusion detection system. Kevin is an instructor for SANS, teaching both SEC504: Hacker Techniques, Exploits, and Incident Handling and SEC542: Web App Penetration Testing and Ethical Hacking. He has presented to many organizations, including Infragard, ISACA, ISSA, and the University of Florida.- Kevin will be teaching:
- SEC 542.1 Web App Penetration Testing and Ethical Hacking: The Attacker's View of the Web
- SEC 542.2 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 1
- SEC 542.3 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 2
- SEC 542.4 Web App Penetration Testing and Ethical Hacking: The Attack Process Part 3
Frank Kim
Frank Kim is a co-founder and principal consultant with Think Security Consulting (http://www.thinksec.com), a San Francisco Bay area based application security consulting firm. Frank is an author and instructor for SANS Security 541: Secure Coding in Java/JEE. He has over ten years of experience developing applications using Java/Java EE and has designed and developed Web applications for large health care, technology, insurance, and consulting companies. Frank currently focuses on integrating security into the software development life cycle by doing penetration testing, security assessments, architecture reviews, code reviews, and training. Frank holds the CISSP, GPEN, GCIH, GCFA, GCIA, and GSSPJava certifications and is a Sun Certified Java Developer and Programmer.- Frank will be teaching:
- DEV 541.1 Data Validation
- DEV 541.2 Authentication & Session Management
- DEV 541.3 Access Control & Java Security APIs
- DEV 541.4 Java Language & JRE Security Topics
Rob Lee
Rob Lee is a director for MANDIANT (www.mandiant.com), a leading provider of information security consulting services and software to Fortune 500 organizations and the U.S. government. Rob is also the curriculum lead for digital forensic training at the SANS Institute (forensics.sans.org). Rob has more than 13 years' experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on information operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics. Prior to joining MANDIANT, he directly worked with a variety of government agencies in the law enforcement, U.S. Department of Defense, and intelligence communities as the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and lead for a computer forensic and security software development team. Rob also coauthored the bestselling book Know Your Enemy, 2nd Edition. Rob earned his MBA from Georgetown University in Washington DC. Finally, Rob was awarded the Digital Forensic Examiner of the Year from the Forensic 4Cast 2009 Awards.- Rob will be teaching:
- SEC 508.1 Forensic and Investigative Essentials
- SEC 508.2 Forensic Methodology Illustrated Part 1
- SEC 508.3 Forensic Methodology Illustrated Part 2
- SEC 508.4 Windows Filesystem Forensics
- SEC 508.5 Computer Investigative Law for Forensic Analysts
- SEC 508.6 Advanced Forensics and the Forensic Challenge
Stephen Northcutt
Stephen Northcutt founded the GIAC certification and currently serves as president of the SANS Technology Institute, a postgraduate level IT security college (www.sans.edu). Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.- Stephen will be teaching:
- MGT 512.1 Managing the Plant, Network, and Information Architecture
- MGT 512.2 Defense In Depth
- MGT 512.3 Secure Communications
- MGT 512.4 The Value of Information
- MGT 512.5 Management Practicum
- MGT 404 Fundamentals of Information Security Policy
Mike Poor
Mike is a founder and senior security analyst for the DC firm InGuardians LLC. In his recent past life he has worked for Sourcefire as a research engineer and for the SANS Institute leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and Web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress and is a handler for the Internet Storm Center.- Mike will be teaching:
- SEC 503.1 TCP/IP for Intrusion Detection
- SEC 503.2 Network Traffic Analysis Using TCPdump - Part 1
- SEC 503.3 Network Traffic Analysis Using TCPdump - Part 2
- SEC 503.4 Intrusion Detection Snort Style
- SEC 503.5 Security Information Management and Traffic Analysis - Part 1
- SEC 503.6 Security Information Management and Traffic Analysis - Part 2
Ed Skoudis
Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries.
Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore).
- Ed will be teaching:
- SEC 560.1 Network Penetration Testing: Planning, Scoping, and Recon
- SEC 560.2 Network Penetration Testing: Scanning
- SEC 560.3 Network Penetration Testing: Exploitation
- SEC 560.4 Network Penetration Testing: Password Attacks
- SEC 560.5 Network Penetration Testing: Wireless and Web Apps
- SEC 560.6 Penetration Testing Workshop & Capture the Flag Event
John Strand
John Strand currently is the owner and senior security researcher with Black Hills Information Security, and a consultant with Argotek, Inc for TS/SCI programs. As a certified SANS instructor he teaches: 504 "Hacker Techniques, Exploits and Incident Handling," 517, "Cutting Edge Hacking Techniques," and 560 "Network Penetration Testing." He is a contributing author of Nagios 3 Enterprise Network Monitoring, and a regular contributor to SearchSecurity's "Ask the Expert" series on the latest information security threats. He also regularly posts videos demonstrating the latest computer attacks and defenses at vimeo.com/album/26207. He started the practice of computer security with Accenture Consulting in the areas of intrusion detection, incident response, and vulnerability assessment/penetration testing. John then moved on to Northrop Grumman specializing in DCID 6/3 PL3-PL5 (multi-level security solutions), security architectures, and program certification and accreditation. He has a master's degree from Denver University and is currently also a professor at Denver University. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.- John will be teaching:
- SEC 504.1 Incident Handling Step-by-Step and Computer Crime Investigation
- SEC 504.2 Computer and Network Hacker Exploits - Part 1
- SEC 504.3 Computer and Network Hacker Exploits - Part 2
- SEC 504.4 Computer and Network Hacker Exploits - Part 3
- SEC 504.5 Computer and Network Hacker Exploits - Part 4
- SEC 504.6 Hacker Tools Workshop
- SEC 517 Cutting-Edge Hacking Techniques
James Tarala
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.- James will be teaching:
- SEC 401.1 Networking Concepts
- SEC 401.2 Defense In-Depth
- SEC 401.3 Internet Security Technologies
- SEC 401.4 Secure Communications
- SEC 401.5 Windows Security
- SEC 401.6 Linux Security
Johannes Ullrich, PhD
As chief research officer for the SANS Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida.- Johannes will be teaching:
- DEV 545 Secure Coding in PHP: Developing Defensible Applications
Benjamin Wright
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 24 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular popular blog at http://legal-beagle.typepad.com.
- Benjamin will be teaching:
- LEG 523.1 LEGAL 417: Legal Issues in Information Technology: InfoSec
- LEG 523.2 Business Law and Computer Security (e-Discovery!)
- LEG 523.3 LEGAL 412: Contracting for Data Security & Other Technology
- LEG 523.4 The Law of IT Compliance: How to Conduct Investigations
- LEG 523.5 LEGAL 425: Applying Law to Emerging Dangers
Lenny Zeltser
Lenny Zeltser leads the security consulting practice at Savvis. He is also a board of directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.
Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.
- Lenny will be teaching:
- SEC 610.1 Reverse-Engineering Malware: The Essentials of Malware Analysis, Part 1
- SEC 610.2 Reverse-Engineering Malware: The Essentials of Malware Analysis, Part 2
- SEC 610.3 Reverse-Engineering Malware Additional Tools and Techniques, Part 1
- SEC 610.4 Reverse-Engineering Malware Additional Tools and Techniques, Part 2
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy