John TerBush currently works as a senior threat researcher with the Insikt Group at Recorded Future, a leading provider of cyber threat intelligence, and is co-author of SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis. He has decades of experience in physical investigations and security, intelligence gathering and analysis, and computer network defense. He enjoys sharing the insight gained from this experience with his students while teaching for SANS.
What made you choose to work in security?
I've always had an interest in security, both on the physical side and, now, information security. For example, for fun, I actually would map out where security cameras and guards were in museums I visited when I was a teenager, which is admittedly pretty weird. I probably read too many mysteries, spy, and detective novels when I was young!
What was your first SANS course and GIAC certification (if applicable)?
My first SANS course and GIAC cert was SEC503: Intrusion Detection In-Depth, which I took in 2015 when I was working as a SOC analyst at Symantec.
What courses do you teach?
I am a co-author of the SEC587: Advanced Open-Source Intelligence Gathering and Analysis course.
Why do you teach, research, and practice information security?
I feel it is such an important role to protect people and their data, and I find meaning in working to investigate and interfere with those working to harm others. In part because it is difficult for people and organizations to protect themselves when confronted with all the criminals, state-affiliated actors, and others that our interconnected world has brought to their doorstep. I also have come to realize that over time I have acquired a great deal of knowledge and experience that I can share with others to help them better do their work.
What tips can you provide newcomers to cybersecurity and defense?
First, I would say attend local or online information security meetings and conferences, meet others in the field and learn all you can!
As for focused studies, start by understanding the basics of your area of interest first before working on the technical aspects of security or investigations. Whether that primary subject matter should be coding, computer networking, or the cybercrime economy depends on your intended role, of course. Once you have the fundamentals down, you can learn how to secure that network, or investigate that criminal operation.
Who has influenced your information security career?
I've had a lot of help along the way, from co-workers and managers to friends within hacker communities such as NoVA Hackers in the DC area. One of the differences I noticed when transitioning from my work as a private investigator into information security was how those in infosec were very open and willing to share their knowledge. In many fields, including physical security, people can be tight-lipped about their methods and techniques until you know them well. So, I honestly have thousands of people to thank for sharing what they know, and I try to return the favor and share my knowledge with the community.
What do you want people to know about you?
I'm just a regular guy who is always learning and working to be a wiser, better person.
Favorite quotes, songs, or books?
"You must understand there is more than one path to the top of the mountain" - attributed to Miyamoto Musashi. I think it's important to remember there are always different avenues to attaining our goals; don't give up simply because one pathway is blocked. You can accomplish a lot by simply being persistent!
Tell us about things you enjoy that people may not expect.
I'm an avid outdoorsman and love to go camping, mountain biking, kayaking, trail running and the like, usually as far from civilization as possible.
Read John's full bio here.
