Meet Eric Conrad. SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and co-author of SEC530: Defensible Security Architecture, SEC511: Continuous Monitoring and Security Operations and SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the CISSP Study Guide Book, and the Eleventh Hour CISSP: Study Guide. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering.
In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC; GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications.
SANS: What made you choose to work in tech/security?
Eric Conrad: I was an English major/computer science minor in college. After I graduated I answered an ad in the Boston Globe for an "Electronic Shephard" in 1991. That was for an oceanographic company that was an early dot.com firm. In 1993, I was working as a Unix sysadmin for a Japanese multinational company with a research lab in Cambridge, MA. We got hacked with a first-generation rootkit. I handled that incident (before knowing what incident handling was) and got hooked on InfoSec. I then found a full-time InfoSec role at Boston University in 1994, and never looked back.
SANS: Tell us an interesting fact about yourself and your connection to the technology world.
Eric Conrad: I'm the only SANS instructor mentioned in both Maximum Rock'n'Roll Magazine and Dragon Magazine.
SANS: What was your first SANS course?
Eric Conrad: SEC503 with George Bakos (2003)
SANS: What course is on your wish list to take as a student and/or to teach as an instructor?
Eric Conrad: I'd love to take 573 (Automating Information Security with Python) or 760 (Advanced Exploit Development for Penetration Testers)
SANS: What song is missing from the NetWars playlist? What would you add and why?
Eric Conrad: I created the Cyber Defense NetWars playlist and already have the best music!
SANS: What SANS event are you looking forward to most this year?
Eric Conrad: I'm looking forward to SANS Prague, for the European debut of SEC530. Prague is a fantastic city, and I'm looking forward to returning there.
SANS: How has security changed in your specific industry in the past five years?
Eric Conrad: The leaked NSA hacking toolkit, combined with highly destructive malware such as Not Petya, has been a true game-changer.
SANS: How do you stay up-to-date with the latest cybersecurity information?
Eric Conrad: Twitter is the best source. Follow a bunch of SANS instructors, and follow the people that they follow.
SANS: Advice for someone taking a SANS course for the first time.
Eric Conrad: Network, network, network. Networking with other InfoSec professionals via SANS has been a huge boost to my career.
SANS: What is a quote that inspires your work and why?
Eric Conrad: "The best time to plant a tree was 20 years ago. The second-best time is now." Chinese Proverb
SANS: Why do you teach for SANS and not other educational programs?
Eric Conrad: SANS has the best instructors on the planet!
SANS: What advice do you have for students pursuing a career in cybersecurity.
Eric Conrad: Always work on something to further your career that is not directly tied to your day job. It could be a certification, a paper, a blog post, an open-source project, a talk, etc. If you haven't performed public speaking, make that your goal.
SANS: What is the next big topic in cybersecurity?
Eric Conrad: Influencing politics, elections, and national security via the Internet.
SANS: What was your first piece of technology as a child?
Eric Conrad: I was the first kid on my block with a computer in 1983 (Texas Instruments TI-99/4A). I later upgraded to an Atari 800XL. I immediately got hooked on programming and loved exploring bulletin board systems (BBSes) via modem.
SANS: If you could write your dream course, what would it be about?
Eric Conrad: I have already done so, a few times! Check out MGT414: SANS Training Program for CISSP® Certification, SEC530: Defensible Security Architecture, SEC511: Continuous Monitoring and Security Operations & SEC542: Web App Penetration Testing and Ethical Hacking.
Catch him on Twitter @eric_conrad