How did you get started in information security?
When I was 2 1/2 years old, my dad brought home an Apple II desktop computer, and I’ve been passionate about technology and information security ever since. When I was 15, I told my dad I wanted to build computers, so he brought a pickup truck full of broken computers home from his work for me to practice on. I’d often see him going to work at 5 a.m. as I was finishing a long night of disassembling and reassembling computers.
My dad made me wait until I was 18 to start my first computer repair business, which I did while completing dual bachelor’s degrees from California State University Stanislaus, and later an MBA from Texas A&M. My computer repair business transformed into a managed service provider, then a consulting firm based in Los Angeles, which I recently sold to Richey May & Co., where I am now the Director of Cybersecurity Services. Looking back, it’s been a crazy ride!
Why did you choose to train with SANS?
I frequently seek out the best information security practitioners in the industry to ask them what advice they would give to their younger selves, and what training they recommend. They consistently recommend SANS training and GIAC Certifications.
I took my first SANS course, SEC560: Network Penetration Testing and Ethical Hacking, at SANSFIRE in Washington, D.C., with course author and instructor Ed Skoudis. I was blown away by Ed, the material, the SANS staff, operations, efficiency, attention to detail, and by my peers in the classroom. Immediately after completing SEC560, I signed up for additional SANS training.
When selecting SANS courses, my strategy was not to look for an interesting class but to look for the best instructors and travel to wherever they were teaching. My second SANS course was
FOR610: Reverse-Engineering Malware with Lenny Zeltser. I definitely stepped outside my comfort zone with this course, but Lenny was patient and pushed my skills to a new level.
Where have you found the most value in your SANS training and why?
Google any SANS instructor’s name and you’ll have the answer to this question. I tell my wife it’s like wanting to become a famous actor and then being taught for a week by Will Smith or Tom Hanks.
Not only are the best of the best teaching these courses, but you can tell they have been through intense training and scrutiny to ensure that they can easily transfer their knowledge to students. It’s probably the closest thing to plugging a USB drive into your head to absorb the information.
Also, the attention to detail, passion for customer experience, and many other things SANS does to ensure they are the best are mind-blowing.
What is the most practical advice you’d give to a future student to make the most of his or her SANS training experience?
I’d recommend doing your homework on the instructor—evaluate their teaching style, content, and thought leadership in the industry. I’d also recommend prioritizing the courses. There are so many courses that look interesting that it can be difficult to pick which class to start with. Read the descriptions of each course, prerequisites (not to be taken lightly), and ask around to select the best course for you.
You should come to a SANS training event prepared; turn your phone off during class, go to SANS@Night talks, and participate in NetWars. I’d be lying if I said it was an easy week. It’s mentally grueling but so worth it.
Also, don’t forget to network with your peers. Companies and government agencies have invested a lot of time, resources and money into sending their staff to SANS training, so these are people you want to stay in touch with. One person I met in FOR610 would change seats each day to meet new people.
Completed SANS Courses
- SEC511: Continuous Monitoring and Security Operations
- SEC560: Network Penetration Testing and Ethical Hacking
- SEC580: Metasploit Kung Fu for Enterprise Pen Testing
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques