Last Day to Save $200 on Cyber Security Training at SANS San Francisco Summer!


Craig Bowser

After earning a degree in Electrical Engineering at Stevens Institute of Technology, Craig Bowser started in IT as an officer in the US Air Force where he managed, optimized and performed troubleshooting on networks at Air Force bases around the world. In 2000, when he was stationed in the Washington DC area, he took over as Chief of Network Security for the Defense Information Systems Agency (DISA) intranet. While there he obtained his GSEC from SANS in 2001. After separating from the military, Craig worked for several government contractors in a variety of information security roles including accreditation, security engineer, incident response, security analyst, and security manager. In 2006, he obtained his CISSP and in 2011, Craig attended SEC501 and earned his GCED. Soon after, Craig was invited to a new infosec user group starting to meet in Virginia called NOVA Hackers (NOVAH). The requirement for membership in NOVAH was simple: each member needed to give a 10-15 minute talk on a regular basis. So Craig started giving talks. Even though he was an experienced briefer from his time in the military, giving technical talks to an audience with varied technical experience taught him to be prepared in new ways. First, he needed to be prepared to know answers he didnt think he needed and second, the importance of learning from the audience. This actually taught him something else: Always have a notepad to take notes when speaking! Participation in NOVAH inspired him to learn python. This helped him to deal with his frustration regarding the alerts he received at the job he had at the time by automating much of the manual review. Participating in NOVAH also led to opportunities to attend local conferences such as Shmoocon and BsidesDC. The firehose of information was overwhelming at first, but with the help of his growing friendships in the community, Craig was able to absorb more and more of the knowledge and apply that knowledge at work. As Craig grew in his skills and knowledge, he found himself increasingly helping others at work, teaching them and leading the way in implementing new methodologies. Soon, during conversations at security conferences and at NOVAH, Craig found himself answering as many questions as he asked. Thats when he realized he needed to give back to the community that helped him by sharing the knowledge, skill, and methods he had gained over the years. And so, in 2015, he researched and crafted his first talk and submitted it to several conferences for consideration. That year he was accepted and spoke at three conferences, BsidesCharm, SANS SOC Summit, and SANS Cyber Defense Summit. Since then, Craig has given talks at every SANS SOC Summit, DerbyCon, Shmoocon Epilogue, and the SANS SIEM Summit in addition to keeping his membership active in NOVAH by speaking regularly and he volunteers on staff at BsidesCharm and BsidesDC. Since 2012, Craig has been the senior security engineer responsible for building and maintaining multiple SIEMs for a government agency. Being responsible for multiple SIEMs brought multiple disciplines from his career into one job. Security Engineering was required for him to architect the system so that it could manage the amount of logs being sent and to design how the logs would be captured and archived. Security Analysis was required so that he could design searches, alerts, reports and dashboards that identified anomalies in the enterprise and use the latest threat intelligence to find attacks. Incident Response was required so that when an alert was raised, he would know what to look for, in which logs to look, how to confirm or deny that a security event had taken place, and if so, how to track on-going activity to ensure that all everything malicious is identified and removed. Security Management was required to understand how the SIEM supported current policies and procedures or create opportunities to develop new ones. While he doesnt use other disciplines as often, there are times where an understanding of security law, application security, certification and accreditation and others have been important to ensuring that the SIEM succeeds in the organization. Managing the SIEM has caused Craig to mature as an infosec professional and expanded his areas of knowledge and skills. Craig is looking to find new ways to grow in his career, help others and give back to the communities that helped him.

He maintains a website at where he maintains a blog and also posts slides from some of his past presentations.

He is stoked to have an opportunity to teach others while learning from students and fellow instructors. And have fun all the while!

Upcoming Courses Taught By Craig Bowser
Type Course / Location Date Register

Mentor Session Leesburg, VA
Jul 16, 2019 -
Sep 3, 2019

*Course contents may vary depending upon location, see specific event description for details.