Get the Skills you need from Home with SANS OnDemand


Jim Clausing

Jim Clausing caught his first attacker in 1981 when he discovered a Trojan login program had been planted on a terminal on his college's computer. "Yes, we had only one computer for the entire college," he recalls. Ever since, Jim has been working to secure systems and track down attackers. "It is putting the pieces together, finding the patterns. I love that," says Jim. "I've spent most of my time since then trying to unravel these mysteries."

Today, Jim has over 35 years of experience in the IT field including systems and database administration, and security and research in parallel processing and distributed systems. He's spent the past 20 years as a technical consultant and network security architect for AT&T doing malware analysis, forensics, incident response, intrusion detection, system hardening, and botnet tracking.

When Jim took his first SANS class in 2000, his instructor Stephen Northcutt emphasized giving back to the community. Jim sees teaching and mentoring as one way he can do that. "I've taken enough training to know that SANS provides the absolute best technical security training in the business, so I'm proud to be a part of that," says Jim. "Plus, I learn something from the students every single time I teach."

Jim has now been a SANS instructor for nearly 16 years, teaching a wide variety classes ranging from packet analysis and first responder classes, to reverse engineering malware and CISSP preparation, as well as mentoring intrusion detection, firewall, and forensics courses. Today, he teaches FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques.

In his teaching, Jim strives to share his passion for the field with his students and to lead by example, sharing his experiences for others to learn from. He also focuses on hands-on experiential learning. "The only way to truly learn something is by doing," he says. "That's part of why I love most SANS classes, the hands-on exercises are the best way to learn how to actually do."

Jim notes that students often assume they need to be an assembly language expert to do malware analysis. But as he puts it, "it isn't a dark art or magic, anyone can learn to analyze malware if they put in the time."

In his classes, Jim says students learn the basics and how to recognize the important API calls and control flow, and gradually learn more assembly language as they do more reversing. "We'll show you how you can find IOCs even if you only have an hour to analyze a particular sample or how to figure out most or all of the capabilities of the malware if you have 20-40 hours," says Jim.

Since 2006, Jim has served on the GIAC board of directors, and as a volunteer incident handler at the SANS Internet Storm Center since 2002. He co-authored the SANS Press book, Securing Solaris 8 & 9 Using the Center for Internet Security Benchmark, and holds the GIAC Security Expert (GSE) certification (#26), and the GIAC GCFA, GCIA, and GREM Gold certifications. He also holds the GIAC GCIH, GPPA, GCFE, GCWN, GSEC, GPEN, GPYC and GNFA Silver certifications, as well as the CISSP.

When he's not working or teaching, you'll find Jim on his recumbent bike, which he's ridden more than 1,100 miles annually on in recent years and looking for opportunities to put his instrument-rated private pilot license to use. When he's off the bike and out of the plane, Jim enjoys spending time with his family and their pets, a dog and cats.

Qualifications Summary

  • 35+ years of experience in the IT field including systems and database administration and security
  • Member of the GIAC Board of Directors
  • Co-author of the 2003 SANS Press book, Securing Solaris 8 & 9 Using the Center for Internet Security Benchmark
  • Volunteer incident handler at the SANS Internet Storm Center (
  • Instructor for SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques

Get to Know Jim Clausing


  • GIAC Security Expert (GSE) certification (#26)
  • GIAC Certified Forensic Analyst (GCFA) gold certification
  • GIAC Certified Intrusion Analyst (GCIA) gold certification
  • GIAC Reverse Engineering Malware (GREM) gold certification
  • GIAC Certified Incident Handler (GCIH) silver certification
  • GIAC Certified Perimeter Protection Analyst (GPPA) silver certification
  • GIAC Certified Forensic Examiner (GCFE) silver certification
  • GIAC Certified Windows Security Administrator (GCWN) silver certification
  • GIAC Security Essentials (GSEC) silver certification
  • GIAC Penetration Tester (GPEN) silver certification
  • GIAC Network Forensics Analyst (GNFA) silver certification
  • Certified Information Systems Security Professional (CISSP)
  • GIAC Python Coder (GPYC)
  • GIAC Certified Detection Analyst (GCDA)

Upcoming Courses Taught By Jim Clausing
Type Course / Location Date Register

Training Event
Sep 8, 2020 -
Sep 13, 2020

Training Event
Sep 28, 2020 -
Oct 3, 2020

*Course contents may vary depending upon location, see specific event description for details.