OnDemand + GIAC - Get your Certification Attempt Included for a Limited Time!


Kevin Ripa

An investigator at heart, Kevin Ripa bought his first computer as a tool for writing reports for his private investigation agency. As he worked through typical user issues, the "why" of what was going wrong in his machine kept him up at night. So Kevin turned his investigative skills toward his computer and quickly became fascinated by the world inside of it. Now a 25-year veteran of the digital investigations field, Kevin's enthusiasm has not waned: "IT security and digital forensics still inspire me every day, and I can't wait to wake up in the morning and get to work!"

Kevin currently serves as president of The Grayson Group of Companies, which consists of Computer Evidence Recovery, Pro Data Recovery Inc., and J.S. Kramer & Associates, Inc. He provides investigative services to various levels of law enforcement, Fortune 500 companies, and the legal community. He is past president of the Alberta Association of Private Investigators and a former member of the Canadian Department of National Defence, where he served in both foreign and domestic postings.

Kevin has assisted in many complex cyber-forensics and hacking response investigations around the world. He's a sought-after resource for his expertise in information technology investigations and frequently serves as an expert witness.  In one memorable case, Kevin had a client charged with a heinous crime and facing significant jail time. "There was no question that the contraband material was on his computer, but our investigation proved conclusively that he could not have placed the material on the computer, nor was the computer even in his custody when the material was downloaded and viewed," explains Kevin. "In fact, the material had been placed on his computer inadvertently by his accusers, without them knowing that they had done it."

Back when he was a student, Kevin had chosen SANS because of the caliber of the instruction. Today he is a SANS instructor for SEC301: Intro to Information Security, SEC401: Security Essentials Bootcamp Style, and FOR500: Windows Forensic Analysis.

"I teach because I love to share knowledge, and I teach for SANS because it is the best of the best," Kevin explains." I am really fortunate that SANS appreciates my knowledge and allows me the opportunity to pass it on.  I love teaching security and DFIR, because it's like talking about my hobby. And when a student's light bulbs come on, it makes it even more worthwhile."

Kevin's teaching philosophy is that the instructor is there for the students, not the other way around. "If my students do not 'get' something by the end of the section, or day, or course, it is me that has failed as an instructor," he says. Kevin sees it as his duty to make the information understandable to each one of his students, and he wants his students to walk away from his classes reinvigorated about the field they have chosen and feeling they can make an actionable difference in the security of their enterprise. He also strives to remind them that humility is vital for career success.

"Every last one of us is absolutely replaceable, and usually by a machine with no moving parts!"

Teaching students to think outside the box and away from the books, and to use ingenuity to solve real-world problems, is also a key theme in Kevin's courses. For example, he notes that in digital forensics the biggest challenge can sometimes be to know when to stop looking at data. Trying to examine two terabytes of data is daunting, so Kevin teaches students how to prioritize the data and stay within manageable tasks.

Kevin has designed, produced, hosted, and taught numerous industry-related courses, and has had over 100 speaking and training engagements with industry and law enforcement around the world. He has also authored dozens of articles, as well as chapters in a number of manuals, books, and training texts on the subjects of computer security and forensics. Kevin holds a number of industry certifications, including four GIAC certifications (GCFE, GCFA, GSEC, GISF), EnCase Certified Examiner, Certified Data Recovery Professional, and Licensed Private Investigator, and he previously held the Certified Penetration Tester and Certified Ethical Hacker certifications.

In his free time, Kevin loves to tackle renovations, cabinet-making, auto mechanics, reading, discovering new things in cyber, and, above all, building Lego creations with his four-year-old son.

Qualifications Summary

Get to Know Kevin Ripa


  • GIAC Advisory Board
  • Certified Cellular Master Repair Technician Level III
  • Certified Data Recovery Professional
  • Hacking Exploits Investigation Specialist
  • Advanced Lab Data Recovery Specialist
  • Advanced Microsoft Windows Forensics
  • Email Tracing Specialist
  • Internet Investigation Specialist
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Security Essentials Certification (GSEC)
  • EnCase Certified Examiner
  • Licensed Private Investigations Agency and Agent
  • Certified Ethical Hacker v.6

Upcoming Courses Taught By Kevin Ripa
Type Course / Location Date Register

Training Event
SANS Baltimore Spring 2018 Baltimore, MD
Apr 21, 2018 -
Apr 28, 2018

Training Event
SANS Atlanta 2018 Atlanta, GA
May 29, 2018 -
Jun 3, 2018

Training Event
SANS Oslo June 2018 Oslo, Norway
Jun 18, 2018 -
Jun 23, 2018

Training Event
SANS London July 2018 London, United Kingdom
Jul 2, 2018 -
Jul 7, 2018

Community SANS
Community SANS Columbia FOR500 Columbia, MD
Jul 23, 2018 -
Jul 28, 2018

Training Event
SANS August Sydney 2018 Sydney, Australia
Aug 20, 2018 -
Aug 25, 2018

Training Event
SANS Baltimore Fall 2018 Baltimore, MD
Sep 10, 2018 -
Sep 15, 2018

Training Event
SANS October Singapore 2018 Singapore, Singapore
Oct 15, 2018 -
Oct 28, 2018

*Course contents may vary depending upon location, see specific event description for details.