Mentor: Bios


Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

Duncan is a Senior Manager within PwC Australia's Cyber Security and Forensics practice. He has over 17 years experience in Offensive and Defensive Cyber Security roles and is the lead for the National Operational Technology Cyber Security capability and Perth Cyber Security team. He has worked in United Kingdom, Indonesia, Abu Dhabi, Singapore and Australia.

Duncan can truly provide the holistic view of Cyber Security as he has been on both red and blue teams and is the proud holder of the GXPN Exploit Researcher and Advanced Penetration Tester and the GMON Continuous Monitoring and Security Operations.


James Arndt has been to numerous SANS training events and would like to share his knowledge gained with you. With his passion for security and years of classroom experience, you will gain practical knowledge and skills to take back to your company. James is a Security Engineer at the American Transmission Company based in the Milwaukee area. There he focuses on access management, vulnerability management, and reverse engineering whatever malware or malicious document comes his way. You might also find James hanging out with his family, playing guitar, or tinkering around in his basement lab.
 

Mohammed Asfar serves as a Senior Cybersecurity Consultant at Cyber division of Leidos. Asfar's background includes electronic discovery, forensic investigation, incident response, vulnerability assessment and penetration testing across multiple industries. Asfar holds M.S. degree in Forensic Science from Marshall University, as well as CISSP, GCFA, GCIH, GCIA, GMON, GREM, GPEN and ENCE certifications. Asfar live in Houston, Texas with his wife and two-year old daughter.

Chris is a Director in IT Security at GlaxoSmithKline where he leads the services that deliver the IT controls that protect the company's network, servers, web and mobile applications, and data. He has led many incident response and vulnerability remediation efforts and has been working for over 20 years in the healthcare industry to promote information protection and IT security. He knows that striking the best balance between security and usability depends on having a clear understanding of the risks that vulnerabilities and threats pose to the business and being able to articulate those risks to senior business leaders. Chris earned his MBA from Drexel University with concentrations in both Management Information Systems and Corporate Finance and holds several professional and security certifications including GPEN, CISM, and a Six Sigma Black Belt.

Chris is an active member of the infosec community and looks for every opportunity to both learn and encourage others to gain a deeper understanding of the fascinating and often intimidating world of information security. He regularly takes part in security training, conferences such as Shmoocon and BSides, and capture-the-flag challenges to apply and grow his skills and understanding.

Brad is a consultant with SecureWorks doing full time web application penetration testing. He has a masters degree in Information Assurance from Dakota State University. Certifications include GWAPT, GPEN, GCIH, GCED, and CISSP. He is an active member of the local information security community. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.

David Bernal Michelena holds a bachelor's degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since June 2015 he serves as a cyber security researcher in Cyber Security Group in Scitum, a large consultant company in Mexico and Latin America. David's main activities are malware analysis, cyber threat intelligence, digital forensics and writing yara and snort rules to detect those threats and protect customers. David also performs ethical offensive activities and writes custom tools that are used in controlled environments to verify that security products do what they claim to do. 
From July 2013 to June 2015 David was a member of Security Events team at Alstom, a large company in energy and transport solutions protecting the endpoint environment of about 90,000 hosts distributed worldwide. In his time in Alstom his main activities were incident response, malware analysis and remediation, forensic analysis, IPS/IDS and SIEM management.
Formerly he served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitum's customers. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
From August 2009 to July 2011 he worked as a forensic analyst and incident handler in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico. David is GXPN, GASF, GREM, GCFA, GCFE and Access Data certified. He likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to swim and play the piano.

Raluca is an experienced Information Security and Privacy specialist, holding a Master Degree in IT Security, and several industry recognized certifications: GSEC, CISSP, CRISC, CISM, CISA, CIPT and PMP. With her employer, Raluca is heavily involved in various cyber security initiatives, leading information risk assessments, supporting the application security program, participating in the development of security architecture patterns for new platforms and technologies. Raluca is also a former Computer Science teacher, with 10+ teaching experience. Raluca is a believer in continuing education, so when she is not studying for a new certification or a new skill, she loves helping others learn and having again the opportunity to teach!

Tim Boyles is the Security Administrator for a Dallas based security company. He brings over 19 years of experience in the IT field. He has worked for the U.S. Navy, a network consultancy, and various other industries, always involved in networking and security.

He has been involved in security architecture, regulatory compliance, intrusion detection, penetration testing, vulnerability assessments, web application security assessments, and uses many security tools over the course of his work.

Marcelo has an extensive and diversified experience within the information technology sector. He has been carrying out computer forensics investigations for over 8 years. Worked with incident response / computer emergency response, being responsible for conducting investigations and responding to networking intrusion attempts. He investigated and handled privacy-related incidents and consumer complaint in liaison with Legal and Human Resources departments. Analyzed and documented, including root cause analysis, information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, including offering remediation strategies. Investigated and immediately stopped leaks and inadvertent disclosures of confidential information. Developed policies and security awareness programs. Worked with highly sensitive information in a team environment.

Marcelo enforced Firewall, Intrusion Prevention System (IPS), Demilitarized Zone (DMZ), anti-virus and anti-spam configuration and maintenance. He assisted with the selection, installation, and adoption of automated tools that enforce or monitor the compliance with information security policies, procedures, standards, and similar information security requirements. He analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place. Audited, verified network security and gave recommendations to improve the network security. Executed wireless evaluations and security auditings. Advised organizations with current information about information security technologies and issues and researched and recommended solutions. Wrote user manuals on security softwares and computer, email and Internet user policy. Developed and implemented user security awareness programs, with seminars, conferences, folders, newsletters and helpful suggestions. Designed and reviewed Windows 2000/XP/Vista/Windows 7 and Linux security architecture.

Marcelo has assisted task forces in lawsuits as technical assistant, acting as a expert witness in civil trails. He assisted in computer crimes (cybercrime) investigations and was responsible for establishing a chain of custody for evidence. He performed customer data analysis of data requested from banks and telecommunication companies, as requested by Brazilian Attorneys. He wrote, compiled and edited reports of security activities.

Marcelo has also worked as an associate professor on some colleges training on the following subjects: Law, Investigation and Ethics; Physical Security; Systems Security and Auditing; Networking; Cryptography; Software Engineering; Data Processing Center Administration. He worked as instructor for the Security Fundamentals Course (Presidency of Republic) for over than 10 classes. He was lecturer at the most important Information Security conferences in Brazil.

Finally, Marcelo holds a Masters degree in Computer Science and a Bachelor degree in Information Systems. He also has some certifications, which illustrates his passion to learn: GIAC Certified Forensics Analyst (GCFA), GIAC Certified Incident Handler (GCIH), CISSP (Certified Information Systems Security Professional) and EnCase Certified Examiner (EnCE).

http://ca.linkedin.com/in/caiado

Eric Capuano began his career in Information Security as a Tactics Developer for the United States Air Force, specializing later in intrusion detection signature development. Since departing active duty, Eric has lead cybersecurity operations in both private and government entities. He currently manages the Security Operations Center for the Texas Department of Public Safety, where he singlehandedly built the agency's first CSIRT. Eric routinely leverages Windows forensics skills in support of defensive and incident response operations as well as providing support to law enforcement. With this experience, Eric is able to provide real-world forensics experience not only for LE/investigative purposes, but also for identifying attack methods and infection timelines of compromised systems. Eric continues to serves part-time in the Texas Air National Guard as a Cyber Warfare Operator. He also teaches Cyber Patriot and is a member of the Packet Hacking Village / Wall of Sheep at DEFCON each year. In his spare time, Eric enjoys tinkering in Python, analyzing malware, authoring threat signatures/IOCs, and developing/maintaining honeypots and deception systems. He has a passion for detailed threat analysis and uses those skills to bolster defensive postures by leveraging defense-in-depth methodologies. Eric currently holds the following certifications: GIAC GCFE, Certified Ethical Hacker, Security+, Linux+, LPIC-1, PCNSE, A+. On his blog, he shares opinions and techniques mostly centered around information security, https://blog.ecapuano.com.

Michael A. Curtis (Mike) has over 20 years of experience in the security field and has held several key leadership positions at Rollins, Virtual IT Experts, this.com and BellSouth.net. Additionally, Mike is active in the security community having served as a past member of the Symantec Customer Advisory Board, and is an officer in the Atlanta (ISC)2 Chapter. Mike holds a BSEE, cum laude, from Northeastern University, an MBA from Bentley College and a CISSP.

Richard Davis has over 22 years of Information Technology experience, more than 10 of which in cybersecurity/information security. He received his first computer in 1984 at the age of seven, and became immediately enamored with technology.

After graduating high school, Richard enrolled in college and opened his own computer company, providing high-performance custom-built PCs, service, networking, consulting, and training services for businesses and individuals throughout the North Georgia area. He sold the company after 10 successful years, and then spent nine years at a state college within the University System of Georgia. While there, he served as Network Support Specialist, Information Security Officer (ISO), and later Chief Information Security Officer (CISO).

Richard currently serves as Executive Director of IT Security for Embry-Riddle Aeronautical University. Richard has a Bachelor of Science in Cybersecurity from the University of Maryland University College, and holds 22 industry certifications, including CISSP, CCNP Security, CCNP Routing and Switching, GCFA, GCFE, and GPEN.

Richard also creates YouTube videos on a variety of security topics, including digital forensics and incident response, writes software for macOS and iOS, and is very involved in the information security community.

GitHub: https://github.com/13Cubed

Website: https://www.13cubed.com

YouTube: https://www.youtube.com/user/davisrichardg

Jeremy Druin works as an internal pen-tester, incident responder, and defect-remediation expert for a multi-national transportation logistics company. Other responsibilities include web vulnerability assessment operations, setting application and database security standards, creating developer training programs, and teaching developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae 2.x training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.

With a bachelor's degree in computer science and an MBA, Chris performs penetration tests to help businesses understand and manage their online risk. He also holds a commission in the Army National Guard and has worked roles from international partnership management to red team on large-scale cyber exercises. 

Passionate about information security education, Chris has spoken to thousands of students in dozens of Maine high schools and contributes to (ISC)2's Safe and Secure Online materials. He holds CISSP, OSCP, GSEC, GCIH, and GWAPT certifications. 

Outside of work, he enjoys spending time with his wife and four kids and volunteering at his church.

Craig Galley is an Information Technology Professional with accomplished work experience in the Security industry since 2001.  He earned a Bachelor of Science degree in Information Science from the University of North Florida.  Early in his career, he was responsible for deployment and management of network prevention controls for a private sector organization.

Craig's career focus shifted exclusively to application development with a desire to lead secure coding best practices while chaired on Information Security Steering committees and managing large development projects and teams.  

Craig's certifications include GSEC, GISP, CISSP and CSSLP.  In his current role as an Information Security Officer, Craig manages and directs an Information Security Program in the public sector.  He is also active in Information Security groups, with volunteer experience as a Vice President.

Matt got his start in the technology field by joining the US Army and serving as a satellite terminal operator for 5 years. Since the Army, he has worked as a firewall technical support technician, network engineer, systems administrator/engineer and a security analyst in the defense contracting world. He currently works as a security researcher doing threat analysis, threat hunting and penetration testing. He is passionate about using technology for good and educating technical and non-technical people about InfoSec issues.

Charles Gifford (Chazz) is a recognized expert within cybersecurity and has been working in the information technology and security field since 1997. Over the course of his career, Chazz has held various technical and leadership positions within the Aerospace and Manufacturing Industry. Chazz currently manages a Global Security and Risk Team for a fortune 500 company that spans everything region. Chazz?s latest scholastic achievement is graduating with honors from the University of Maryland University College in the Masters of Science in Information Technology focused in Information Assurance. Chazz has specialized in mentoring, metrics and measuring effectiveness of security teams throughout the last 7 years of experience.

Gabriel Gomez is a Senior Manager with KBRwyle who is leading a team in the A&A efforts for Defense Health Agency. His is well versed in NIST's RMF and the Asses and Authorization process. Gabriel has also been part of and lead Pen Test's for commercial banking as well as forensics investigations. He loves learing new technologies and staying on the cutting edge of the industry. Gabriel's background includes 8 years in the Marine Corps and 15+ years in Defense Contracting. His positions included Contract and Project Management. IT Manager and PMO Security Engineer, Adjunct Professor and Technical Instructor. Gabriel holds a Master's in Information Technology Management along with numerous certifications including: CISSP, PMP, CEH, CNDA, FQNV, RMF, Security+ ce, CTT, Network+ ce, A+ ce. Gabriel has attended the following SANS courses: SANS 401- Windows Forensics SANS 410- ICS/SCADA Security Essentials SANS 508- Advanced Incident Response and Digital Forensics SANS 515- Industrial Control Systems, Active Defense and Incident Response Gabriel is currently working on his GISCP and GRID certifications. One of Gabriel's passions is being an instructor/coach. He has taught at the college level as well as volunteered to teach Cyber to Elementary school grades. Additionally he coaches youth baseball and has applied to be a mentor to the Wando High School's Cyber Patriot Program. Gabriel's thirst for continuing education is what keeps him teaching. He has learned a ton form his students while educating the future of the Cyber workforce. He believes that SANS is the Industry Leader in Cyber Security Education and is thrilled to be part of an organization that prides itself on producing the best instructors, student experience and content in the world.
Matt Helin has over 10 years experience in the IT and data communications field. He is a former network and systems engineer who has shifted his primary focus to all things information security for the past few years. He holds the CISSP and GCIH certifications and currently works in the information security department for a high profile e-commerce company. Matt is excited to mentor SEC 504 because it is generally a person's first exposure to common hacking tools. Witnessing first hand how systems are breached can be amazing, alarming, and eye opening.
Bob is the CIO for a Software as a Service provider that provides services to foundations and financial institutions. He began his career as a Network Engineer in the United States Air Force where was also a Systems Administrator and Lead Information Technology Instructor. Upon leaving the Air Force he developed and instructed technical courses and has been working in Technical and Security Operations for the past 15 years. Bob holds professional certifications, including CISSP, GIAC GSEC, and GIAC GCIH.
Mark has been in IT for almost 20 years. He started in Security in 2000 when a UNIX box cost $250 grand. He currently manages a team of Security Analysts as he builds a SOC at a Financial Services company. He is excited to bring his energetic teaching style to SANS students. Check out his 2016 BSides Cincinnati talk on You Tube! He's worked for a CPU manufacturer where he helped launch a motherboard, a physical security company, and a Fortune 50. He helped a bank achieve their first PCI compliance. He's helped secure a research foundation. Hal gets embarrassed every time Mark reminds him that his first SANS class was Track 6 at Network Security in New Orleans before Katrina moved it to Las Vegas. He holds 3 SANS challenge coins. SANS history: Track 6 & 8, Business Law & Computer Security, SEC503, SEC504, SEC505, SEC508, SEC558, FOR508. He's held GMON, GCIH, and GCFA certifications.
Shawn has over 17 years in the field of IT and 10 specifically in an Information Security role. Currently Shawn has taken a position as the Information Security Officer at the University of California School of Medicine. In this role Shawn is responsible for building a robust security program to meet the needs of both educational and healthcare requirements. His responsibility is to implement the policies, standards and procedures to build the framework for this security program. Once the framework is in place his responsibilities also deal with building a security team and implementing technologies and best practices to support this security program. Throughout his career Shawn has had the opportunity to implement many security programs and technologies including encryption, next generation firewalls, IPS/IDS systems, vulnerability management and data loss prevention. Shawn holds many industry certifications including the well known CISSP, GSEC and GCCC. Shawn is always continuing his education and will be taking many more SANS and other security courses. Shawn is excited to have the opportunity to get more in touch with the individuals that are in the security industry near him. He looks forward to being able to pass along some of his experiences and lend a helping hand to the next generation of security professionals.

As an information security professional, Azeem has accrued years of experience in security engineering, incident response, digital forensics and vulnerability management. A firm believer in ongoing education, he works hard to keep his base of knowledge current and up to date. Although he holds accreditations from such industry leaders as GIAC, ISC2 and Access Data already, he is constantly looking for ways to learn more and to gain a better understanding of his field, attending and volunteering at conferences such as Shmoocon and Blackhat.

Azeem is a natural people person who connects easily with people from all backgrounds. He enjoys working with and mentoring people who are motivated to the same extent that he is, and he takes real pleasure in discussing the security field. A strong advocate for continued progress in the security field, he speaks eloquently and listens closely, knowing that there is always something for him to learn and share.

Azeem looks forward to serving as a mentor as a way to provide value to the community that has become so much like home to him over the years.

Jason Kinder has over 20+ years of experience in the IT and InfoSec industry working in the private sector as a network administrator, network engineer, and then moving to manage a distributed IT group before making the jump over to InfoSec.  The jump over to InfoSec has put him in a position to manage InfoSec Operations for a multi-billion dollar defense contractor battling some of today's shared adversaries.

Through the course of his career his has gained the MCSE and CNE certs back in the day and worked hard to achieve the CISSP certification and more recently his GCIH & GMON.  Backed by a breadth of technical skill and knowledge, it also takes some keen business sense and acumen to properly navigate today's corporate environment.  While working in IT, Jason earned a Bachelor's of Science Degree from Wright State University in Dayton, OH in 2001 followed by an MBA with a concentration in Management, Change and Innovation also at Wright State University in 2009.  The technical and business skills he has amassed over his career are key to being successful and properly understanding today's security landscape and how it impacts the business.

Jason is very excited about the opportunity to Mentor SEC504 as a way to give back to the community, broaden people's minds, and train the InfoSec staff of tomorrow.  The challenge is here and now with adversaries evolving and regularly knocking on our doors.  Jason will help students be better prepared to identify and deal with these challenges on a regular basis.

Kory started his career as a controls engineer developing custom control logic and HMI interfaces for a machine automation company from 2001 to 2008. All machines were designed, manufactured and commissioned in house for the customers specific and unique needs. This also included basic networking, operating system configuration and deployment, and database design (but the world was much simpler then or was it with no Plug and Play functionality?). In 2008, Kory transitioned to the power industry working as a project engineer in controls for a period, working on DCS, PLC, HMI and SCADA systems for small to medium sized projects. Following that, moved into the reliability engineering department ensuring the uptime and reliability of the plant equipment and executing enhancement of the cyber security systems for NERC compliance. He transitioned after that to the Manager of Industrial Controls position, which is currently held today, leading the group of engineers and other professionals in all aspects of the industrial controls systems for the fleet of assets. Following events such as Stuxnet, BlackEnergy and others, cyber security of the controls systems have become paramount and forms the bulk of day to day activities.

Vincent LeVeque is a Business Information Security Officer for American International Group (AIG), a global financial services company. Vincent teaches information security classes for UCLA Extension. He is the author of the book, Information Security: A Strategic Approach, published by IEEE/Wiley. Vincent received his Masters of Science degree in computer science specializing in information security from James Madison University, one of the first programs certified as an NSA Center of Academic Excellence in information security.

Nathan Lock graduated with M.S. in Instructional Design and spent several years creating online college courses, designing lectures and curriculum, consulting law enforcement instructors, and creating computer based training modules. Then he decided to enter into computer security. Nathan developed a highly technical foundation from serving in the Air Force as an Integrated Avionics Technician. In order to enter into the field of computer security, he attended night classes and was self-taught enough to acquire Security+. From there he began working as a technical writer for Blue Canopy and excelled by establishing incident handling procedures in accordance with NIST SP 800-61 R2. During this time, he completed self-paced learning to achieve a CEH. Soon after, Nathan attending a GSEC bootcamp taught by Paul Henry. The experience changed Nathan's perspective on IT security and he pursued more training and SANS certifications. Attending a local GIAC Incident Handler training and then a GIAC Intrusion Analyst bootcamp, Nathan looks forward to acquiring these certifications and continuing onward.

Gareth started his professional career as an electrical engineer and has worked in Information Technology for almost 20 years. In addition to fulfilling the role of Security Officer, Gareth is the Director of IT Infrastructure and the IT Service Center teams at the Clerk & Comptroller, Palm Beach County. Prior to joining the Clerk's Office in 2008, he was the IT Manager for Pepsi-Cola Bottling where he successfully led the recovery of IT Operations following a devastating tornado hit in 2003. Gareth currently holds CISSP, CEH, GMON, Security+ and ITIL v3 certifications, as well as a Masters Degree in Computer Information Systems from Nova Southeastern University, which is designated by the NSA as a National Center for Academic Excellence in Information Assurance Education. Gareth is a member of Upsilon Pi Epsilon International Honor Society for the Computing and Information Disciplines and is an active mentor for the Multi-State Information Sharing & Analysis Center (MS-ISAC) mentoring program for new security leaders. Gareth teaches information systems and security as an adjunct instructor at both the undergraduate and graduate level as well as Network+, Security+ and Microsoft certification prep courses. Mentoring CISSP is an exciting opportunity for Gareth to share his almost 20 years of professional experience with the community and to teach the CISSP Domains through practical application.

Ken May is the CEO and co-owner of Swift Chip, a full service IT firm servicing all of Southern California. Hes been a resident of Ventura since 1999, is married to his wife Debbie, and has 3 daughters and a son. He has a Masters Degree from SBCOM, a Bachelors in Liberal Arts from Thomas Aquinas College and has written 3 books and numerous articles. He has been Voted Top Channel Influencer of the SMBnation 150, and carries numerous certifications from HP, Microsoft, Cisco, Symantec, Dell and more. Recently, he was chosen by his peers to be elected to the CompTIA Managed IT Services Community Executive Council, where he will directly influence the education and guidance of their international IT community. Ken is also a Commissioner for the City of Ventura, CA, where he works to help promote the Arts in his community. He enjoys music, martial arts, movies and SCUBA diving. Mr. May strongly believes that it is important to be actively involved in the community, and that one should always try to keep the Big Picture and long term goals in mind when solving immediate-need issues, whether it be in business, community or ones personal life.
Bryan McAninch is an information security professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture. He holds a Bachelor of Science in Business Administration from the University of Texas at Dallas and a Master of Science in Information Assurance from the University of Dallas. Bryan is passionate about information security and giving back to the community. He is an organizer of the North Texas Cyber Security Group and owner of Prevade Cybersecurity.

Hai Nguyen started his career in Information Technology in 1996. He has held various job roles in Information Technology from End User Support Lead, Infrastructure Engineering Lead, Software Developer Lead, and Security Analyst Lead.

Hai is extremely self-motivated and self-taught. He enjoys taking apart new technology from software to hardware just to learn how to put them back together. When he is not taking things apart, he is constantly writing code or reading about new technology.

Hai holds multiple SANS certification including GSEC, GCIA and GCIH. He got involve in providing security awareness training in 2014 and is currently working towards becoming a security instructor. He is very excited about being a mentor with SANS as it covers a broad range of disciplines in Information Technology which he is very experience in.

Jason is passionate about security and is thrilled to have the opportunity to enable others with a similar passion. A thorough techno-nerd with experience as a developer, sales engineer, and security professional, Jason has a wide-ranging skill set which enables creative approaches to red-team challenges. Jason holds Security+, Network+, Certified Ethical Hacker, and GPEN certifications.

Brandon C. Poole is SOC analyst for an electric & gas utility company in the southeastern US. He brings with him 10 years of IT experience in system administration, network administration, disaster recovery, and information security. During this time Brandon has helped various employers setup & run vulnerability assessment/management, business continuity, security assessments, and change management programs across nonprofit, government & private sector organizations.
In addition to the above experience he also maintains numerous professional creditable such as GSEC, GCWN, GCIH, GCCC, CEH, CompTIA Security +, CompTIA Network + and IBM QRadar SIEM Analyst as well as being a member of ISSA, InfraGard, and the GIAC Advisory Board. 
When Brandon isn't at work he can be found further sharpening his skills in his homelab, writing Python or PowerShell scripts to automate security workflows, tweeting on Twitter (@bcpoole_sc), working on his new blog bitsbybrandon.com, or mentoring others in their IT and/or Infosec career.

In the early 2000's Andrew Rozema worked as a systems and network administrator for a major media company whose claim to fame was getting Lincoln elected, but that happened a long while before he started working there. After a couple of virus outbreaks including Sasser and CodeRed the company decided somebody should know something about information security, and sent him to his first SANS GSEC class. After which he immediately went back to the office and changed ALL the passwords. That class sparked a passion for information security that's been with him ever since. Since then in addition to roles in that media company involving IT administration, management and security; he worked his way through both a baccalaureate degree and Masters degree in information security and discovered a passion for not only learning about information security, but teaching it as well. After teaching a couple of night classes at the local community college, he was hooked, and when a full-time faculty position opened up, he made the switch. Now Prof. Rozema is the head of the department of Computer Information Systems at Grand Rapids Community College, as well as an Assistant Professor, still responsible for teaching information security as well as classes in Linux, shell scripting, JavaScript, Secure Mobile Application Development and some very exciting classes in penetration testing. As department head his focus is now to bring the program in line with both the CNSS and NICE framework for national accreditation. Prof. Rozema still accepts select consulting engagements and advanced teaching opportunities to make sure he stays on the cutting edge in technology and grounded in what IT looks like in the real world.
Louis Scharringhausen is a principal in CRAs Forensic Services practice, specializing in digital forensic and cyber investigations assisting clients and their counsel in independently responding to allegations of fraud, abuse, misconduct, intellectual property theft, and non-compliance. A former federal agent, he has more than 20 years of experience in investigation with 15 of those conducting complex computer forensic investigations for matters concerning intellectual property theft, computer intrusion, and unauthorized use. Mr. Scharringhausen is frequently called upon to present findings of his analyses through expert opinion reports, affidavits, declarations, and testimony in federal and state courts. Mr. Scharringhausen has performed forensically sound collections and analyses on computers, laptops, servers, mobile devices, and cloud storage platforms. Mr. Scharringhausen is an EnCase Certified Examiner and a Global Information Assurance Certification (GIAC) Certified Forensic Analyst. He has spoken at the Paraben Forensic Innovations Conference (PFIC) on forensic analysis techniques. In addition, he served as a technical editor on McGraw Hills 2nd edition of Hacking Exposed: Computer Forensics.

Austin Taylor has an extensive background in Defensive and Offensive Cyber Operations and has performed incident response for some of the world's top Fortune companies. His expertise includes penetration testing, data science, threat hunting and User and Entity Behavioral Analytics (UEBA). He is the co-author to "Crash Course in Data Science for Hackers" which is taught annually at Blackhat and author of "How to Build a World Class Monitoring System for Home, Small Office, or Enterprise Networks". In his off time, he teaches programming and conducts training at conferences. He currently serves as a Cyber Warfare Operator for the United States Air Force and works at IronNet Cybersecurity as a Senior Security Researcher. Austin holds multiple industry certifications including CISSP, GMON, GCCC, GCIA, GCIH, GCPM, GSEC, GPEN, CEH, VCP, CCNA:Security

Andy Thompson, has 20 years in the fields of Web Development, Systems Engineering/Administration, Architecture, and Information Security. Currently, he is the Customer Success Strategic Advisor in the Southwest region for CyberArk Software. He works with Fortune 500 clients to ensure they are properly deploying their privileged account security programs and leveraging cybersecurity best practices. He's also an public speaker, who continues to speak on the topics of cybersecurity. He's a active member of the Dallas Hackers Association and Shadow Systems Hacker Collective. In his free time he enjoys "travel-hacking" and going on fantastic adventures all over the world with his wife and two girls. Andy holds a Bachelors of Science in Information Systems from the University of Texas at Arlington as well as the GIAC GPEN certification, and CISSP from (ISC)2.

Eric is an accomplished governance, risk and compliance specialist and author set to publish his first book titled: Building a HIPAA Compliant Cybersecurity Program in late 2017 or early 2018.

In his GRC role as the Director of Compliance at Blue Health Intelligence (BHI), Eric leads efforts to increase cyber security maturity in several domains including governance, policy and controls, risk management, cyber security strategy and business alignment. He established the risk management function which includes assessment, analysis and treatment of risks, threat and vulnerability management strategy and due diligence requirements for assessing third-party risk.  Eric also assesses cybersecurity technology capabilities recommending enhancements to current solutions and new capabilities required to meet risk reduction requirements.  

Prior to BHI, Eric spent seven years at Ernst & Young (EY) in the Advisory practice where he specialized in helping healthcare organizations (providers, payers and business associates) solve problems related to information security, risk management and compliance.  Eric lead HITRUST Common Security Framework (CSF), cybersecurity program management and third-party risk management assessments. 

Jim Voorhees was named MSISM Program Director of SANS Technology Institute (STI) in November 2011. A graduate of STI, Dr. Voorhees has had a varied career in government and private industry. He earned his Ph.D from the Johns Hopkins School for Advanced International Studies after earning degrees in International Affairs from the George Washington University and working on the editorial staff of the International Food Policy Research Institute. After writing a book for the Kettering Foundation (Dialogue Sustained) and experience with Kettering, the Congressional Research Service, and IREX, Dr. Voorhees entered the IT industry as a technical writer, he quickly moved on to systems administration, then IT security and SANS. He has worked on security at several government agencies, including the FBI and the IRS, and currently works for Sage Management as a Network Security Engineer on a DOD contract.

Brian Willis is a cyber-security expert for CSRA based in the DC area. He has been providing Unix/Linux administration and cyber roles to private industry and government for 18 years. Currently his role is running cyber systems that protect the federal government. Before that he managed systems at NOAA's National Weather Service in various operational roles. Through his years of experience he helped draft security guidance for interagency communication via disparate application stacks using application layer security proxy devices. Other projects include NIST/FISMA security, security scanning, PKI key creation, network packet dumps, etc. He enjoys understanding how things interconnected and then evaluating how they are vulnerable or prone to failure. All this interest started with Amateur Radio and has led to a passion for all thing technical and mechanical. He holds the CISSP, GCUX, and CCSK.