Last Day to Save $200! Choose from six courses offered in Northern Virginia- Alexandria

Mentor: Bios

Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

David Bernal Michelena holds a bachelor's degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since June 2015 he serves as a cyber security researcher in Cyber Security Group in Scitum, a large consultant company in Mexico and Latin America. David's main activities are malware analysis, cyber threat intelligence, digital forensics and writing yara and snort rules to detect those threats and protect customers. David also performs ethical offensive activities and writes custom tools that are used in controlled environments to verify that security products do what they claim to do. 
From July 2013 to June 2015 David was a member of Security Events team at Alstom, a large company in energy and transport solutions protecting the endpoint environment of about 90,000 hosts distributed worldwide. In his time in Alstom his main activities were incident response, malware analysis and remediation, forensic analysis, IPS/IDS and SIEM management.
Formerly he served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitum's customers. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
From August 2009 to July 2011 he worked as a forensic analyst and incident handler in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico. David is GXPN, GASF, GREM, GCFA, GCFE and Access Data certified. He likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to swim and play the piano.

Mr. Bluml has been performing computer related investigations for over twenty years. His investigations have ranged from simple data theft to more sophisticated hacking efforts involving multiple computers, to intellectual property theft with attempts to hide the activity or manipulate the data via date and time changes to the computer. He has also been involved in employee fraud cases involving expense report falsifications, credit card fraud, and identity theft. He has spoken at numerous national and international trade conferences on the subject of computer forensics and related investigations. Love sharing knowledge and teaching people that are really interested in the material.

After earning a degree in Electrical Engineering at Stevens Institute of Technology, Craig Bowser started in IT as an officer in the US Air Force where he managed, optimized and performed troubleshooting on networks at Air Force bases around the world. In 2000, when he was stationed in the Washington DC area, he took over as Chief of Network Security for the Defense Information Systems Agency (DISA) intranet. While there he obtained his GSEC from SANS in 2001. After separating from the military, Craig worked for several government contractors in a variety of information security roles including accreditation, security engineer, incident response, security analyst, and security manager. In 2006, he obtained his CISSP and in 2011, Craig attended SEC501 and earned his GCED. Soon after, Craig was invited to a new infosec user group starting to meet in Virginia called NOVA Hackers (NOVAH). The requirement for membership in NOVAH was simple: each member needed to give a 10-15 minute talk on a regular basis. So Craig started giving talks. Even though he was an experienced briefer from his time in the military, giving technical talks to an audience with varied technical experience taught him to be prepared in new ways. First, he needed to be prepared to know answers he didnt think he needed and second, the importance of learning from the audience. This actually taught him something else: Always have a notepad to take notes when speaking! Participation in NOVAH inspired him to learn python. This helped him to deal with his frustration regarding the alerts he received at the job he had at the time by automating much of the manual review. Participating in NOVAH also led to opportunities to attend local conferences such as Shmoocon and BsidesDC. The firehose of information was overwhelming at first, but with the help of his growing friendships in the community, Craig was able to absorb more and more of the knowledge and apply that knowledge at work. As Craig grew in his skills and knowledge, he found himself increasingly helping others at work, teaching them and leading the way in implementing new methodologies. Soon, during conversations at security conferences and at NOVAH, Craig found himself answering as many questions as he asked. Thats when he realized he needed to give back to the community that helped him by sharing the knowledge, skill, and methods he had gained over the years. And so, in 2015, he researched and crafted his first talk and submitted it to several conferences for consideration. That year he was accepted and spoke at three conferences, BsidesCharm, SANS SOC Summit, and SANS Cyber Defense Summit. Since then, Craig has given talks at every SANS SOC Summit, DerbyCon, Shmoocon Epilogue, and the SANS SIEM Summit in addition to keeping his membership active in NOVAH by speaking regularly and he volunteers on staff at BsidesCharm and BsidesDC. Since 2012, Craig has been the senior security engineer responsible for building and maintaining multiple SIEMs for a government agency. Being responsible for multiple SIEMs brought multiple disciplines from his career into one job. Security Engineering was required for him to architect the system so that it could manage the amount of logs being sent and to design how the logs would be captured and archived. Security Analysis was required so that he could design searches, alerts, reports and dashboards that identified anomalies in the enterprise and use the latest threat intelligence to find attacks. Incident Response was required so that when an alert was raised, he would know what to look for, in which logs to look, how to confirm or deny that a security event had taken place, and if so, how to track on-going activity to ensure that all everything malicious is identified and removed. Security Management was required to understand how the SIEM supported current policies and procedures or create opportunities to develop new ones. While he doesnt use other disciplines as often, there are times where an understanding of security law, application security, certification and accreditation and others have been important to ensuring that the SIEM succeeds in the organization. Managing the SIEM has caused Craig to mature as an infosec professional and expanded his areas of knowledge and skills. Craig is looking to find new ways to grow in his career, help others and give back to the communities that helped him.

He maintains a website at where he maintains a blog and also posts slides from some of his past presentations.

He is stoked to have an opportunity to teach others while learning from students and fellow instructors. And have fun all the while!

Marcelo has been working with information security and carrying out computer forensics investigations for over 20 years. He worked with incident response / computer emergency response, was responsible for conducting investigations, responding to networking intrusion attempts, investigated and handled privacy-related incidents and consumer complaint in liaison with Legal and Human Resources departments, analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, including offering remediation strategies, investigated and immediately worked to stop leaks and inadvertent disclosures of confidential information and developed policies and security awareness programs, working with highly sensitive information in a team environment.

He analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place. Audited, verified network security and gave recommendations to improve network security. Executed wireless evaluations and security auditings. Advised organizations with current information about information security technologies and issues and researched and recommended solutions. Wrote user manuals on security software and computer, email and Internet use policy. Developed and implemented user security awareness programs, with seminars, conferences, folders, newsletters and helpful suggestions. Designed and reviewed Windows and Linux security architecture.

Marcelo has assisted task forces in lawsuits as a technical assistant, acting as an expert witness in civil and criminal trials. He assisted in computer crimes (cybercrime) investigations and was responsible for establishing many procedures at the Federal Prosecution Service, such as evidence's chain of custody. He performed customer data analysis of data requested from banks and telecommunication companies, as requested by Brazilian Attorneys. He wrote, compiled and edited reports of security activities. He has also worked as an associate professor at some universities and lectured at the most important Information Security conferences in Brazil. He maintains a webpage dedicated to Digital Forensics and Incident Response (in Portuguese):

Finally, he holds a Masters degree in Computer Science, a Master in Bussiness Administration (Public Administration) and a Bachelor degree in Information Systems. He also has some certifications, which illustrates his passion to learn: GIAC Certified Forensics Analyst (GCFA), GIAC Certified Incident Handler (GCIH), CISSP (Certified Information Systems Security Professional), CHFI (Computer Hacking Forensic Investigator) and EnCase Certified Examiner (EnCE).

Mel Drews has been on both attack and defense sides of security throughout the public and private sector for more than 15 years. He's covered numerous roles in organizations large and small, including solutions engineer, analyst, auditor, penetration tester and consultant. His current role is in a global 50 financial services firm assuring software security.
When not coding projects or studying for the next big thing, Mel is combing the forest floor for fungus in West Michigan or playing racquetball.
He holds the GWEB, GCFE, and GCCC certifications, as well as CISSP, CISA, and CISM.

Jeremy works as a security penetration tester, application security consultant, and defect remediation expert for UPS. Jeremy is also the owner of Ellipsis Information Security and teaches courses for SANS Institute.

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel.

Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.

Family, Gadgets, games, aerial photography, great food and craft beer are some of Paul Dumbleton's passions. Hailing from the the United Kingdom via California and now Michigan, Paul completed his Bachelors in Information Technology from the University of Phoenix in 2004 while working for Herman Miller in Zeeland, Michigan. After a recent transition to Perrigo, Inc, he now manages and oversees Global Security Operations and Engineering. Paul's passion for Information Security and Technolgoy has spanned more than 25 years. He continues to be motivated by setting goals that challenge his experience and knowledge, and admits that he continues to learn something new everyday. This translates directly into his success protecting Perrigo from evil (according to his boss) and helping the great people he works with use information resources securely.
Andrew Dunsford is currently the Director of IS Risk at Wawanesa Insurance, responsible for cyber security. Prior to joining Wawanesa, Andrew spent ten years at a consulting organization, working with clients from various industries across Canada. Andrew holds multiple certifications: GSEC, GCIH, CISSP, CISA, CISM, CRISC

Leron is a 10-year active duty US Navy military member with 4 years in an information security position. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more. He enjoys competing in as many CTFs as possible, and also often performs as a nerdcore rapper.

He currently holds the GPEN, GCFE, and GPYC certifications. He also maintains a blog at

Stanley got his start with computing and security at an early age. Having received a computer at age four, his curiosity with all things technology was cultivated by his parents. By age 13 he was trolling IRC channels and Usenet forums, running a small dialup BBS, and teaching himself computer networking, scripting, brute forcing, and password cracking. For his college career at Georgia Institute of Technology, he switched gears to pursue knowledge of electrical and computer engineering as he felt a degree in computer science would not be challenging enough. Through his education he discovered the microcosm of transistors and bits, gaining deep insight into how computers operate at the chip level. He used that knowledge as an intern at Texas Instruments to develop firmware for their DSP line of microprocessors in one summer session and to optimize testing routines on production semiconductor wafer batches in a second session. Another pivot led Stanley to a research position while pursuing a Masters degree at University of South Florida under the tutelage of Dr. Rich Gitlin of Bell Labs fame. There he developed software defined radio test platforms using FPGA systems in VHDL to assist PhD candidates to obtain data on novel wireless modulation schemes for use in medical applications such as in-vivo wireless networks. Ultimately, he chose a career in information security, which has revealed itself to be his true calling. He is extremely passionate in the field and his greatest motivators are the pursuit of knowledge, uncovering truth, and solving complex problems. Stanley is currently employed by Deloitte in its Managed Threat Services division, a MSSP SOC offering continuous monitoring service to commercial and public sector entities. His role is a multifaceted combination of senior security analyst, security engineer, and analyst manager. He has significant experience using all the major SIEM technologies in the pursuit of evil by running digital investigations to identify malware, insider threats, weak configuration, and other anomalies that reside on enterprise level networks. He has also been actively performing engineering development, correlation content, and maintenance of several SIEM deployments. He frequently gets called in to assist with incident investigations as a technical asset providing analysis on log activity, network capture data, and an occasional forensic image. His repertoire of GIAC certifications by SANS are in the areas of incident handling (GCIH), digital forensics (GCFA), and network forensics (GCNA).
Rick is a Security Engineer for G2, Inc and has over 15 years of experience in the IT field, with 5 years specifically in InfoSec. Rick started his career as far from InfoSec as possible: as an Aircraft Armament Systems Specialist in the USAF. Mr. Hidalgo had the opportunity to cross-train into a field that allowed him to perform client support and Information Assurance duties, which then allowed him to take a position with the Department of Defense (DoD). While with the DoD, Mr. Hidalgo performed network and endpoint analysis, performed adversary emulation and conducted cyber operations as an interactive operator as part of a Red Team. Mr. Hidalgo has had the privilege of experiencing a broad range of technical fields, including network analysis, intrusion detection, penetration testing, malware analysis, reverse engineering, and digital forensics. Mr. Hidalgo is passionate about educating and mentoring future InfoSec professionals. Rick has volunteered as a Red Team member for the CyberPatriot National Finals for the past 3 years, and recently joined the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) Red Team. Rick was also an adjunct professor for a local community college, where he helped coached a cyber competition team and taught computer science courses. Rick is still active in cyber competitions, and takes the opportunity mentor and help other students grow in the field. He also performs independant consulting services and is a security researcher with the SynAck Red Team. Mr. Hidalgo holds his Bachelors in Cybersecurity from UMUC, and is currently pursuing his Masters in Cybersecurity from Excelsior College. He also holds a number of professional certifications, including GCIH, GAWN, GCFE, GCFA, GCIA, GPEN, and CISSP.

Dale Hobbs is a veteran of IT with over 18 years of experience starting out as a Junior Systems Administrator to his current role, Security Manager.

His background includes server and network administration, network architecture, network security, security policy development, adoption and direction setting in accordance with regulatory compliance and industry standards and currently holds the certifications of GSEC, GCIH, GPEN

Dale is excited about all areas of technology but most specifically network security. He is enthusiastic about sharing his knowledge and experiences with the next generation to help others achieve their IT related educational goals and embraces the opportunity to continuously learn and develop in his own career path.

James currently works as a Cyber Operation Technician for the Maryland National Guard.  His main function is to work with local defenders to make their networks more secure.  James has served in the Military for 21 years.  He has served in various positions with in a Windows environment, with his last assignment being a Systems Administrator for a small organization.  He also had additional duties of being the alternate Information Assurance Manager and Network Administrator.  James enjoys scripting and PowerShell so much that he became the admin that created the automation tools for the Sysadmin team.

James has a bachelor's degree in Management in Information Systems and is currently in the process of completing his MBA with an emphasis in Information Technology Management.  He is a graduate of the Army's 255-S school and hold the CISSP, 7 SANs Certifications (GSNA, GPEN, GCIA, GCWN, GCIH, GCFA, GSEC) and C|EH.

James enjoys giving back to the community by volunteering at schools and presenting the ISC2 Safe and Secure Online presentation to school aged children.

Now a recovering CISO with over 20+ years direct Information Security experience, Christopher Hudel's experiences demonstrate success (and reveals his most inner excitement) within the domains of application and product security, incident & crisis management, penetration testing ("red teaming"), security roadmap and strategy, security operations, evangelism and leadership. Christopher's career path careened both the very technical (developing penetration testing teams & methodologies, working incident response for both malicious internal threats and nation state advanced persistent ones) and the very strategic (as a CISO for industries ranging from retail through industrial manufacturing). Comfortable in front of either board (key- or -directors), Christopher brings a sense of "extreme common sense" to communicating and understanding risk related to highly technical topics. Christopher is an accomplished speaker, most recently served as an adjunct professor teaching information security graduate and undergraduate courses for the University of North Carolina in Charlotte, NC.
Duane Isaacs is an IT veteran with over 23 years of experience who began his career as a Computer Repair Technician at a local computer store and evolved into his current role as a Web Application Security Analyst for one of the top corporations specializing in Software as a Service (SaaS). His background includes over 10 years of development and implementing complex infrastructures and technical solutions for industry leaders, IT Management, server and network administration, network architecture, network security, security policy development, adoption and direction setting in accordance with regulatory compliance and industry standards. He currently holds the GWAPT certification. Duane is enthusiastic about all areas of information technology, with focus on automation and information security. He is excited to share his knowledge and experience with the next generation to help others achieve their IT-related educational goals and expand his mastery into new security arenas.
Jonathan Karchmer has over 15 years of experience in managing digital forensics and investigations. His background includes network administration, information security and electronic discovery project management. Jonathan frequently works on matters concerning trade secret theft. Jonathan has offered sworn testimony at deposition, hearing, and trial. Jonathan currently holds GCFA, GCFE, and GCIH certifications. He is excited about the opportunity to mentor FOR500 and share his enthusiasm for digital forensics with others.

Kevin has over 23 years of experience in Information Technology working in both public and private sector. The past 15 years have been spent working in the private sector for several large corporate law firms. With experience in Systems Engineering, and now a focus in Engineering Security, it is Kevin's function to not only design and implement technology solutions, but to do so securely, and at the same time, retrofit security solutions in to existing architectures. Kevin has pursued and achieved the GIAC GCWN certification, as well as the (ISC)2 SSCP certification. He is currently working towards the CISSP exam.

Mentoring this course would help bring additional real world experience to any student studying this material, and would find the intersection of theory and practice. Bringing the knowledge and the experience together will help students achieve the goal of using the information presented in this course in their own environments.

Bill has a Bachelor's of Science in Criminal Justice from the University of Alabama Birmingham and a Master's of Science in Technical Management from Embry Riddle Aeronautical University.  Currently he is working on his Masters of Science in Information Security Engineering through SANS Technical Institute and has numerous certifications through SANS.  Bill began his career in computer technology in the early 1990's while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills.

After a brief stint with professional baseball, Bill moved back to computers and started working for a DoD Contractor.  During the last 20 years, he has worked in various departments; Desktop Support, R&D, Client Engineering, IT Systems Engineering and Cyber Security.  The last ten years, Bill has worked within Information Security managing projects and working with various programs across multiple areas of Information Security.  He started working with SANS Instruction in 2012. 

Fredric Lauzier has been in the IT business since 2000. He was an IT consultant for two years and then enrolled in the Canadian Armed Forces as a Signals officer. He is still serving after 17 years and manages IT, Cyber, Radios, Satcom, among others, both in a deployed field environment and in a static strategic one. Over the year he acquired the ITIL Expert certification. He has also earned a Masters in IT from Universit de Sherbrooke and a Masters in Defence Studies from the Royal Military College of Canada.

He attended his first SANS course in Fall of 2018 and since always wanted to share his knowledge to other SANS learners.

Jason works for one of the largest financial institutions in the country as the Director of Cyber Security Operations Center focusing on internal security monitoring and response.  He has developed processes and procedures to reduce incident impact and cost, as well as early identification of incidents.  He has led teams responding and investigating numerous large scale incidents and APT attacks.

Jason also served as the President of the Atlanta chapter of the HTCIA and served on the board for directors of the Atlanta chapter of the ISSA.

On his off hours Jason enjoys teaching SANS Forensics curriculum as part of the SANS Mentor program.  He holds a Masters of Science in Information Security and Assurance (MSISA), and numerous security certifications such as: GCFA, GNFA, GCIH, GREM, GCCC, G2700, CISSP, CHFI, CEH and CISA.

Jason firmly believes that the only way to truly be secure is by educating others, and he lives by this principle. Furthermore, if you take the time and listen, you can learn from anyone, mostly from your students."

Michael Long is a Senior Cyber Adversarial Engineer with the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years of experience in information security disciplines including adversary threat emulation, red teaming, threat hunting, and digital forensics and incident response. Michael Long has a proven track record of service in the public interest. Michael served on countless cyber operations for organizations including the Army Cyber Protection Brigade and Army Cyber Command, the results of which he regularly briefed to commanding generals, strategic executives, and congressional staffers. With MITRE, Michael continues to apply his technical expertise to improve the cybersecurity of our nations most sensitive and critical networks. Michael has a Masters Degree in Information Security Engineering from SANS Technology Institute, and holds many information security certifications including the prestigious GIAC Security Expert certification (GSE). Michael is an avid contributor to the industry, and has authored three papers published on the SANS Reading Room and has presented his research at various conferences and webcasts including the SANS Internet Storm Center. Michael is extremely excited to share his unique lessons learned from the field to arm students with the skills they need to succeed.

For the past 16 years, Kevin has led high-performance teams of technical professionals at large-scale internet companies, with deepest experience in Network Security. Kevins 25+ year career in technology started when he was a CS student at UC San Diego, and has encompassed unix systems administration, secure software development, network security, and web site and SaaS performance and scalability. Kevin holds the CISSP, GCFA and GNFA certifications. Kevin is active in internet operational security efforts, and advises and invests in early stage technology companies.

Kevin is an extreme tcpdump enthusiast.

Dave Mayer is a Senior Security Consultant with InGuardians. Prior to joining InGuardians Dave was a member of the Red Team for a global financial organization and has almost a decade of experience working in healthcare both in Information Security and IT. In his spare time, Dave can be found tinkering with many house projects or reliving his fire department days when he was part of the Fairchild Fire Company in the Morris Township Fire Department. He held numerous positions ranging from Engine, Ladder and Rescue Operator to Battalion Chief. Dave Mayer graduated from State University of New York at Plattsburgh with a Bachelors in Computer Science. Aside from running into burning buildings, Dave currently holds the following certifications: GIAC GSE, GSEC, GSNA, GCIA, GCFE, GPEN, GXPN, GCIH, GWAPT, GAWN and OSCP

Chris is Principal Consultant at Utopia Consulting and an ASD certified IRAP Assessor based in Canberra. After starting his career on a help desk, Chris pivoted through system administration into security around the turn of the millennium. Working with the Fortune 100, retail, non-profit and the government sectors, Chris is focused on ensuring that technical and security measures are user focused,  risk aware and understood by all stakeholders. This has included work in security architecture, assessment, auditing, engineering and response. 
Check out his Soundcloud, Instagram (et al) @chrismewett. 

Jake Miller is an information security professional, primarily focused in offensive security. Jake is currently a penetration tester, but also has previous experience as a security controls assessor, SOC analyst, and system administrator.

Jake is a lifelong student, holding a variety of IT and cyber related certifications including GXPN, GCFA, GCIA, CISSP, and AWS Solutions Architect Associate, among others.

He blogs about security and coding at, and is passionate about sharing knowledge in the community.

Erich has been defending networks in the financial services industry for the last 3 years. In that time he has developed skills in areas such as Incident Response, Network Security Monitoring, and Vulnerability Management. In addition to being GIAC certified in Continuous Security Monitoring (GMON), he has his BS degree in Information Systems Security, and is also CompTIA CASP certified. Erich is eager to share his unique experiences all while delivering best in class instruction with SANS.

Jason Ostrom has helped over 220 organizations mature their Cyber Security programs by identifying business risks and improving their readiness for security incidents.  In his current role as Director of Technical Services for Zyston (, Jason leads the Offensive security practice and  provides support for client security incidents in potential data breaches.  Jason is also the courseware author and instructor for Zyston?s ?Top Gun? offensive security class modules.

Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses.  He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets.  He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues.  In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor.  He is the author of the ?VoIP Hopper? network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.  Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine.  Jason has spoken at many high-profile security events such as DefCon and ShmooCon.  He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security.  Jason currently holds the CCIE Security certification (including CCNA, CCDA, CCNP, CCSP) and GCIH, GCFA, GPEN, GWAPT certifications.  He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.

In his 28 years of service with the Kansas City Missouri Police Department, Mark has served in many capacities, including Patrol, Internal Affairs and conducting digital forensic investigations. In 2011 Mark was assigned as a task force officer at the FBI's Heart of America Regional Computer Forensics Laboratory (HARCFL).

As an FBI CART-certified forensic examiner he has conducted examinations on a number of state/local and federal cases involving child exploitation, homicide, network intrusions and terrorism. He has also provided court testimony on numerous cases regarding general crimes and digital investigations.

Mark is a mentor and training officer at the HARCFL and he has worked a number of cases since his appointment to the lab. He is sought out for his knowledge of forensics, electronics and Python programming. He has also used his programming background to create scripts which are used in the lab to streamline various functions. 

Mark has experience in HTML programming, Linux, Apple devices and cell phones. He holds the FBI certification of FE (Forensic Examiner), the SANS certifications GCFE and GPEN, CompTIA certifications A+, Net+, SEC+ and he has an Associate's Degree in Computer and Electronics Engineering Technology. This most likely explains his fascination with Frankenstein electronic projects with lots of little blinking lights - at least his wife would like to think so.

Mark is excited to share his knowledge of electronics and digital forensics with people who have similar interests, and employ problem-solving techniques to assist them, when needed.

Military Biography Bryan Rude Bryan Rude enlisted in the Army in May of 1996 under the Student Loan Repayment Program. He attended Basic Training at Fort Sill Oklahoma. Advanced Individual Training (AIT) was later conducted at Fort Bliss Texas. His first enlisted assignment as a Specialist was as a 14R Air Defense Artillery Driver at Fort Stewart Georgia. SSG Rude was selected for Warrant Officer training. WO1 Rude's first Warrant assignment was to the 1st Calvary Division at Fort Hood Texas. Assigned to the Division Artillery Brigade, WO1 became the BDE Automations Officer. Deploying with the reflagged 5th Brigade Combat Team (BCT) into Baghdad, Chief Rude had the distinction of completing the first Brigade level tactical fiber optic ring. Chief Rude re-deployed the following year into Kuwait as the Information Assurance Security Officer (IASO) for the South West Asia (SWA) Theater Network Operations Security Center (TNOSC). Upon completion of these two deployments Chief Rude was assigned to the 5th Signal Commands TNOSC as the IASO in Mannheim Germany. Chief Rude was promoted again to Chief in November of 2007. Chief Rude was the Project and later Program Manager (PM) for the Host Based Security System. Later, Chief Rude assumed the role of Assistant Project Manager and then (PM) for the Theaters implementation of System Center Configuration Manager (SCCM). These two programs combined provided Europe with the protection mechanisms to fend off all but a handful of infections during the Operations Buckshot/Rampart Yankee. Chief Rude completed Warrant Officer Advanced Course (WOAC) in August of 2008 where he also earned a Private Pilot License (PPL) and Certified Information Systems Security Professional (CISSP) certificate. Chief Rude participated in the Training with Industry (TWI) program working with Microsoft for a full year. Chief Rude trained over 400 Warrant Officers as the Senior Microsoft Instructor at Fort Gordon. Chief Rude completed the 255S course in 2013 attaining numerous GIAC certifications. His final Army assignment was as the Senior Cyber Advisor to the Southwest Asian Cyber Center (SWACC) Director, retiring from the Army in July of 2016. Bryan joined the MITRE team shortly after retirement from the Army. He has worked multiple projects primarily support the Army CIO-G6.

Greg Scheidel has over 25 years of hands-on experience in IT including desktop and server support, network design and implementation, application development and programming, IT service management, IT security, and information assurance. He currently leads a security program providing a full range of IT security services including SOC, incident management, risk management, penetration testing, forensic and malware analysis, cyber threat intelligence, security engineering, audit and policy SMEs. Greg firmly believes IT and security must serve business needs rather than exist for their own sake, and is passionate about teaching others while expanding and honing his own skills.

Steve Sharman is an IT professional working in DC. The Assistant Director of technology, his career has included Computer Audit, Software Engineer, Database Administrator, Software Architect, Software Project Manager, CyberSecurity Analyst and currently focuses on IT Risk Management. Heavily involved in writing Cyber security policy, tech contracts, evaluating security controls, and designing and securing web infrastructures. Mr Sharman is a CISSP and PMP and has a number of current certifications including GLEG, GMOB, CEH, CySA+, Sec+, Networking+, ITIL. Mr Sharman's varied background makes him a great candidate for mentoring a GLEG class with an ability to provide relevant examples in a host of different fields to technical and non technical alike. Trained as a physicist Mr. Sharman subscribes to the Einstein quote "The more I learn, the more I realize how much I don't know." A lifelong learner, Mr Sharman loves the idea of sharing knowledge with like minds in the Sans community.
Petr Sidopulos has been in the IT technology field for over 15 years and a full-time security practitioner for more than 6. His passion for understanding how things work under the hood dates to his childhood. Petr currently works for the Information Security Department at the Texas Comptroller of Public Accounts and holds numerous industry certifications, including CISSP, OSCP, OSWP, GCTI, GMOB, GCIA, GCIH, GCWN and GSEC. He received a bachelors degree in Information Science at the University of Economics in Prague, Czech Republic and a masters in Information Technology at the same university. Petr is focusing on offensive and defensive security, threat hunting and incident response. He demonstrated his security prowess by placing 1st in the NetWars Core (PenTest Austin 2017), 2nd at NetWars Core (PenTest Austin 2018) and 5th at DFIR NetWars (DFIR Summit 2018). Petr is passionate about educating people in cyber security. Petr held an extremely well regarded, hands-on hacking demo for his 140 IT and security peers using the SANS NetWars Continuous platform.

Andrew Skatoff has been securing and protecting critical infrastructure networks for the last 16 years. 
Raised by a Topgun Marine fighter pilot and a middle school special education teacher, he has always been driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a  better and safer place.
Andrew's love for computers started in college and after spending several years providing technical support in the energy and financial sectors, he achieved his MCSE certification. This led to his first info security job supporting a migration to active directory.  Andrew went onto champion, design and implement an automated compliance and vulnerability management program. He has been developing and leading incident response teams, a malware analysis function and digital forensics services for the past 12 years in critical infrastructure financial organizations. 
SANS FOR508 is one of Andrew's favorite classes! It combines incident response and triage analysis with full disk forensics in a way that  balances accuracy and efficiency in our increasingly demanding role as cyber defenders.  
Andrew currently holds GREM, GCFA, and CISSP certifications and is an Incident Response Manager at a large financial organization.

Check out Andrew's blog at: https:

Tom has spent over 15 years in the industry designing and implementing security controls for public and private institutions. He is currently a Senior Network Security Engineer for Webster Bank in Connecticut where he designs and deploys tools and systems for the bank's information security group. He currently holds a CISSP and GMON certification. Tom helps to organize BsidesCT and enhance Connecticut's information security community. I love passing on knowledge and helping fellow practitioners grow their skills!

Eric is an accomplished governance, risk and compliance specialist and author set to publish his first book titled: Building a HIPAA Compliant Cybersecurity Program in late 2017 or early 2018.

In his GRC role as the Director of Compliance at Blue Health Intelligence (BHI), Eric leads efforts to increase cyber security maturity in several domains including governance, policy and controls, risk management, cyber security strategy and business alignment. He established the risk management function which includes assessment, analysis and treatment of risks, threat and vulnerability management strategy and due diligence requirements for assessing third-party risk.  Eric also assesses cybersecurity technology capabilities recommending enhancements to current solutions and new capabilities required to meet risk reduction requirements.  

Prior to BHI, Eric spent seven years at Ernst & Young (EY) in the Advisory practice where he specialized in helping healthcare organizations (providers, payers and business associates) solve problems related to information security, risk management and compliance.  Eric lead HITRUST Common Security Framework (CSF), cybersecurity program management and third-party risk management assessments. 

Michael Truong is a Governance Risk and Security Compliance Officer at Capital Group where he coordinates multiple ongoing security and risk management initiatives from start to finish while working with various business units within the enterprise in implementing security controls and mitigating risk utilizing multiple industry accepted frameworks.  

Michael has worked in various financial sector agencies, including Experian, Farmers Insurance and KPMG, among others.  Michael works with many different levels of the organization?s tree to help the people, process and technology work in a more efficient and effective manner in the most secure and with the least risk to the business.  

Michael is a continual and passionate learner and loves to share his experiences.  He graduated from George Mason University and went to graduate school at Pepperdine University and holds multiple security/risk certifications from various organizations. (ISC2/SANS/ISACA).  He loves being in the outdoors (beach volleyball, Spartan races) in sunny California and loves to travel to other cities/countries to enjoy their rich history and especially the diverse food scene.   

Jerry Watson LinkedIn: Jerry Watson has a extensive comprehension of the importance of digital forensics in the law enforcement community. The ability to locate, understand, and report artifacts in a Windows environment are critical to the mission. Jerry understands this concept and utilizes his eight years of law enforcement experience to express the importance of Windows Artifacts and the SANS FOR500 Windows Forensic Analysis course. Jerry's teaches the fundamentals of digital forensics through passion and dedication for investigative analysis. Utilizing the experience of not only himself, but those who have provided guidance and knowledge along the way. Jerry is a firm believer that as forensic analysts, we must be willing to help one another in order to grow. Jerry began digital forensics with hardly any knowledge or background in computers. While he was interested in the concepts and wanted to expand his knowledge base, he was not forwarded the opportunity in the beginning. Once he experienced multiple situations on search warrants and interviews, he realized the true importance of digital forensics and what it can do for an investigation. With those experiences, Jerry began to understand what he truly wanted to be a part of and began attending courses. Jerry currently works in the field and is a forensic examiner for the Department of Defense. The lab provides digital forensics analysis of computers, cellular phones, tablets, removable drives, and numerous other items of evidence. The lab also provides technical assistance to the field agents and to the prosecutors. Prior to becoming a forensic examiner, Jerry worked as a General Crimes Special Agent, Special Victims Unit Special Agent, Digital Media Collector, and Evidence Custodian for the United States Army Criminal Investigation Command. Jerry still utilizes his free time to attend training and read digital forensic material. He is also an avid sports fan and is a Head Coach for an Amateur Athletic Union basketball team.

Michael Weeks is currently working as the SOC and Incident Response Lead at Fair Isaac Corporation. He leads a highly technical team of Analyst, Developers, and Incident Handlers in the daily monitoring of cyber security events for FICO. A graduate of the SANS Technology Institute Master of Science in Information Security Engineering Program and certified GIAC Security Expert, as well as a host of other SANS Certifications and the CISSP from ISC2. Michael is also a Chief Master Sergeant with the United States Air Force Reserve working in the 960th Cyber Operations Group as a Cyber Warfare Operator. The greatest privilege is the ability to mentor the future cyber warfare operators in hopes that they can help solve the many problems in cyber security.

Since 2011, Terrence Williams has embraced the United States Marine Corps saying, "Grow Where You Are Planted." As an active duty Marine, Terrence was placed into the cybersecurity world to satisfy "The needs of the Marine Corps." Turns out, being planted in the cybersecurity role is the best place for Terrence to grow his passion for Digital Forensics & Incident Response (DFIR). Currently Terrence Williams works in a Defensive Cyber Operations billet that requires him to conduct various duties in the DFIR realm. His young career has led him to operating on multiple enterprise networks supporting military operations that expand across the world.

Terrence's thirst for knowledge is the primary fuel for his passion for the various DFIR avenues. Terrence's background in DFIR covers smartphone and Windows forensics, including, vulnerability discovery and analysis, threat hunting, reverse engineering malware, network security monitoring, and Python coding. Terrence has participated in building multiple standard operating procedures for the up and coming Marines that will be in various cyber operation roles.

Terrence alternative passion is to share his knowledge with the world. At an early age, Terrence found that people around the world crave knowledge and need the opportunity to gain it. He has begun building his social platform to drive his passion by being a guest blogger on The guest blog appearance has inspired Terrence to build his own website Life is a Game of Choices ( to further expand his brand. Terrence is excited to fulfill his passion for sharing knowledge as a SANS Mentor to further reach people that want to feed their passion for knowledge.

Outside of work, Terrence finds his passion in sports, dog training, reading, and being a connoisseur of the world's food and spirits.

Ryan has been practicing information security for over a decade. He maintains a broad and deep knowledge of enterprise computing, risk management, and data security; and he enjoys sharing his learnings to help others secure their organizations.

With a heavy background in IT infrastructure, Ryan is technically proficient in both small and large-scale computing environment including all aspects of storage, network, and compute for both on-prem and cloud technologies.

He understands business value and process mapping and communicates these topics to business executives to better drive success through the organization. His ability to explain highly technical topics in a universally understandable message has enable Ryan to excel in implementations and organizational changes that would not have been possible otherwise.

Ryan has proven knowledge with multiple patents, publications, certificates, and system implementations provides his peers with real life experience and lessons learned to better solve challenges that exist in the field. He currently holds a CISSP, GISP, and also is a member of the GIAC Advisory Board. He also maintains an MBA with an emphasis in Organizational Change Leadership from Northern Illinois University.

Ryan is in continual pursuit of opportunities to share his knowledge and learn from others. Ryan enjoys giving back to the community and volunteers with various security community organizations and conferences to help teach others about information security.