SANS Miami 2020 | Eight Cyber Security Courses | Simulcast | Cyber Defense NetWars

Mentor: Bios

Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

Scott Anderson is a Technical Leader with Cisco Systems with Learning@Cisco. He has been with Cisco for over 10 years and specialises in Security, Routing and Switching. Prior to joining Cisco Scott has worked in various roles in IT and T industry for with a broad range of experience in Defence, State Goverment and Commercial customers Scott has a Masters Degree in Networking and Systems Administration from Charles Sturt University and currently holds a number of Industry Certifications including CCIE, CISSP, GNFA, GPEN, GCUX and GCIA.

James Arndt is a Cybersecurity Engineer for American Transmission Company in Milwaukee, Wisconsin. He focuses on dissecting whatever malicious email, documents, URLs, and executables come across his way. Besides incident response, he has his hands in endpoint security, vulnerability management, and access management.

James has spoken at various local and national conferences on topics such as incident response and reverse engineering. He has sucessfully taught SEC401 Security Essentials and SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling. You might also find James running after his four kids, playing guitar, or tinkering around in his basement lab.

Ivan Avilla is the manager of T-Mobile''s Cyber Incident Response Team (CIRT), a Cyber Protection Chief Warrant Officer in the Army National Guard and SynAck Red Team (SRT) member.  He has responded to hundreds of cyber incidents with varying levels of severity over his years with the DoD and T-Mobile.  He is experienced with high profile incident handling, legally sound investigation and forensic methods used in regulated data breach reporting, litigation and law enforcement referrals. Ivan holds a bachelor's degree in information technology from Western Governors University (WGU) and is currently pursuing a Masters Degree in Cyber Security from WGU. Ivan holds over 30 professional certifications in technology and cyber security. In the SANS community, Ivan has attended 15 SANS courses winning three challenge coins, obtained 13 GIAC certifications and has also facilitated one SANS event. In the military, Ivan has reached the rank of Chief Warrant Officer Two (CW2), completed multiple training courses both in technology and leadership and become a highly decorated combat veteran.

Joyce M. Baker, Ph.D., PMP, GSLC, CISM has been a leader in training and development for more than 30 years with an emphasis, for much of her career, on cross-cultural communication competence and management communication.  She has led largescale projects in both Training and Development and Software Development. As a lead information security manager for a Fortune 100 Government Contractor, she is responsible for the development of security plans, procedures and processes for government information systems supporting Department of Defense contracts. She leads the transition of an information system from the Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) to the Risk Management Framework (RMF), current ongoing compliance with the RMF, and continuous improvements to security for a Department of Defense Organization.  With a doctorate in Intercultural Communication from Arizona State University, has provided training and development services to a wide range of organizations, including colleges and universities, U.S. Government agencies, and private sector businesses across a wide variety of topics. As a fluent, heritage speaker of Japanese, growing up in Hawaii and living in Japan, Dr. Baker has developed a deep understanding of the linguistic and cultural dynamics of Pacific Island and Asian communities.   She is excited by the opportunities to mentor others as they continue to develop their skills in information assurance and management.  As a proponent of lifelong learning, she knows that the best learning comes from applying and teaching what one has learned and sees mentoring others as an opportunity to hone her skills.

Justin Baker began working for the Defense Information Systems Agency in April 2016 as a Security Control Assessor Representative performing Certification and Accreditation duties. After attending SANS SEC504 with John Strand and obtaining his GCIH, Justin has since transitioned into a penetration testing and Red Team operator position with the Department of Defense. Prior to his work with DISA, Justin worked as a Network Engineer, Service Desk Analyst, and a Desktop Technician. Justin has previously completed the SEC504, SEC560, and SEC573 courses from SANS, along with the accompanying certifications for GCIH and GPEN. Additionally, Justin served as Ed Skoudis' facilitator for SEC560 at PenTest Hackfest 2017 while attending SEC560. In addition to Justin's SANS certification, he also holds the CISSP and Security+ CE certifications. Justin is excited to teach SANS SEC560 to foster growth in future information security professionals.
Dan Banker currently holds the GCIH, GCIA, GCFE, and GNFA and is a threat hunter/incident responder for Motorola Solutions in Chicago, Illinois. He is also the primary Carbon Black system administrator and has extensively worked on customizing the product for Motorola's environment. This includes extensive scripting with the API to increase detection beyond what is currently capable in the GUI. From his time in the SOC at Dell Secureworks, he developed a love for pcaps and chaining grep/sed/awk to distill logs into useful information. Outside of infosec, he is a career musician and plays guitar for the popular Metallica tribute band Blackened. As a former guitar instructor with 40+ weekly students, he knows that passion for the field is and important part of the teaching process, and he brings his love of information security to the classroom.

David Bernal Michelena holds a bachelor's degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since June 2015 he serves as a cyber security researcher in Cyber Security Group in Scitum, a large consultant company in Mexico and Latin America. David's main activities are malware analysis, cyber threat intelligence, digital forensics and writing yara and snort rules to detect those threats and protect customers. David also performs ethical offensive activities and writes custom tools that are used in controlled environments to verify that security products do what they claim to do. 
From July 2013 to June 2015 David was a member of Security Events team at Alstom, a large company in energy and transport solutions protecting the endpoint environment of about 90,000 hosts distributed worldwide. In his time in Alstom his main activities were incident response, malware analysis and remediation, forensic analysis, IPS/IDS and SIEM management.
Formerly he served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitum's customers. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
From August 2009 to July 2011 he worked as a forensic analyst and incident handler in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico. David is GXPN, GASF, GREM, GCFA, GCFE and Access Data certified. He likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to swim and play the piano.

Craig Bowser is an ardent and dedicated infosec professional with 19 years of experience in the field. He began his career in the Air Force as a communications officer where he began as a system administrator, then was assigned as an IT specialist leading teams performing network optimization and troubleshooting. His final assignment was as a network security team lead. After separating, he worked as an Information Security Manager, Security Engineer, Security Analyst and Information System Security Officer with the DOJ, then DOD, and currently is with the Dept of Energy where he is one of the Senior Security Engineers.

He has spoken at various security conferences such as BSidesDC, BSidesCharm, DerbyCon and multiple SANS events such as the SOC and the SIEM Summits. He hold multiple certifications from SANS (GSEC, GCED, GCDA) as well as the CISSP from ISC2.

Craig has an Electrical Engineering degree from Stevens Institute of Technology. He is active with local infosec groups such as NOVA Hackers where he has given multiple presentations and maintains a blog at

He is a Christian, Father, Husband, Geek, and Scout Leader who enjoys woodworking, sci-fi fantasy, home networking, tinkering with electronics, reading, and hiking. And he has a to do list that is longer the time to do slots that are open.

Larry has over 20 years experience in Information Technology. Over that time he has taken on numerous roles including: managing desktops for a global defense ins, servers, networks, people, projects and a variety of cloud platforms. Larry is currently the Information Security Officer for a dynamic fintech company based in the Dallas/Fort Worth metroplex. He is responsible for maintaining all aspects of the security program across a wide range of systems and platforms. Larry has led the planning, design and implementation of secure cloud migrations utilizing IaaS, PaaS, and SaaS solutions based on the individual project's business goals. Larry is passionate about building information security and information technology solutions that provide value to the business while ensuring security of sensitive data. Larry has completed a total of five college degrees including a Master of Science in Cybersecurity and Information Assurance, a Master of Science in Information Systems, and a Master of Business Administration. He has also completed numerous certifications from ISC2, Microsoft, VMware, Cisco, GIAC and others throughout his career. His portfolio of GIAC certifications currently include the GIAC Critical Controls Certification (GCCC), GIAC Strategic Policy, Planning and Leadership (GSTRT), GIAC Secure Software Programmer- .NET (GSSP-.NET). He also has a number of industry certifications including the CISSP, CCSP, CCSK, CEH, CHFI, ITIL V2 and V3, VCP V2-V5, multiple MCSE, and the Azure administrator associate.

Marcelo has been working with information security and carrying out computer forensics investigations for over 20 years. He worked with incident response / computer emergency response, was responsible for conducting investigations, responding to networking intrusion attempts, investigated and handled privacy-related incidents and consumer complaint in liaison with Legal and Human Resources departments, analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, including offering remediation strategies, investigated and immediately worked to stop leaks and inadvertent disclosures of confidential information and developed policies and security awareness programs, working with highly sensitive information in a team environment.

He analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place. Audited, verified network security and gave recommendations to improve network security. Executed wireless evaluations and security auditings. Advised organizations with current information about information security technologies and issues and researched and recommended solutions. Wrote user manuals on security software and computer, email and Internet use policy. Developed and implemented user security awareness programs, with seminars, conferences, folders, newsletters and helpful suggestions. Designed and reviewed Windows and Linux security architecture.

Marcelo has assisted task forces in lawsuits as a technical assistant, acting as an expert witness in civil and criminal trials. He assisted in computer crimes (cybercrime) investigations and was responsible for establishing many procedures at the Federal Prosecution Service, such as evidence's chain of custody. He performed customer data analysis of data requested from banks and telecommunication companies, as requested by Brazilian Attorneys. He wrote, compiled and edited reports of security activities. He has also worked as an associate professor at some universities and lectured at the most important Information Security conferences in Brazil. He maintains a webpage dedicated to Digital Forensics and Incident Response (in Portuguese):

Finally, he holds a Masters degree in Computer Science, a Master in Bussiness Administration (Public Administration) and a Bachelor degree in Information Systems. He also has some certifications, which illustrates his passion to learn: GIAC Certified Forensics Analyst (GCFA), GIAC Certified Incident Handler (GCIH), CISSP (Certified Information Systems Security Professional), CHFI (Computer Hacking Forensic Investigator) and EnCase Certified Examiner (EnCE).

Ismail has over 15 years of Information Security experience and holds multiple SANS certifications. He has a passion for teaching and presenting complex topics. His classes are engaging, interactive and dynamic.
Mel Drews has been on both attack and defense sides of security throughout the public and private sector for more than 15 years. He's covered numerous roles in organizations large and small, including solutions engineer, analyst, auditor, penetration tester and consultant. His current role is in a global 50 financial services firm assuring software security. When not coding projects or studying for the next big thing, Mel is combing the forest floor for fungus in West Michigan or playing racquetball. He holds the GWEB, GCFE, and GCCC certifications, as well as CISSP, CISA, and CISM.
Leslie Fife has been involved in technology for more than 30 years. He has been a software developer (6 years), a college professor (22 years) and for the past few years has worked as a Security Analyst in the financial services industry and as an Information Security Manager for a large non-profit. His interests are welding, blacksmithing and physical security.
Stephen Forsyth has been in information security for over a decade, supporting a large number of information security systems. He started his career supporting security appliances at Juniper Networks, providing direct support of large deployments of Juniper's security products. Next, he supported a deployment of over 300 security products at Cox Communications in Atlanta, GA. Working for a large cable provider he supported network security appliances, AAA devices, and logging and monitoring platforms. Here he also managed security for a cloud infrastructure project allowing for fast deployment of servers and platform. After this, Stephen worked for Equifax, responding to the 2017 data breach, providing support for multiple applications and ensuring the security of many highly sensitive applications. Currently he works for Primerica Financial Services as a senior cloud security engineer, preparing for the security of deploying multiple production resources into the private and public clouds.

McKell 'Mick' Gomm is an avid cybersecurity researcher and currently manages cloud and application security initiatives for Cognizant Technology Solutions, a Fortune 200 company. Security automation is his favorite and he currently leads DevSecOps efforts for cross-industry, agile development teams.

Mick enjoys technical research and regularly contributes to various projects and at security conferences. His favorite presentations have been 'The Art of (HTTP) Web Defense' at SAINTCON and 'HackerMode' (an Alexa skill) at the BlackHat USA Arsenal.

Mick holds a B.S. in Business Management and an M.S. in Information Systems. In addition, he is certified in various disciplines (CISSP, GWAPT, GWEB, CISA, PMP) and is always pursuing useful cyber knowledge. You can connect with him on Twitter (@7YR43L) and LinkedIn for great articles and intel!

Mike Harris is an Information Technology Cyber Security Professional holding certifications as a Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH), GIAC Information Security Professional (GISP), Cisco Certified Network Associate Security (CCNA-Security), Cisco Certified Network Associate (CCNA), Red Hat Certified Technician (RHCT), and Red Hat Certified Systems Administrator (RHCSA). Mike has additional technical certifications which include Digital Forensics Examiner, Network Protocol Analyst, Project+, Linux+, and A+. Mike will soon graduate with a Bachelor of Science in Information Technology Security. Mike is the founder and former board member of TinkerMill, a non-profit organization dedicated to furthering the knowledge of our kids, adults, businesses, and municipalities in the use of high tech with the incorporation of creativity and art. He is also a Red Team Member of the Rocky Mountain Regional Collegiate Cyber Defense Competition. Mike has built a CSIRT from the ground-up, including a secure infrastructure using Linux systems (Red Hat and Ubuntu). Mike has extensive knowledge as a Technology Security Auditor conducting assessments, measuring vulnerabilities, security posture on internal and external networks, and account activities for insider threats and abuse.

Michael Hennick is currently CISO and Senior Network Security Architect for Solipsys Corporation, a wholly owned subsidiary of the Raytheon Company, where he is responsible for overseeing cyber operations for the company, including secure network architecture and design, incident response and forensics, vulnerability management, proactive threat assessments and penetration testing. He also teaches as an adjunct faculty for the University of Maryland, Baltimore County (UMBC) Cybersecurity Masters Program, and for the network security Associates Degree program at Howard Community College (HCC). Additionally he independently consults with small businesses to assist in their cybersecurity needs. With over 20 years of experience in the IT industry, Michael has held roles and gained first hand experience in positions ranging from software development, technical support, system, database, and network administration, network design and architecture, penetration testing, and incident response. Michael has a Masters of Professional Studies in Cybersecurity from the University of Maryland, Baltimore County (UMBC). He also maintains numerous industry certifications including CISSP, CASP, CEH, CHFI, as well as multiple GIAC certifications, and vendor specific certifications. He is also a member of the Baltimore chapters of FBIs Infragard, NCMS, and the Information Systems Security Association (ISSA).

After 20 years of military service, he proudly continues to serve as a Cyber Operations Technician with duties ranging from Auditing/surveying, Incident Response, Forensics, Red Team, consulting and training.  His main role is serving as the Microsoft Windows and PowerShell Expert.  He spent his previous 14 years working in a Windows and VMWare environment.  He became the PowerShell Expert and automated most of the Sysadmin?s routine tasks.  He also served as the alternate Information Assurance Manager.  His main duties include patch management, RMF implementation, and tracking user security awareness training.
His credentials include the CISSP, VMWare Certification, C|EH, 9 GIAC Certifications (GPYC, GMON, GCWN, GPEN, GCIA, GCIH, GCFA, GSEC, GSNA), Company Grade Officer of the Year, Army 255S (Information Protection Warrant Officer Advance Course) Graduate, and holds a Bachelor of Science in Management in Information Systems.
He enjoys giving back to the community in various ways.  He serves as a Cyber Patriot Mentor and is an active member of his local ISSA Chapter.  He enjoys presenting at community events, like BsidesCharm, and ISSA.    

Bryan Koch first became involved in cybersecurity as a member of the cyber defense team at the United States Coast Guard Academy. After four years of participating in the annual NSA Inter-service Academy Cyber Defense Exercise, Bryan attended his first SANS course, SEC 401. After 2 years of sea duty, Bryan entered into the Electronics and IT support field in the Coast Guard. At this assignment, Bryan served as the project officer for the Coast Guards IT Seabag Project, which was programmatic attempt to implement hardware authorization and management across the entire Coast Guard. He also returned to help cadets with the CDX and attended four more SANS courses at various venues. Bryan completed an MBA in 2015, focusing in Operations and Supply Chain Management. Shortly after, Bryan was temporarily assigned to Coast Guard Cyber Command to assist with the DoD Cybersecurity Implementation Plan following the OPM Data Breach. Bryan helped implement Coast Guard wide system health audits and was able to establish a 30-member Cyber Analytics team to augment traditional FISMA Audit efforts. Bryan graduated from Northeastern University in 2017 with an MS in Cybersecurity. At Northeastern, Bryan was President of the ISSA Student Chapter. Bryans thesis is currently being reviewed for publishing for the 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). His paper and presentation on Detection and Mitigation of Malicious Modifications on the Minnowboard Turbot won the 2017 Northeastern Research, Innovation, and Scholarship Expo (RISE) for Computer Science graduate level. Bryan is currently assigned as the Enterprise Operations Center Manager at Coast Guard Cyber Command and oversees a 75 member workforce maintaining Service Operations and Defense Cyberspace Operations for the U.S. Coast Guard.

Tim Larkin is a Senior Cyber Security Engineer at Spinvi Consulting, LLC supporting US Navy projects.  In 2013, as the US Army was working to create its Cyber Workforce, Tim graduated first in his class at the pilot course of Fort Gordon's 25D Cyber Network Defender program becoming the first National Guard Cyber Network Defender in the world. In 2018, he mobilized with his unit to support US CYBERCOM and the NSA.  He holds an MBA from Webster University and is projected to graduate from the SANS Technology Institute's MSISE program in 2020. Tim holds the following industry certifications: GIAC GSE #216, GXPN, GSEC, GMOB, GCCC, GSNA, GCED, GCFE, GCIH, GCIA, GMON, GCPM, CISSP-ISSEP, CRISC, CompTIA Security, CompTIA Network and CompTIA A.  Tim lives in Charleston with his wife, Janet, stepson, Justin and their dog, Rey.

Frederic Lauzier has been in the IT business since 2000. He was an IT consultant for two years and then enrolled in the Canadian Armed Forces as a Signals officer. He is still serving after 18 years and manages IT, Cyber, Radios, Satcom and Infrared communications systems, among others, both in a deployed field environment and in a static strategic one. 
Frederic has been deployed in Afghanistan with the Canadian Army and employed within the NATO Regional Command (South) Headquarter as a signals officer.
Over the years he acquired the ITIL v3 Expert certification. He has also earned a Masters in IT from University of Sherbrooke and a Masters in Defense Studies from the Royal Military College of Canada.
He attended his first SANS course in Fall of 2018 and since then, found a passion in sharing his knowledge with other SANS learners.
Frederic hold the following SANS certifications: 

Jason works for one of the largest financial institutions in the country as the Director of Cyber Security Operations Center focusing on internal security monitoring and response.  He has developed processes and procedures to reduce incident impact and cost, as well as early identification of incidents.  He has led teams responding and investigating numerous large scale incidents and APT attacks.

Jason also served as the President of the Atlanta chapter of the HTCIA and served on the board for directors of the Atlanta chapter of the ISSA.

On his off hours Jason enjoys teaching SANS Forensics curriculum as part of the SANS Mentor program.  He holds a Masters of Science in Information Security and Assurance (MSISA), and numerous security certifications such as: GCFA, GNFA, GCIH, GREM, GCCC, G2700, CISSP, CHFI, CEH and CISA.

Jason firmly believes that the only way to truly be secure is by educating others, and he lives by this principle. Furthermore, if you take the time and listen, you can learn from anyone, mostly from your students."

Bryan McAninch is an information security professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture. He holds a Bachelor of Science in Business Administration from the University of Texas at Dallas and a Master of Science in Information Assurance from the University of Dallas. Bryan is passionate about information security and giving back to the community. He is an organizer of the North Texas Cyber Security Group and owner of Prevade Cybersecurity.

William has been passionate about computers and their security since being introduced to them as a young teen. Early on he knew that he wanted to be working in information security. He began his education as network engineer at a vocational technology school while still in high school. After graduation he started an Information Assurance and Forensics Bachelor's degree at an NSA Center of Academic Excellence.

William has a decade and a half of experience within the field of information security. He has supported a fortune 5 company as a security engineer, supported many government and commercial customers in various roles within a Security Operations Center (including Incident Response analyst, DMA Lead and SOC Manager) and now is a Principal Security Researcher in a malware analysis role. He has taken the initiative to mentor and train new team members and has led many community events within the companies he has worked for. These events include quarterly mini conferences, Capture The Flag (CTF), LAN Parties, and other events to build the community and share knowledge. He is a frequent conference attendee and has participated in and won a number of IoT Village CTFs, including winning a Black Badge at BSidesDC for placing First in the competition. While the majority of his career has been supporting the blue team, he's always had a passion for the red team and has been honing his skills in penetration testing and exploit development. William currently holds the GCIA, GCIH, GPEN, GREM, GCTI, and GXPN GIAC certifications. In addition to those GIAC certifications, he holds the OSCP and CISSP. 

Outside of information security, William is a general class Amateur Radio operator (KE5HDY), 3D printing enthusiast, and is working to become a member of the 501st legion (a Star Wars costuming organization that participates in costumed charity and volunteer work). His blog can be found at

Captain Milan is the Assistant Flight Commander for the Cyber Flight for Air Force Special Operations Command. He has spent two years operationally testing cyber equipment for use by AFSOC and USSOCOM. Equipment ranges from mobile devices, 1553 aircraft buses, to traditional routers and switches. He has begun obtaining civilian certifications as they hold more weight than military cyber schools do. Captain Milan is certified GSEC, Sec+, and CEH. He has taken GPEN at Sans West 2019 and will take the certification exam in the coming weeks. He is also enrolled in Offensive Security Certified Professional (OSCP), and will take the certification exam in June. CISSP bootcamp has been completed, test is in line after the two penetrations tests. Captain Milan received his Electrical Engineering bachelor's degree from Tennessee Technological University, and his master's degree in Investing and Financial Analysis from Creighton University. Captain Milan would like to continue taking SANS courses to improve his skills, and one way that he learns is by teaching others.

Christian was formerly the service line lead and one of the core content developers for the KPMG Pentesting and Threat Intelligence service lines. After leaving KPMG, Christian joined Foundstone for a period in order to help build the practice back up and establish himself in a more technical consulting role again, currently Christian is working as the Lead Cyber Partner and part owner of his own consulting firm Indelible LLC.
Christian has presented and been a participant at Blackhat, Defcon, MPOWER, RSA, Pacific Hackers Conference, Anycon, and was offered a position to keynote at RFUN; a threat intelligence conference run by Recorded Future. Christian has also presented on behalf of himself and KPMG at a variety of schools and charity events to help promote cybersecurity and protect against cyberbullying. Currently Christian holds 5 GIAC certifications with the goal of earning his GSE in the near future. He is also an active member of the SANS community assisting in question writing and course audits for the SANS OnDemand courses for the last few years, as well as an active member in the Security community, participating and assisting in the running and organization of many of the popular Security Conferences and events.

Ryan OGrady has worked in information technology and security for over 14 years. In 2012, he joined Soar Technology as a senior software engineer in the Intelligent Training division, where he designed and lead the implementation of large training systems for Department of Defense (DoD) customers. In 2016 he helped stand up the Cyber Operations division, taking the role of portfolio lead for workforce development. He served as the principal investigator for an Air Force Research Labs (AFRL) project to develop an intelligent training system for cyberspace operators that provided individualized, personalized training in realistic environments. Mr. OGrady also served as the technical lead on a related project to create autonomous cyber attackers for training, testing, and evaluation purposes. Prior to Soar Technology, he worked as a software architect for U.S. Army TACOM, where he oversaw the migration and security of a production enclave, and as a research engineer for Cybernet Systems, where he performed R&D for a variety of DoD customers. Mr. O'Grady earned his B.S.E. in Computer Science from the University of Michigan in 2004 and is pursing a M.S. in Information Security Engineering from the SANS Technology Institute. Certifications: GCPM, GSEC, GCIH, GCIA, CPTE, Security+

Roger OFarril is an Information Security Manager is the banking industry. He has been in IT for over 20 years, focusing for the last six on cybersecurity issues. His career started on the endpoint side and quickly moved towards servers and networking. His main areas of expertise include cloud security, incident response, forensics, insider threat, and security analytics. 

He serves as a subject matter expert for CompTIAs Cybersecurity Analyst as well as ISC(2) Certified Cloud Security Professional. He is also a member of the GIAC Advisory Board. He holds multiple security certifications such as CISSP, CCSP, CISM, GCIH, GCFE, GCED, among others. In addition, he enjoys shaping future InfoSec professionals by serving as an adjunct professor teaching courses such as Cisco networking and Introduction to Cloud Computing. 

Recently retired, Mark, in his 28 years of service with the Kansas City Missouri Police Department, has served in many capacities, including Patrol, Internal Affairs and conducting digital forensic investigations. In 2011 Mark was assigned as a task force officer at the FBI?s Heart of America Regional Computer Forensics Laboratory (HARCFL).

While working as an FBI CART-certified forensic examiner he conducted examinations on a number of state/local and federal cases involving child exploitation, homicide, network intrusions and terrorism. He has also provided court testimony on numerous cases regarding general crimes and digital investigations.

Mark was a mentor and training officer at the HARCFL and he worked a number of cases while appointed to the lab. He was sought out for his knowledge of forensics, electronics and Python programming. He also used his programming background to create scripts which are used in the lab to streamline various functions. 

Mark has experience in HTML, Linux, Apple devices and cell phones. He held the FBI certification of FE (Forensic Examiner), and still maintains the SANS certifications GCFE and GPEN, CompTIA certifications A+, Net+, SEC+ and he has an Associate's Degree in Computer and Electronics Engineering Technology?. This most likely explains his fascination with Frankenstein electronic projects with lots of little blinking lights - at least his wife would like to think so.

Mark is excited to share his knowledge of electronics and digital forensics with people who have similar interests, and employ problem-solving techniques to assist them when needed.

In the early 2000's Andrew Rozema worked as a systems and network administrator for a major media company whose claim to fame was getting Lincoln elected, but that happened a long while before he started working there. After a couple of virus outbreaks including Sasser and CodeRed the company decided somebody should know something about information security, and sent him to his first SANS GSEC class. After which he immediately went back to the office and changed ALL the passwords. That class sparked a passion for information security that's been with him ever since. Since then in addition to roles in that media company involving IT administration, management and security; he worked his way through both a baccalaureate degree and Masters degree in information security and discovered a passion for not only learning about information security, but teaching it as well. After teaching a couple of night classes at the local community college, he was hooked, and when a full-time faculty position opened up, he made the switch. Now Prof. Rozema is the head of the department of Computer Information Systems at Grand Rapids Community College, as well as an Assistant Professor, still responsible for teaching information security as well as classes in Linux, shell scripting, JavaScript, Secure Mobile Application Development and some very exciting classes in penetration testing. As department head his focus is now to bring the program in line with both the CNSS and NICE framework for national accreditation. Prof. Rozema still accepts select consulting engagements and advanced teaching opportunities to make sure he stays on the cutting edge in technology and grounded in what IT looks like in the real world.
Dr. Jesse Samluk has a PhD in Electrical and Computer Engineering. Even though Dr. Samluk has a RF Engineering background, the cyber "bug" bit him when he was in graduate school and he attended US Cyber Challenge Camps, where he was part of the winning team in 2014. Ever since, he's completed CompTIA Network+, Security+, CEH, is an Associate of ISC2, and recently completed GIAC GSEC. He is also currently in law school and wants to focus on patent and cyber law after he passes the bar!
Gage S. Southard has been in the Information Technology industry for 8 years, serving in roles beginning as a Systems Administrator for Windows and Linux Servers, to performing Incident Response to Key National Infrastructure like banks, ICS/SCADA networks, and several government entities, and most recently as the Non-Commissioned Officer in Charge of Weapons and Tactics for a Mission Defense Team. In this role, Gage mentors and trains new cyber defense analysts, while developing and refining defensive tactics, techniques, and procedures for usage on Air Force base networks. He holds the GSEC, GCIH, GCDA, GCFA, EC-Council C|EH, CompTIA Security+, and 4 other various certifications, while working to complete his GCIA, and an end-goal of attaining the GSE. Gage has been featured as a subject matter expert in his field within the Air Force several times, receiving recognition of Strategic-level leaders like the Chairmen of the Joint Chiefs Id Staff. He is thrilled to have the honor of mentoring this course being able to pass on his experience in the field, as well as being able to contribute to the cyber community at-large!

Joe Sullivan has 20 years of experience in information security. Joe is the principal security strategist for Crossroads Information Security, the Chief Information Security Officer for a bank, and the owner and lead investigator of 1 to1 Risk Control & Investigations.

Joe got his start in information security in 1999 working for a web hosting company during the .com boom. In 2001, Joe started one of the first outsourced technical support companies for web hosting server support specializing in administration of LAMP servers and incident response.

After selling his company he went to work as the network security manager for a consumer electronics distributor and remained there for nearly 10 years. In 2014, Joe was recruited by Oklahoma based RCB Bank to guide their network security program. At RCB Joe is the Chief Information Security Officer.

Joe and his wife, Cathy, also operate Crossroads Information Security, which provides services to businesses that do not have the expertise or resources for network security. These services include penetration testing, gap analysis, policy, procedures, and training.

Joe holds the following information security related certifications:

GIAC Strategic Planning, Policy, and Leadership (GSTRT)
GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Incident Handler (GCIH)
Certified Information Systems Security Professional (CISSP)
CNSSI 4012 Senior Systems Manager
CNSSI 4013 System Administration in Information Systems Security
CNSSI 4014 Information System Security Officer
NSTISSI 4011 Information Systems Security Professional
NSTISSI 4015 Systems Certifier

Joe is active in the Oklahoma City information security community and is the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) chapter, is an instructor for the SANS Institute and teaches the following classes:

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
MGT514: Security Strategic Planning, Policy, and Leadership

You can find Joe Sullivan's blogs online at:

Anthony Switzer is a Senior Consultant working in Attack and Penetration. His career has evolved from working for small business, the government, and Fortune 500 companies, all which have led into cybersecurity. He has over 22 years of expertise spanning network and information security and administration, IT operations management, red teaming for both the financial industry and government organizations as well as threat hunting and security engineering. Anthony has a history of working the Project Management side of the industry as well, making him knowledgeable on the many facets of implementing security changes within a company. Anthony has a B.Sc. in Computer and Information Science w/ Concentration in Cyber and Network Security. He also currently holds: GIAC Mobile Device Security Analyst (GMOB), GIAC Web Application Penetration Tester (GWAPT), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Critical Controls Certification (GCCC), GIAC Certified Detection Analyst (GCDA), GIAC Security Essentials (GSEC), GIAC Certified Project Manager (GCPM), Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), ITIL Foundation, ITIL Intermediate and Continual Service Improvement (CSI), Lean Six Sigma Greenbelt Training, and Microsoft Certified System Engineer (MCSE) 2003 certifications.

Sean Thomas has over 20 years of Information Technology experience, with more than eight years in cybersecurity/information security. He has been involved in many aspects of IT throughout his career including desktop support and academic systems administration, networking, and Windows & Unix/Linux server administration before finding his way to cybersecurity. 

Sean has been an instrumental part of the formation and evolution of the IT Security Services program at Embry-Riddle Aeronautical University. He currently serves as the Senior Information Security Analyst on the team, with over six years of experience working Incident Response, Digital Forensics, and Policy Management. In addition to his duties with the team, he is regularly asked to guest lecture on cybersecurity topics at the University, primarily for many first-year student classes.

Sean performs several functions with SANS Online Training as part of the OnDemand QC team to improve content delivery for dozens of courses, assisting with course review, and as a virtual TA for Simulcast.  Sean holds a Bachelor of Business Administration in E-Business Technology from Stetson University and holds multiple GIAC certifications, including GCED, GCFA, GCIH, GMON, GCWN, and GCDA.

Ryan Thompson a security analyst at Alert Logic, focusing on threat monitoring and investigations. He has previous experience in solution migrations (on-prem to cloud), administering procurment systems, and data analysis. Ryan has a passion for knowledge and holds multiple IT and Cyber certifications including CCNA Cyber Ops, Associate of ISC, multiple AWS (Speciality and Professional), and is a member of the Advisory Board for GCIA.
Chris Traynor is a Sr. SecDevOps Engineer within Equifax's Global Security division. His background in information systems spans the Federal (VA), DoD (Marine Corp & Navy), and private sectors working within large international conglomerates and startup consulting shops alike. He has expertise in web apps, databases, APIs, scripting/automation, and project management. Chris holds a bachelor's degree in CIS from Anderson University, as well as GSEC, GCIH, GWAPT, and IAT Level III security certifications. He is a member of the GIAC Advisory Board, and has been a SANS course facilitator for SEC401 and SEC504. Chris lives in Charleston, SC with his wife, 2 dogs, and a cat. Twitter: @_christraynor_
With more than 20 years in the industry, Kendrick has served in many areas of the IT industry including networking (LAN/WAN troubleshooting, engineering and structured wiring), Web design, EndPoint administration, System administration, Programming and now Information Security. Kendrick currently serves as a member of his companys Information Security team and president of InfraGards Birmingham chapter which works with the FBI, Homeland Security and the U.S. Attourneys office to protect the 16 U.S. critical infrastructures from terrorist attacks. At night he manages 2 successful YouTube channels and his company which works directly with gaming companies around the world and has its own professional eSports team.

Tom Webb has over 15 years of experience in a dedicated security role. Tom has worked for state law enforcement and in the education sector.  He is currently employed by the University of South Carolina as the director of security operations. His current role includes leading a team that performs: incident response and forensics investigations. Tom's previous roles included: network security engineer, security architect, incident response, and penetration testing.

Tom has a B.S. in Information Management from the University of South Carolina. He holds various certifications including, CISSP, GXPN, and GSE. Tom also volunteers for the SANS Internet Storm Center. You can follow him on twitter @twsecblog, or

Michael Weeks is currently working as the SOC and Incident Response Lead at Fair Isaac Corporation. He leads a highly technical team of Analyst, Developers, and Incident Handlers in the daily monitoring of cyber security events for FICO. A graduate of the SANS Technology Institute Master of Science in Information Security Engineering Program and certified GIAC Security Expert, as well as a host of other SANS Certifications and the CISSP from ISC2. Michael is also a Chief Master Sergeant with the United States Air Force Reserve working in the 960th Cyber Operations Group as a Cyber Warfare Operator. The greatest privilege is the ability to mentor the future cyber warfare operators in hopes that they can help solve the many problems in cyber security.