Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.
James Arndt has been to numerous SANS training events and would like to share his knowledge gained with you. With his passion for security and years of classroom experience, you will gain practical knowledge and skills to take back to your company. James is a Security Engineer at the American Transmission Company based in the Milwaukee area. There he focuses on access management, vulnerability management, and reverse engineering whatever malware or malicious document comes his way. You might also find James hanging out with his family, playing guitar, or tinkering around in his basement lab.
Chris is a Director in IT Security at GlaxoSmithKline where he leads the services that deliver the IT controls that protect the company's network, servers, web and mobile applications, and data. He has led many incident response and vulnerability remediation efforts and has been working for over 20 years in the healthcare industry to promote information protection and IT security. He knows that striking the best balance between security and usability depends on having a clear understanding of the risks that vulnerabilities and threats pose to the business and being able to articulate those risks to senior business leaders. Chris earned his MBA from Drexel University with concentrations in both Management Information Systems and Corporate Finance and holds several professional and security certifications including GPEN, CISM, and a Six Sigma Black Belt.
Chris is an active member of the infosec community and looks for every opportunity to both learn and encourage others to gain a deeper understanding of the fascinating and often intimidating world of information security. He regularly takes part in security training, conferences such as Shmoocon and BSides, and capture-the-flag challenges to apply and grow his skills and understanding.
Bernal Michelena, David Eduardo
David Bernal Michelena holds a bachelor's degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since June 2015 he serves as a cyber security researcher in Cyber Security Group in Scitum, a large consultant company in Mexico and Latin America. David's main activities are malware analysis, cyber threat intelligence, digital forensics and writing yara and snort rules to detect those threats and protect customers. David also performs ethical offensive activities and writes custom tools that are used in controlled environments to verify that security products do what they claim to do.
From July 2013 to June 2015 David was a member of Security Events team at Alstom, a large company in energy and transport solutions protecting the endpoint environment of about 90,000 hosts distributed worldwide. In his time in Alstom his main activities were incident response, malware analysis and remediation, forensic analysis, IPS/IDS and SIEM management.
Formerly he served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitum's customers. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
From August 2009 to July 2011 he worked as a forensic analyst and incident handler in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico. David is GREM, GCFA, GCFE and Access Data certified. He likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to swim and play the piano.
Tim Boyles is the Security Administrator for a Dallas based security company. He brings over 19 years of experience in the IT field. He has worked for the U.S. Navy, a network consultancy, and various other industries, always involved in networking and security.He has been involved in security architecture, regulatory compliance, intrusion detection, penetration testing, vulnerability assessments, web application security assessments, and uses many security tools over the course of his work.
Jeremy Druin works as an internal pen-tester, incident responder, and defect-remediation expert for a multi-national transportation logistics company. Other responsibilities include web vulnerability assessment operations, setting application and database security standards, creating developer training programs, and teaching developers how to architect, design and write secure applications. Additionally Jeremy develops the open-source Mutillidae 2.x training environment and consults on web-application security topics. As the Director of Education for the Kentuckiana ISSA chapter, Jeremy presents on web application pen-testing and remediation along with operating the "webpwnized" YouTube video channel. Jeremy has a Bachelor in Computer Science from Indiana University and is a GIAC-certified Network/Web Application Pen-Tester and Exploit Developer.
Steve Elovitz is currently a Manager within Mandiant's security consulting team. Mr. Elovitz has a broad range of experience in the industry and has delivered both proactive and reactive services to government and commercial clients. Steve has significant experience in IR, forensics, as well as penetration testing. Steve graduated from Pennsylvania State University with a BS in Information Science and holds multiple certifications including: GPEN, EnCE, CEH, and CISSP. Throughout his career, Steve has gained experience as a sysadmin, a developer, and as both a red team and blue team analyst.
Craig Galley is an Information Technology Professional with accomplished work experience in the Security industry since 2001. He earned a Bachelor of Science degree in Information Science from the University of North Florida. Early in his career, he was responsible for deployment and management of network prevention controls for a private sector organization.
Craig's career focus shifted exclusively to application development with a desire to lead secure coding best practices while chaired on Information Security Steering committees and managing large development projects and teams.
Craig's certifications include GSEC, GISP, CISSP and CSSLP. In his current role as an Information Security Officer, Craig manages and directs an Information Security Program in the public sector. He is also active in Information Security groups, with volunteer experience as a Vice President.
Charles Gifford (Chazz) is a recognized expert within cybersecurity and has been working in the information technology and security field since 1997. Over the course of his career, Chazz has held various technical and leadership positions within the Aerospace and Manufacturing Industry. Chazz currently leads a Global Security and Risk Team for a fortune 500 company that spans everything region. Chazzs latest scholastic achievement is graduating with honors from the University of Maryland University College in the Masters of Science in Information Technology focused in Information Assurance. Chazz has specialized in mentoring, metrics and measuring effectiveness of security teams throughout the last 5 years of experience.
Joe Gray is a native of East Tennessee. He joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Since leaving the Navy, Joe has lived and worked in St. Louis, MO, Richmond, VA, and Atlanta, GA. His primary experience is in the Information Assurance (IA) and Cyber Security compliance field. He has worked as a Systems Engineer, Information Systems Auditor, Senior UNIX Administrator, Information Systems Security Officer, and Director of IT Security.
Joe's undergraduate and graduate degrees are also in Information Technology (with focus in Information Assurance and Security) from Capella University, where he graduated Summa Cum Laude for both degrees and completed some Graduate coursework in Business Intelligence. He also is a part-time (Adjunct) Faculty at Georgia Gwinnett College and at Gwinnett Technical College. He is also in the SANS Instructor Development pipeline and will be teaching SANS Security 504: Hacker Tools, Techniques, Exploits, and Incident Handling in the 4th Quarter of 2016.
Joe holds the (ISC)² CISSP-ISSMP, GIAC GSNA, GCIH, CompTIA Security+, CompTIA Network+, and CompTIA A+ certifications. In his spare time, Joe enjoys reading news relevant to information security, blogging, bass fishing, and flying his drone in addition to tinkering with and testing scripts in R and Python.
Visit Joe's website and blog: https://advancedpersistentsecurity.net/
Joe's Podcast: Advanced Persistent Security
Shane Harsch is an information security professional with over 25 years of experience ranging from military to manufacturing to security consulting and professional services. He has managed and architected SOCs for the military and managed service providers. Shane is a commissioned officer in the US Army with a Masters in Business (MBA), and maintains the following certifications: intrusion analyst (GCIA), incident handling (GCIH), enterprise defense (GCED), and information security (CISSP). Shane is currently with RSA as a Senior Solution Success Manager.
Some additional background:
His soft skills are founded in theater, music, and foreign languages, all cultivated while living in Germany. Additionally, Shane spent 12 years in the US Army, receiving a commission and attaining the rank of Chief Warrant Officer, experience which has served him well as a leader, mentor, and team member. Shane enjoys skiing, fiction of all kinds, and is an active designer and writer in the tabletop gaming industry.
Russell Isaacs is an Operation Iraqi Freedom Veteran and Chief Warrant Officer in the Army National Guard with more than 17 years active duty experience. Mr. Isaacs serves as a Information Protection/Network Defense Technician (255S) for the 50th Infantry Brigade Combat Team and is the Officer In Charge (OIC) of the Information Assurance / Network Defense (IA/ND) Cell for one of the U.S. Army?s Warfighter Information Tactical Enterprise Network?s (WIN-T). Mr. Isaacs is also the WIN-T Information Assurance Program Manager for the 50th IBCT responsible for coordinating and developing the IA Program requirements to reduce risk, improve security, achieve compliance and provide an Educated Suspicious Posture on a Department of Defense Information Network (DoDIN/WIN-T).
Mr. Isaacs is New Jersey's lead Cyber instructor for the State Partnership Program (SPP) that assist's a partnered NATO nation in developing a capable Information Assurance military workforce by coaching, teaching and mentoring their Ministry Of Defense sectors in the area of Cyber Risk Management, Risk Assessment and Incident Response. This strengthens the collective international Information Assurance and Cyber Defense posture for partner/coalition nations within the North Atlantic Treaty Organization.
Mr. Isaacs holds a Bachelor's of Science in Information Systems Security, Certifications include GSEC, GNFA, GSNA, GCFA, GCIH, GCIA, GCWN, GPEN, GREM, CISSP, CCNA, C|EH, MCSA, MCP, SEC+, NET+ and many other SANS and military related certs and training. Mr. Isaacs is a recipient of the Cisco Global Cybersecurity Scholarship and is enrolled in training to receive Cisco's CCNA CyberOps certification.
From load FILENAME,8,1...to the Start button... to touch interfaces, technology has been a constant companion (and sometimes obsession) for Cliff.
Cliff's professional career started 18+ years ago as a help desk analyst supporting mainframes and dial-up internet. He progressed through desktop support, desktop management and server administration and joined the security team in late 2008. The wide diversity of topics in security has Cliff thirsting for knowledge like he was a teenager again.
Cliff currently holds CISSP, CISM, GPEN, GCIH, GWAPT, GXPN, OSCP, MCSA and Security+ certifications.
Occasionally (read rarely), Cliff will add something mildly informative to somethingsomethingsecurity.com.
As an information security professional, Azeem has accrued years of experience in security engineering, incident response, digital forensics and vulnerability management. A firm believer in ongoing education, he works hard to keep his base of knowledge current and up to date. Although he holds accreditations from such industry leaders as GIAC, ISC2 and Access Data already, he is constantly looking for ways to learn more and to gain a better understanding of his field, attending and volunteering at conferences such as Shmoocon and Blackhat.
Azeem is a natural people person who connects easily with people from all backgrounds. He enjoys working with and mentoring people who are motivated to the same extent that he is, and he takes real pleasure in discussing the security field. A strong advocate for continued progress in the security field, he speaks eloquently and listens closely, knowing that there is always something for him to learn and share.
Azeem looks forward to serving as a mentor as a way to provide value to the community that has become so much like home to him over the years.
Bill has a Bachelor?s of Science in Criminal Justice from the University of Alabama Birmingham and a Master's of Science in Technical Management from Embry Riddle Aeronautical University. Currently he is working on his Masters of Science in Information Security Engineering through SANS Technical Institute and has numerous certifications through SANS. Bill began his career in computer technology in the early 1990's while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills. He has been employed with Northrop Grumman for 17 years, during which he has performed several roles including desktop support, client engineering, systems engineering, and most recently information security.
Travis Lee is the Director of Penetration Testing at AppSec Consulting with over 11 years of experience in Information Security, Network and System Administration, and System Architecture. He has expertise in many areas including network and web application penetration testing, mobile and client application penetration testing, security management and operations, vulnerability research, cyber-physical systems, and conducting technical training. He has discovered and responsibly disclosed numerous vulnerabilities in commercial software, web applications, and cyber-physical control systems.
Travis is a Computer Science graduate of the University of Hawaii at Manoa and holds numerous professional certifications including the prestigious GSE, OSCE, OSCP, GXPN, GREM, GPEN, GCIA, GCIH, GCFA, GSNA, GSEC, CISSP, and MCSA. Additionally, Travis has achieved the distinctive title of SANS Cyber Guardian (Red Team). Travis is also a Cyber Warfare Officer for the Air National Guard and part of a leading, nationally recognized Cyber Operations unit that conducts worldwide, full spectrum network security operations to improve the DoD Global Information Grid and the Air Force's network security posture. Prior to joining AppSec, Travis worked in the utilities industry and higher education.
Vincent LeVeque is a Business Information Security Officer for American International Group (AIG), a global financial services company. Vincent teaches information security classes for UCLA Extension. He is the author of the book, Information Security: A Strategic Approach, published by IEEE/Wiley. Vincent received his Masters of Science degree in computer science specializing in information security from James Madison University, one of the first programs certified as an NSA Center of Academic Excellence in information security.
Lisa Peterson CISA, CRISC, CISSP has worked in Information Security for 20 years, and is a Security Analyst for Progressive Insurance. Her current focus is in governance, risk and compliance. She is a part-time instructor at Cleveland State University and also speaks on security topics. She serves on the board for the Information Security Summit, the Northeast Ohio chapter of ISACA, and the Northeast Ohio chapter of CSA.
Steven Romero is a 20-year technical professional with experience in IT operations, ICS engineering, project management, & training. Steven is passionate about information security, and is a strong advocate and beneficiary of the SANS hands-on approach to learning. Please join Steve and thousands of other InfoSec professionals who have advanced their knowledge and career through the SANS training and certification program.
Jim Voorhees was named MSISM Program Director of SANS Technology Institute (STI) in November 2011. A graduate of STI, Dr. Voorhees has had a varied career in government and private industry. He earned his Ph.D from the Johns Hopkins School for Advanced International Studies after earning degrees in International Affairs from the George Washington University and working on the editorial staff of the International Food Policy Research Institute. After writing a book for the Kettering Foundation (Dialogue Sustained) and experience with Kettering, the Congressional Research Service, and IREX, Dr. Voorhees entered the IT industry as a technical writer, he quickly moved on to systems administration, then IT security and SANS. He has worked on security at several government agencies, including the FBI and the IRS, and currently works for Sage Management as a Network Security Engineer on a DOD contract.
Tom Webb has 9 years of experience in IT Administration and Security. Tom started his career working for state law enforcement where he was responsible for network design, implementation and security. He is currently employed with the University of South Carolina as an Information Security Officer where his primary role includes: Lead Incident Handler and Forensic investigations, Penetration Testing, Vulnerability Management, and Risk Assessments. In these roles, Tom has worked extensively with a variety of operating systems and tools, such as Novell Netware, Linux, OS X, Snort, Juniper, Cisco, Checkpoint, and numerous open source forensic and incident response tools.
Tom has a B.S in Information Management from the University of South Carolina. He holds various certification including: GIAC Certified Incident Handling (GCIH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Forensic Analyst (GCFA), GIAC Assessing Wireless Networks(GAWN), GIAC Reverse Engineering Malware (GREM) and Certified Information Systems Security Professional (CISSP).