Save $200 on Cyber Security Training at SANS Scottsdale 2019. Ends Tomorrow!

Mentor: Bios

Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

Bryan is the co-host of the Brakeing Down Security podcast. Bryan's a Navy veteran, with 20 years of experience in IT and infosec. In addition to the GCIH, he also holds the GWAPT, and a CISSP in good standing. Bryan sees incident response as something vital to any business, and he is eager to share knowledge and experience with you. You can learn more on his podcast "Brakeing Down Security" by visiting
Ismail has over 15 years of Information Security experience and holds multiple SANS certifications. He has a passion for teaching and presenting complex topics. His classes are engaging, interactive and dynamic.

Jeremy works as a security penetration tester, application security consultant, and defect remediation expert for UPS. Jeremy is also the owner of Ellipsis Information Security and teaches courses for SANS Institute.

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel.

Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.

Family, Gadgets, games, aerial photography, great food and craft beer are some of Paul Dumbleton's passions. Hailing from the the United Kingdom via California and now Michigan, Paul completed his Bachelors in Information Technology from the University of Phoenix in 2004 while working for Herman Miller in Zeeland, Michigan. After a recent transition to Perrigo, Inc, he now manages and oversees Global Security Operations and Engineering. Paul's passion for Information Security and Technolgoy has spanned more than 25 years. He continues to be motivated by setting goals that challenge his experience and knowledge, and admits that he continues to learn something new everyday. This translates directly into his success protecting Perrigo from evil (according to his boss) and helping the great people he works with use information resources securely.

Matt got his start in the technology field by joining the US Army and serving as a satellite terminal operator for 5 years. Since the Army, he has worked as a firewall technical support technician, network engineer, systems administrator/engineer and a security analyst in the defense contracting world. He currently works as a security researcher doing threat analysis, threat hunting and penetration testing. He is passionate about using technology for good and educating technical and non-technical people about InfoSec issues.

Leron is a 10-year active duty US Navy military member with 4 years in an information security position. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more. He enjoys competing in as many CTFs as possible, and also often performs as a nerdcore rapper.

He currently holds the GPEN, GCFE, and GPYC certifications. He also maintains a blog at

Rick is a Security Engineer for G2, Inc and has over 15 years of experience in the IT field, with 5 years specifically in InfoSec. Rick started his career as far from InfoSec as possible: as an Aircraft Armament Systems Specialist in the USAF. Mr. Hidalgo had the opportunity to cross-train into a field that allowed him to perform client support and Information Assurance duties, which then allowed him to take a position with the Department of Defense (DoD). While with the DoD, Mr. Hidalgo performed network and endpoint analysis, performed adversary emulation and conducted cyber operations as an interactive operator as part of a Red Team. Mr. Hidalgo has had the privilege of experiencing a broad range of technical fields, including network analysis, intrusion detection, penetration testing, malware analysis, reverse engineering, and digital forensics. Mr. Hidalgo is passionate about educating and mentoring future InfoSec professionals. Rick has volunteered as a Red Team member for the CyberPatriot National Finals for the past 3 years, and recently joined the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) Red Team. Rick was also an adjunct professor for a local community college, where he helped coached a cyber competition team and taught computer science courses. Rick is still active in cyber competitions, and takes the opportunity mentor and help other students grow in the field. He also performs independant consulting services and is a security researcher with the SynAck Red Team. Mr. Hidalgo holds his Bachelors in Cybersecurity from UMUC, and is currently pursuing his Masters in Cybersecurity from Excelsior College. He also holds a number of professional certifications, including GCIH, GAWN, GCFE, GCFA, GCIA, GPEN, and CISSP.
Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team and an Infrastructure Security Team (Blue Team) at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HPs internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed. Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications. Derek also served in the US Army, mastering jump school and being promoted to sergeant (E-5) in less than 2 years, working in power generation and equipment repair. Derek is a very technically savvy engineer with heavy focus on security, integration and service delivery. His education and experience bring an understanding of how technology can affect the business, both positively and negatively. He is an excellent leader and problem solver and prides himself on being able to help the business achieve their goals with the assistance of technology. In his current role, Derek works with about 30 different internal customers as well as senior management to ensure service offerings and deliverables align with the corporate mission and risk tolerance. Security is a very dynamic and fast-moving field. He stays current on new threats, trends and technologies through networking, research, training classes and conferences. Derek is an active member of ISSA and OWASP security organizations. Maintaining awareness and skill level allows him to better plan and prioritize future work inside a company. Derek is very driven and goal oriented and brings a wealth of experience, knowledge and interpersonal skills to a new opportunity.

Dale Hobbs is a veteran of IT with over 18 years of experience starting out as a Junior Systems Administrator to his current role, Security Manager.

His background includes server and network administration, network architecture, network security, security policy development, adoption and direction setting in accordance with regulatory compliance and industry standards and currently holds the certifications of GSEC, GCIH, GPEN

Dale is excited about all areas of technology but most specifically network security. He is enthusiastic about sharing his knowledge and experiences with the next generation to help others achieve their IT related educational goals and embraces the opportunity to continuously learn and develop in his own career path.

James currently works as a Cyber Operation Technician for the Maryland National Guard.  His main function is to work with local defenders to make their networks more secure.  James has served in the Military for 21 years.  He has served in various positions with in a Windows environment, with his last assignment being a Systems Administrator for a small organization.  He also had additional duties of being the alternate Information Assurance Manager and Network Administrator.  James enjoys scripting and PowerShell so much that he became the admin that created the automation tools for the Sysadmin team.

James has a bachelor's degree in Management in Information Systems and is currently in the process of completing his MBA with an emphasis in Information Technology Management.  He is a graduate of the Army's 255-S school and hold the CISSP, 7 SANs Certifications (GSNA, GPEN, GCIA, GCWN, GCIH, GCFA, GSEC) and C|EH.

James enjoys giving back to the community by volunteering at schools and presenting the ISC2 Safe and Secure Online presentation to school aged children.

Now a recovering CISO with over 20+ years direct Information Security experience, Christopher Hudel's experiences demonstrate success (and reveals his most inner excitement) within the domains of application and product security, incident & crisis management, penetration testing ("red teaming"), security roadmap and strategy, security operations, evangelism and leadership. Christopher's career path careened both the very technical (developing penetration testing teams & methodologies, working incident response for both malicious internal threats and nation state advanced persistent ones) and the very strategic (as a CISO for industries ranging from retail through industrial manufacturing). Comfortable in front of either board (key- or -directors), Christopher brings a sense of "extreme common sense" to communicating and understanding risk related to highly technical topics. Christopher is an accomplished speaker, most recently served as an adjunct professor teaching information security graduate and undergraduate courses for the University of North Carolina in Charlotte, NC.

Charles Humphrey is a man filled with ambition and passionate about his work. Since 2005 he has worked his way up the ladder of information technology and security, accumulated multiple certifications including CISSP GCIH GCCC GREM ECES has a degree in networking, and is working towards another in cyber security.

On many occasions, Charles has had the opportunity and privilege to help his employer by creating and applying a variations of programs and codes to benefit, and automate his work place, creating a better and easier work flow for many employees.

In his spare time, Charles Humphrey highly enjoys getting involved in the cyber security community and helping like minded people to understand concepts of security and to encourage them in their further learning. Always working to improve the growing community and to facilitate the lives of others at the best of his abilities. He knows the importance of continuous education, keeping an open mind, communication, and keeping a straight head in the face of adversity and always be passionate about what you enjoy. 

Ryan Irving has over 10 years of Information Technology experience working in the public sector. Ryan currently works for Hillsborough County Board of County Commissioners as the Information and Cyber Security Manager performing vulnerability management, forensics and incident response and other security operations. Ryan earned his Bachelor's degree from St. Petersburg College in Technology Management, with the focus in Information Security Assurance. Ryan then earned his Masters of Science in Digital Forensics from the University of Central Florida. Ryan has earned CompTIA's A+, Security+, ISC2 CISSP, and GIAC's GCIH, GNFA, GCFA, and GPEN. Ryan is excited to be your mentor for this course, and excited to share his experiences, and learn from others experiences during the course.
Duane Isaacs is an IT veteran with over 23 years of experience who began his career as a Computer Repair Technician at a local computer store and evolved into his current role as a Web Application Security Analyst for one of the top corporations specializing in Software as a Service (SaaS). His background includes over 10 years of development and implementing complex infrastructures and technical solutions for industry leaders, IT Management, server and network administration, network architecture, network security, security policy development, adoption and direction setting in accordance with regulatory compliance and industry standards. He currently holds the GWAPT certification. Duane is enthusiastic about all areas of information technology, with focus on automation and information security. He is excited to share his knowledge and experience with the next generation to help others achieve their IT-related educational goals and expand his mastery into new security arenas.

Allen Jenkins is the VP of Consulting Services and Chief Information Security Officer for SyCom Technologies, based in Richmond, Virginia. Allen has over 25 years of experience in the Information Technology field. He has worked in varying capacities (including systems administration, systems engineering, management, and consulting). 

Allen's primary focus over the years has been on Information Technology Infrastructure solutions. Allen works with customers to help assess, plan, design, deploy and support their IT needs. Most recently, that focus has been on helping customers reduce risks to their environments through assessment methodologies that focus on a top down approach - working with executives and business leaders on policy and procedure, then evaluating the technology in place to support those business initiatives. Allen holds the ISACA CISA certification, the GIAC GSLC certification, and the GIAC GSEC certification. When not focused on technology and security, Allen can be found either with family, a good book or on a trail hiking or cycling.

Jonathan Karchmer has over 15 years of experience in managing digital forensics and investigations. His background includes network administration, information security and electronic discovery project management. Jonathan frequently works on matters concerning trade secret theft. Jonathan has offered sworn testimony at deposition, hearing, and trial. Jonathan currently holds GCFA, GCFE, and GCIH certifications. He is excited about the opportunity to mentor FOR500 and share his enthusiasm for digital forensics with others.

Jason Kinder has over 20+ years of experience in the IT and InfoSec industry working in the private sector as a network administrator, network engineer, and then moving to manage a distributed IT group before making the jump over to InfoSec.  The jump over to InfoSec has put him in a position to manage InfoSec Operations for a multi-billion dollar defense contractor battling some of today's shared adversaries.

Through the course of his career his has gained the MCSE and CNE certs back in the day and worked hard to achieve the CISSP certification and more recently his GCIH & GMON.  Backed by a breadth of technical skill and knowledge, it also takes some keen business sense and acumen to properly navigate today's corporate environment.  While working in IT, Jason earned a Bachelor's of Science Degree from Wright State University in Dayton, OH in 2001 followed by an MBA with a concentration in Management, Change and Innovation also at Wright State University in 2009.  The technical and business skills he has amassed over his career are key to being successful and properly understanding today's security landscape and how it impacts the business.

Jason is very excited about the opportunity to Mentor SEC504 as a way to give back to the community, broaden people's minds, and train the InfoSec staff of tomorrow.  The challenge is here and now with adversaries evolving and regularly knocking on our doors.  Jason will help students be better prepared to identify and deal with these challenges on a regular basis.

Doug King is a Technical Service Engineer Sr. Staff with Lockheed Martin Energy and a Cybersecurity Lead. He brings over 20+ years of IT experience including 14 years supporting electric cooperatives. Currently, Doug provides Cyber Security and Data Center support for Rappahannock Electric Cooperative. For cybersecurity, he is trained in incident handling, penetration testing and advanced persistent threats."

Bill has a Bachelor's of Science in Criminal Justice from the University of Alabama Birmingham and a Master's of Science in Technical Management from Embry Riddle Aeronautical University.  Currently he is working on his Masters of Science in Information Security Engineering through SANS Technical Institute and has numerous certifications through SANS.  Bill began his career in computer technology in the early 1990's while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills.

After a brief stint with professional baseball, Bill moved back to computers and started working for a DoD Contractor.  During the last 20 years, he has worked in various departments; Desktop Support, R&D, Client Engineering, IT Systems Engineering and Cyber Security.  The last ten years, Bill has worked within Information Security managing projects and working with various programs across multiple areas of Information Security.  He started working with SANS Instruction in 2012. 

Jason works for one of the largest financial institutions in the country as the Director of Cyber Security Operations Center focusing on internal security monitoring and response.  He has developed processes and procedures to reduce incident impact and cost, as well as early identification of incidents.  He has led teams responding and investigating numerous large scale incidents and APT attacks.

Jason also served as the President of the Atlanta chapter of the HTCIA and served on the board for directors of the Atlanta chapter of the ISSA.

On his off hours Jason enjoys teaching SANS Forensics curriculum as part of the SANS Mentor program.  He holds a Masters of Science in Information Security and Assurance (MSISA), and numerous security certifications such as: GCFA, GNFA, GCIH, GREM, GCCC, G2700, CISSP, CHFI, CEH and CISA.

Jason firmly believes that the only way to truly be secure is by educating others, and he lives by this principle. Furthermore, if you take the time and listen, you can learn from anyone, mostly from your students."

Michael Long is a Senior Cyber Adversarial Engineer with the MITRE Corporation and a former U.S. Army Cyber Operations Specialist. Michael has over 10 years of experience in information security disciplines including adversary threat emulation, red teaming, threat hunting, and digital forensics and incident response. Michael Long has a proven track record of service in the public interest. Michael served on countless cyber operations for organizations including the Army Cyber Protection Brigade and Army Cyber Command, the results of which he regularly briefed to commanding generals, strategic executives, and congressional staffers. With MITRE, Michael continues to apply his technical expertise to improve the cybersecurity of our nations most sensitive and critical networks. Michael has a Masters Degree in Information Security Engineering from SANS Technology Institute, and holds many information security certifications including the prestigious GIAC Security Expert certification (GSE). Michael is an avid contributor to the industry, and has authored three papers published on the SANS Reading Room and has presented his research at various conferences and webcasts including the SANS Internet Storm Center. Michael is extremely excited to share his unique lessons learned from the field to arm students with the skills they need to succeed.

Dave Mayer is a Senior Security Consultant with InGuardians. Prior to joining InGuardians Dave was a member of the Red Team for a global financial organization and has almost a decade of experience working in healthcare both in Information Security and IT. In his spare time, Dave can be found tinkering with many house projects or reliving his fire department days when he was part of the Fairchild Fire Company in the Morris Township Fire Department. He held numerous positions ranging from Engine, Ladder and Rescue Operator to Battalion Chief. Dave Mayer graduated from State University of New York at Plattsburgh with a Bachelors in Computer Science. Aside from running into burning buildings, Dave currently holds the following certifications: GIAC GSE, GSEC, GSNA, GCIA, GCFE, GPEN, GXPN, GCIH, GWAPT, GAWN and OSCP

Jake Miller is an information security professional, primarily focused in offensive security. Jake is currently a penetration tester, but also has previous experience as a security controls assessor, SOC analyst, and system administrator.

Jake is a lifelong student, holding a variety of IT and cyber related certifications including GXPN, GCFA, GCIA, CISSP, and AWS Solutions Architect Associate, among others.

He blogs about security and coding at, and is passionate about sharing knowledge in the community.

Jason Ostrom has helped over 220 organizations mature their Cyber Security programs by identifying business risks and improving their readiness for security incidents.  In his current role as Director of Technical Services for Zyston (, Jason leads the Offensive security practice and  provides support for client security incidents in potential data breaches.  Jason is also the courseware author and instructor for Zyston?s ?Top Gun? offensive security class modules.

Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses.  He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets.  He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues.  In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor.  He is the author of the ?VoIP Hopper? network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.  Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine.  Jason has spoken at many high-profile security events such as DefCon and ShmooCon.  He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security.  Jason currently holds the CCIE Security certification (including CCNA, CCDA, CCNP, CCSP) and GCIH, GCFA, GPEN, GWAPT certifications.  He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.

Shane is the Director of Cyber Risk and CISO Advisory Services for the Atlanta based cyber risk management firm, risk3sixty LLC.  Shane specializes in helping organizations navigate the complexities of cybersecurity, information risk and compliance. His experience includes acting as fractional CISO for numerous high growth organizations, developing information security and compliance programs, and leading technical cyber risk and penetration testing engagements. 

Shane holds the CISSP, CISA, and GPEN certifications, and has a bachelor's degree in Geographic Information Systems and Master of Business Administration from Kennesaw State University.

You can reach Shane on Linkedin at

Shyaam is currently a Chief Architect in the MDR space with years of experience in cyber security, information security and intelligence studies. He has worked on multiple technical and leadership roles including Director, SOC Manager, Principal/Senior Consultant, Researcher, Information Assurance Engineer, and Analyst/Engineer.

Shyaam graduated from Master of Science (MS) degree in Computer Science, majoring in Information Security at the George Washington University. He also holds Master?s Certificate in Computer Security and Information Assurance from GWU, Graduate certificate in Computer Security from Stanford, Data Science from MIT, Leading with Finance, Disruptive Strategy and Negotiations from Harvard. He continues to hold professional memberships at InfraGard, ACM, ACFE, ISACA, IACSP, HTCN, ATAB and various other associations, where he has been actively participating in the cyber security community. He has held professional certs such as, GCIH, GCIA, GREM, GCFA, GPCI, GCDS, GLDR, SSP-CNSA, SSP-MPA, SSP-GHD, GHTQ, GWAS, CISA, CEH and GIPS. He was a board member at IARIA research group where he has participated as TPC, Chair and Co-Chair of IEEE conferences related to Security and has been an advisor for several small and mid-sized organizations.

Don Reilly is a Senior Cyber Threat Developer at ERCOT, the controller of the Texas power grid. Starting initially in the Financial sector as first a Systems Administrator, and then a developer, he transitioned to the Energy Sector three years ago to perform Dev Ops and Cyber Security roles. At GridSecCon 2017 he won the inaugural ICS NetWars tournament, and continues to strive for excellence all he does. He is excited to mentor this course, because he is extremely enthusiastic about the value this course has for all organizations.

Starting back in 2005, Jonathan got into WiFi exploitation and as the years went by he began exploring other aspects of cyber.  In 12 months, Jonathan attained several industry certifications which landed him a job as a Tier 3 network administrator at the DISA.  From there he became a member of the CERT at the DLA where he focused on Incident Response and initial malware analysis.  Jonathan later decided that he wanted more and moved to Maryland execute offensive operations. 

As a Senior Master Sergeant (E8) in the Maryland Air National Guard located at Fort Meade, MD, Jonathan serves as a cyber warfare operator.  There, under the United States Cyber Command, defense happens in red space.  Defending the nation's critical infrastructure and key resources in cyberspace is as challenging as it is vital and Jonathan intends on completing 30 years of service in the Air Force.  Jonathan also enjoys creating training labs and capture the flag events to motivate learning in a controlled lab environment. 

Jonathan's full-time job focuses on exploit development and vulnerability research as a Cyber Scientist with the Battelle Memorial Institute.  Reverse engineering binaries compiled for multiple architectures gives Jonathan exposure to various assembly languages.  Jonathan has created several tools and capabilities over his career with the Air Force and Battelle.

Jonathan holds the following certifications:  CEH, ECSA, CNDA, Security+, GCED, GCIH, GCFA, GPEN, GXPN.  Jonathan has attended the following courses:  Cyber Warfare Operations, Applied Cyber Operations Training, SEC501, SEC560, SEC660, SEC617, FOR508, FOR526, Assembly for Reverse Engineers, and Basic/Intermediate/Advanced Malware Analysis.

In his 28 years of service with the Kansas City Missouri Police Department, Mark has served in many capacities, including Patrol, Internal Affairs and conducting digital forensic investigations. In 2011 Mark was assigned as a task force officer at the FBI's Heart of America Regional Computer Forensics Laboratory (HARCFL).

As an FBI CART-certified forensic examiner he has conducted examinations on a number of state/local and federal cases involving child exploitation, homicide, network intrusions and terrorism. He has also provided court testimony on numerous cases regarding general crimes and digital investigations.

Mark is a mentor and training officer at the HARCFL and he has worked a number of cases since his appointment to the lab. He is sought out for his knowledge of forensics, electronics and Python programming. He has also used his programming background to create scripts which are used in the lab to streamline various functions. 

Mark has experience in HTML programming, Linux, Apple devices and cell phones. He holds the FBI certification of FE (Forensic Examiner), the SANS certifications GCFE and GPEN, CompTIA certifications A+, Net+, SEC+ and he has an Associate's Degree in Computer and Electronics Engineering Technology. This most likely explains his fascination with Frankenstein electronic projects with lots of little blinking lights - at least his wife would like to think so.

Mark is excited to share his knowledge of electronics and digital forensics with people who have similar interests, and employ problem-solving techniques to assist them, when needed.

Greg Scheidel has over 25 years of hands-on experience in IT including desktop and server support, network design and implementation, application development and programming, IT service management, IT security, and information assurance. He currently leads a security program providing a full range of IT security services including SOC, incident management, risk management, penetration testing, forensic and malware analysis, cyber threat intelligence, security engineering, audit and policy SMEs. Greg firmly believes IT and security must serve business needs rather than exist for their own sake, and is passionate about teaching others while expanding and honing his own skills.

Andrew Skatoff has been securing and protecting critical infrastructure networks for the last 16 years. 
Raised by a Topgun Marine fighter pilot and a middle school special education teacher, he has always been driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a  better and safer place.
Andrew's love for computers started in college and after spending several years providing technical support in the energy and financial sectors, he achieved his MCSE certification. This led to his first info security job supporting a migration to active directory.  Andrew went onto champion, design and implement an automated compliance and vulnerability management program. He has been developing and leading incident response teams, a malware analysis function and digital forensics services for the past 12 years in critical infrastructure financial organizations. 
SANS FOR508 is one of Andrew's favorite classes! It combines incident response and triage analysis with full disk forensics in a way that  balances accuracy and efficiency in our increasingly demanding role as cyber defenders.  
Andrew currently holds GREM, GCFA, and CISSP certifications and is an Incident Response Manager at a large financial organization.

Check out Andrew's blog at: https:

Dmitriy Sokolovskiy entered the Information Technology field in 1999 and throughout the years gained experience in multiple fields, including Windows and Unix server administration, NOC and SOC operations, large scale security projects and live incident response and remediation for some of the largest breaches in US history. He is a Certified Information System Security Professional and a GIAC Certified Enterprise Defender. Dmitriy had a first hand experience with the incredible lack of knowledgeable and experienced information security professionals in the IT and wanted to utilize his skills and experience to help close this gap.

Joe Sullivan got his start in information security in 1999 working for a web hosting company during the .com boom.  In 2001 Joe started one of the first outsourced technical support companies for web hosting server support.  After selling his company he went to work as the network security manager for a consumer electronics distributor and remained there for nearly 10 years.

 In 2014, Joe was recruited by Oklahoma based RCB Bank to guide their network security program. At RCB Joe is the Chief Information Security Officer. Joe also owns 1 to 1 Risk Control & Investigations, a private investigation agency in Edmond, Oklahoma.

Currently, Joe and his wife, Cathy, also operate Crossroads Information Security, which provides several services to small local businesses that do not have the expertise or resources for network security. Joe is also the leader of the Oklahoma City OWASP Chapter.

You can find Joe Sullivan's blogs online at:

Meet Dave Thomas - he's a dedicated Information Security professional with 10 years of experience. He is enrolled in the SANS Institute Cyber Security Engineering track with one year left before taking the GIAC Security Expert (GSE) capstone exam. Dave currently holds certifications in CISSP, PMP, GSEC, GCIA, GCIH, GASF, GCED, and GWAPT as an Information Security Solutions Architect II at a large systems integrator. He's looking forward to giving back by sharing all he has learned through teaching the technical and soft skills that will help aspiring security professionals reach their goals in information security.

What Dave brings to the table - besides 10 years in IT, he also spent 8 years in the United States Marine Corps as a Communications Officer. During this time he completed a Master's Degree in Information Technology. Dave also brings the patience and humor required to teach, as he is the father of two boys under the age of 4. He looks forward to finishing his second master's degree so he can spend more time with his kids, and beautiful wife. They enjoy investing in real estate properties, traveling, and eating Chicago-style deep dish pizza.

Dave feels SANS provides the perfect opportunity to come full circle in his GIAC studies, by learning all there is to know, gaining recognition in the industry, and giving back to others.

Eric is an accomplished governance, risk and compliance specialist and author set to publish his first book titled: Building a HIPAA Compliant Cybersecurity Program in late 2017 or early 2018.

In his GRC role as the Director of Compliance at Blue Health Intelligence (BHI), Eric leads efforts to increase cyber security maturity in several domains including governance, policy and controls, risk management, cyber security strategy and business alignment. He established the risk management function which includes assessment, analysis and treatment of risks, threat and vulnerability management strategy and due diligence requirements for assessing third-party risk.  Eric also assesses cybersecurity technology capabilities recommending enhancements to current solutions and new capabilities required to meet risk reduction requirements.  

Prior to BHI, Eric spent seven years at Ernst & Young (EY) in the Advisory practice where he specialized in helping healthcare organizations (providers, payers and business associates) solve problems related to information security, risk management and compliance.  Eric lead HITRUST Common Security Framework (CSF), cybersecurity program management and third-party risk management assessments. 

Michael Weeks is currently working as the SOC and Incident Response Lead at Fair Isaac Corporation. He leads a highly technical team of Analyst, Developers, and Incident Handlers in the daily monitoring of cyber security events for FICO. A graduate of the SANS Technology Institute Master of Science in Information Security Engineering Program and certified GIAC Security Expert, as well as a host of other SANS Certifications and the CISSP from ISC2. Michael is also a Chief Master Sergeant with the United States Air Force Reserve working in the 960th Cyber Operations Group as a Cyber Warfare Operator. The greatest privilege is the ability to mentor the future cyber warfare operators in hopes that they can help solve the many problems in cyber security.

Nick Wiebelhaus has a diverse background in both offense and defense in the security industry. Nick currently works as a security professional with a diverse business at an enterprise level that engages in loan origination, loan servicing, payment processor, internet service provider, collaboration spaces, software development, and banking. Nick is a subject matter expert in the areas of penetration testing, incident response management, system administration, and security operations center (SOC) management. He has developed enterprise penetration testing methodologies, SOC processes, and incident response processes.

Nick is an active member of the information security community in and around the Denver Colorado area. He teaches information security at the Community College of Aurora and frequently attends conferences and other community events. Nick earned his BS in Information Security from Colorado Technical University and currently holds several certifications including GPEN, GWAPT, GCIH, and Security +.

Ryan has been practicing information security for over a decade. He maintains a broad and deep knowledge of enterprise computing, risk management, and data security; and he enjoys sharing his learnings to help others secure their organizations.

With a heavy background in IT infrastructure, Ryan is technically proficient in both small and large-scale computing environment including all aspects of storage, network, and compute for both on-prem and cloud technologies.

He understands business value and process mapping and communicates these topics to business executives to better drive success through the organization. His ability to explain highly technical topics in a universally understandable message has enable Ryan to excel in implementations and organizational changes that would not have been possible otherwise.

Ryan has proven knowledge with multiple patents, publications, certificates, and system implementations provides his peers with real life experience and lessons learned to better solve challenges that exist in the field. He currently holds a CISSP, GISP, and also is a member of the GIAC Advisory Board. He also maintains an MBA with an emphasis in Organizational Change Leadership from Northern Illinois University.

Ryan is in continual pursuit of opportunities to share his knowledge and learn from others. Ryan enjoys giving back to the community and volunteers with various security community organizations and conferences to help teach others about information security.