Adrien de Beaupre

Adrien de Beaupré realized from an early age that he was better at breaking things than fixing them. When he read The Cuckoo's Egg by Clifford Stoll about the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory, Adrien realized that he could put his special talents to work in an information security career.

Adrien has spent the better part of three decades in the I.T. industry, over 20 of those specializing in information security, making him an experienced penetration tester, team lead, and senior information security professional. During that time, Adrien had the opportunity to be the team of Vancouver 2010 Winter Olympic Games security assessment.

More About Adrien


Today, in addition to being a prolific SANS instructor and course author, Adrien is an independent penetration tester in both the Government and private sectors around the world.

A sought-after instructor known for his engaging, straight-forward style, professionalism, and real-world experience and examples, Adrien has taught a plethora of SANS courses. Thus showing his depth and breadth of knowledge in penetration testing, vulnerability assessment, incident handling, and intrusion detection.

To Adrien, teaching at SANS is an opportunity to pay forward the investment his mentors and teachers made to him throughout his career. This is a chance to share his knowledge and experience while learning from the research he does to teach the material covered in a SANS course. “And, it’s rewarding to see a student who was struggling, finally understand what rooting a box feels like,” he says. “I love what I do, I am either hacking or teaching how to hack!”

Adrien has taught SANS SEC504 Hacker Tools, Techniques, and Incident Handling; SEC460 Enterprise Threat and Vulnerability Assessment; SEC560 Network Penetration Testing and Ethical Hacking; SEC542 Web App Penetration Testing and Ethical Hacking.

Adrien contributed to the OSSTMM3, Hacking Exposed Linux (3rd Edition), Security Incident Handling Step-by-Step Guide (SANS), the Security Incident Management Capability Maturity Model (Bell) and other vulnerability assessment and security management frameworks as well as methodologies such as SANS courseware.

A long-term volunteer member of the SANS Internet Storm Center, where he performs incident handling and threat analysis, Adrien also holds GSEC, GPEN, GWAPT, GCIA, GCIH, GXPN, OPSA, OPST, MCSE and CISSP certifications.

When he’s not teaching or consulting, you’ll find Adrien hacking in his personal time…both computers and through his practice of Karate.




No SQL Injection in MongoDB applications, July 2020

Introduction to enterprise vulnerability assessment; finding Struts, June 2018

Java on the Server? What Could Possibly Go wrong?, March 2018

Modern Web Application Penetration Testing Part 1, XSS and XSRF Together, October 2019

Modern Web Application Penetration Testing Part 2, Hash Length Extension Attacks, February 2020

Modern Web Application Penetration Testing Part 3, NoSQL injection with MongoDB, June 2020