Andreas Sfakianakis

Andreas is a seasoned cyber threat intelligence professional with over 15 years in cybersecurity.  He specializes in cyber threat analysis and building threat management programs. Andreas believes in actively engaging the community, especially the new generation of CTI analysts, maturing threat management programs within organizations as well as the embedding of CTI in policymaking. Andreas is the global threat operations lead of SAP’s CTI team and the founder of SAND, a company that provides CTI consultancy services. He takes pride in helping students plan and achieve their goals within the CTI sphere. As Andreas would put it, “Helping budding analysts motivate me to further my knowledge transfer activities and develop myself as an instructor and mentor.”

More About Andreas


‘Spend time to save time’ is one of Andreas Sfakianakis’ favorite quotes, and he certainly lives by it. When he started out as an undergraduate student in Computer Science, he had little knowledge about information security. “It was the sheer moment when I realized I could identify weaknesses in computer systems and build defences to better protect them that I never looked back.” Andreas’ educational qualifications include a B.Eng. degree in Computer Science and a M.Sc. degree in Information Security.

Tools like Nmap, Metasploit, and BackTrack (Kali) Linux inspired him to start in the field of information security and to better understand the adversaries’ capabilities. “I was always intrigued by adversaries’ actions post-compromise, their intentions, their capabilities, and their tradecraft,” says Andreas. “This knowledge can hugely help an organization better secure its infrastructure.” Precisely that is what brought him into the CTI field. Moreover, he appreciates how communication skills are critical and appreciated in this field. It has helped him build trusted connections with the CTI community and convey the outcome of threat analysis to different types of audiences.

The time when the CTI discipline started being adopted by organizations worldwide was the moment Andreas’ career really kicked off. It gave him the opportunity to experience first-hand the whole evolution of the CTI discipline from its very start. “During this journey, I have participated in the development of CTI teams in the finance, energy, retail, technology, and government sectors, all of which have different threat profiles.”

Another motto Andreas lives by is ‘Sharing is caring’, which shows in the many ways he transfers his extensive knowledge. “I learned a lot about Cyber Threat Intelligence from the community, and I consistently try to contribute back.” He regards SANS as being the best vehicle for transferring the knowledge that he acquired so far in his career. “The high quality of the courses as well as the top-notch instructors, are second to none in our industry.”

Andreas is currently an instructor candidate for the SANS FOR578 course of Cyber Threat Intelligence Training. With his experience across different industries, he brings practical advice and real-world examples to the classroom. “I try to give examples students can relate to, put them in situations where they need to think critically, and provide tangible takeaways. Intelligence is a team sport, and my approach is to interact with the students via thought-provoking questions and trigger interaction among them.”

Apart from the technical and analytical competencies, he also focuses on the important values an analyst should embody. He is a firm believer that a good analyst must embody integrity, humility, respect, transparency, and fairness. “As instructors, we need to lay the groundwork for positive work environments, healthy work relationships, and tomorrow’s leaders.”


Key publications :

Presentation Videos:

Presentation slides:

Academic papers

Working Groups and Committees:

  • ENISA's Ad-Hoc Working Group on Cyber Threat Landscapes
  • FIRST CTI Symposium Program Committee
  • Member of Review Board for the Journal of Threat Intelligence and Incident Response (JTIIR)
  • OASIS  Cyber Threat Intelligence (CTI) Technical Committee
  • GIAC Advisory Board
  • Member of ENISA's Expert Group on EU MS Incident Response Development
  • FIRST CTI Special Interest Group (SIG)

Personal website   

Company website