Brian started his career in 1998 working in desktop support after earning his first certification from CompTIA and working his way into system administration. He enjoyed breaking technical systems down and learning their inner workings, building systems, and troubleshooting issues. After a four-year hiatus from tech to serve in the U.S. Navy as an avionics technician (AT2), Brian returned to tech in an information security role. Since 2007, he has filled a variety of different roles in information security, including network and host forensic analyst, red team member, security engineer, and incident responder. Brian particularly liked tackling the most challenging problems and battling adversaries as an incident responder.
Brian currently works at Meta (formerly Facebook) and supports a team responsible for detecting malicious or unexpected activity on all network environments across the portfolio of products; Facebook, Instagram & WhatsApp.
“As a manager, I have been most proud to help the individual contributors on my team to better focus on what matters, where we can make the biggest difference, and how we can become tremendously impactful contributors to both the team and the company,” he explains. “In this field, we tend to be generalists who can do nearly anything, and we often get asked to help on all kinds of projects. But like so many things in life, just because we can doesn’t mean we should. In many ways, we can make the biggest difference when we focus our energy on the hardest challenges that require our unique perspective, skills & experience.”
As a SANS Instructor, Brian currently teaches FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, which focuses on key concepts such as how to know what data is available and where it can be found to help fill in gaps in the story and solve investigations. “In class, we talk about these challenges in terms of balancing business needs, technical capabilities, and overall efficiencies,” Brian said. “I’ve worked in a large variety of environments, corporate cultures, and roles, so I can engage any student and have a thoughtful conversation about any topic.”
Network forensics has so much potential, and Brian especially loves to share what he has learned over the years on this topic. His main goal as a teacher is to help his students understand the core concepts, take these newly learned skills back to the office on Monday, and put them to good use with immediate impact.
“I share some of the creative solutions I’ve applied in various situations as a seed to grow additional creative solutions. But I don’t have a crystal ball for every situation in every environment. You know your environment better than anyone else. Get creative and think of the ways that you can achieve your goals with whatever you have in your toolbox or learn how to put more tools in that same toolbox.”
In the classroom, Brian enjoys it when students have that “ah-ha” moment that shows they are getting it.
“Whether it’s related to gaining visibility to better understand their environment or new ways to identify malicious activity using the data they already have available, I can see their wheels turning!’
Brian recalls an investigation he once worked on in which where an insider was discovered snooping on customer data. “Through the evidence, we had available we were able to identify a small number of victims, but there were some data integrity concerns identified that left us uncertain that we had the complete set,” Brian recalled. “We had a small window of opportunity to physically visit a data center to collect additional evidence, which we did, and that led to the discovery of 10x more victims,” Brian notes that in that case, knowing the potential sources of evidence and the many ways to access that evidence gave him and his team more certainty that they could scope the incident accurately, exhausting all options, and notify the complete set of victims.
“We could have settled with what we had, and it would have been a nice win, and our findings wouldn’t have been wrong. But it wasn’t the right thing to do. My teams always go that extra mile to do the absolute best we can.”
Brian has a master’s degree in Information Security from the University of Maryland Global Campus (UMGC) along with many industry certifications, including the GIAC Network Forensics Analyst (GNFA), the GIAC Certified Forensic Examiner, and the Certified Information Systems Security Professional (CISSP). He previously taught the Cybersecurity Operations course at Capitol Technology University.
As both a manager and a teacher, Brian takes particular pride in guiding people through a rewarding career. But he also sees value in what he can continuously learn from others. “I usually say to my students, ‘I’ve been there and done that, so let me share my knowledge and experiences with you so you can do it better, faster, and more effectively.’ But then I want them to share back with me so I can learn from their unique experiences too! I learn something new from my students nearly every class I teach”
Outside of work Brian enjoys all-things tech, traveling, and finding local spots with unique food and drinks.
- Over 20 years of experience as a technical leader with a deep understanding of defending enterprises from cyber-attacks
- Diverse background in US military, contracting, consulting, and industry environments from offensive and defense positions which have given him creative skills to solve challenging investigation situations
- Brian currently works at Meta (formerly Facebook) and supports a team responsible for detecting malicious or unexpected activity on all network environments across the organization
- Instructor for the FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response course
Get to Know Brian Olson
- Brian has a master’s degree in Information Security from the University of Maryland Global Campus (UMGC)
- Brian holds the GIAC Network Forensics Analyst (GNFA), the GIAC Certified Forensic Examiner, and the Certified Information Systems Security Professional (CISSP).
- He previously taught the Cybersecurity Operations course at Capitol Technology University.
Hear Brian talk about Live Response with Ansible: