Brian Vlootman

Brian Vlootman has over 20 years of deep technical experience in Information Technology and Information Security. He is currently a SANS instructor and the Chief Information Security Officer for Backbase. As someone who is always seeking to learn and understand new technologies, he holds several security certifications including the GIAC GDSA, GCDA, GDAT, GREM, GNFA, GCFA, GXPN, GCIH, and GWAPT.

More About Brian


Brian Vlootman has worked his entire career in IT, always looking for new technologies to learn. He enjoys focusing on a topic and doing a deep dive to internalize and understand before turning to other topics. As a result, he’s developed a broad understanding of different aspects of IT and security.

He started his career as a systems engineer in 1999 and then moved on to other areas such as a database administrator, network engineer, storage engineer, virtualization engineer, and an infrastructure architect. Security was always a part of his early work experience, but in 2010 he realized just how broad the security domain was and how much there was to explore. He pivoted his career to focus on information security, but always knew his prior experience working in many different IT domains was beneficial. He started as a pen tester and then a few years later moved to incident handling, digital forensics, and a role as an information security officer.

In his current role as Chief Information Security Officer at Backbase, Brian drives application security and helps clients with secure deployments. As a SANS instructor, he brings broad expertise, having worked in many different IT domains and for both very large enterprises as well as start-up companies. In his current work environment, he works with people representing over 50 nationalities and believes this helps him to relate to and connect with his students.

Brian’s approach to training students is to maximize independence, responsibility and to promote critical thinking. He works to prevent situations where students are just passively receiving. He aims to change their mindset and often challenges his students to think differently. Brian believes that students retain more of what they learn in a course when they have some ownership over their learning, and where they do not only hear about facts but are also able to think of the why.

Brian is always looking for new things to learn and with an ever-expanding scope in cybersecurity, there is always something new to learn with many opportunities to stay challenged. He likes to solve puzzles and found that there are many unique situations in security that require finding new solutions.

Brian recently helped a medium-sized financial institution with security workshops and training, prepare for the successful go-live of their first cloud deployment. He and his team helped support their launch, and saw a significantly faster go-live and his client experienced far fewer security issues, as compared to other similar-sized companies.

As a student, Brian enjoyed and learned a lot from all the SANS courses he has taken, which he credits to both the course content as well as the instructors, and he believes SANS is unique in bringing together so many experts in their field and is a company he wanted to be a part of. Brian believes a good instructor plays an invaluable role as a facilitator in the process of learning, and he takes it on as a personal challenge to always pursue that.

Brian holds several security certifications including the GIAC GDSA, GCDA, GDAT, GREM, GNFA, GCFA, GXPN, GCIH, and GWAPT. Outside of work, Brian enjoys outdoor sports, including cycling, snowboarding, and scuba diving.