David Hoelzer

David Hoelzer, a SANS Fellow and author of more than twenty days of SANS courseware, is an expert in a variety of information security fields, having served in most major roles in the IT and security industries over the past twenty-five years. Currently, David serves as the principal examiner and director of research for Enclave Forensics, a New York/Las Vegas based incident response and forensics company. He also serves as the chief information security officer for Cyber-Defense, an open-source security software solution provider.

More About David

Upcoming Courses


David has been highly involved in governance at the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense, serving as a member of the Curriculum Committee, Long Range Planning Committee, GIAC Ethics Board, and as Dean of Faculty.

As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories, and many colleges and universities.

Outside of SANS, David is a research fellow in the Center for Cybermedia Research, a research fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC), an adjunct research associate of the UNLV Cybermedia Research Lab, a research fellow with the Internet Forensics Lab, and an adjunct lecturer in the UNLV School of Informatics. David has written and contributed to more than 15 peer reviewed books, publications, and journal articles.

Recently, David was called upon to serve as an expert witness for the Consumer Financial Protection Bureau in a landmark case regarding information security governance within corporations in the financial sector and has previously served as an expert for the Federal Trade Commission for GLBA Privacy Rule litigation.

In the past, David served as the director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT and an MS in Computer Science, having spent time either attending or consulting for Stony Brook University, Binghamton University, and American Intercontinental University.



I'm Sorry Dave, I Can't Do That: Practical Machine Learning for Information Security (New Course Preview!), March 2020

Making Risk Assessment Useful, February 2016

How to Build Your Modern Email Fraud Defense, October 2018


  • LaBrea.py - Modern implementation of LaBreay Tarpit in Python/Scapy. LaBrea allows you to set up a host that can take over all unused addresses within an IPv4 subnet, creating a low interaction honeypot (of sorts) for network worms and scans.
  • ShowMeThePackets - Collection of IDS/Network Monitoring scripts and tools covering things from data collection through analysis. David Hoelzer
  • VisualSniff - A simple communications visualization tool for Macos written in Objective-C. Visualizes communicating hosts, volume, and directionality of data.