Ed Skoudis

If you mention “Ed” when discussing penetration testing or incident response, everyone knows exactly of whom you are speaking. Ed Skoudis has taught upwards of 40,000 security professionals globally and his countless contributions to information security have had immense impact on the community. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first authorities brought in to provide post-attack analysis on major breaches. He’s not just an expert in the field, he created many of the founding methodologies employed by governments and organizations around the world to test and secure their infrastructures.

Ed is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and is President of the SANS Technology Institute. A consummate presenter, Ed is a keynote speaker appearing internationally at conferences, and is an Advisory Board member for RSA.

More About Ed


Ed Skoudis is President of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Ed began teaching for SANS Institute in 1999. He earned an M.S. in Information Networking from Carnegie Mellon University and had already become a trusted security consultant with many accolades. He was the expert called in by the White House to test security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and he led the team that first publicly demonstrated significant security flaws in virtual machine technology. With his vast foundational knowledge of attacker behavior and techniques, and his work creating hacker challenges in the nascent stages of Counter Hack, Ed founded the SANS Penetration Testing Curriculum in 2008. He cites, “I really love building SANS courses and cyber ranges and working hard to make sure they represent realistic technical lessons that students can apply immediately when they get back to the office.”

In 2010, Ed and his team at Counter Hack built NetWars, the widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. Now there are more than 5 versions of NetWars available in various modalities, including Core, DFIR, Cyber Defense, ICS, and CyberCity, not to mention Counter Hack’s wildly popular Holiday Hack Challenge, featuring the KringleCon virtual conference. In 2015, Ed was awarded the Order of Thor Medal by the Military Cyber Professionals Association for his contributions in preparing the next generation of Cyber Warriors in large part because of these ranges. “When I first learned the offensive arts back in the day, there weren’t many good, realistic, safe environments to practice and build skills. Some of my friends and peers did some pretty crazy stuff back then – stuff that could get them in BIG TIME trouble. In my work now, I want to make sure that we have safe alternatives for people to build their skills.” Today, Ed continues to mentor the SANS author team in making realistic labs and ranges so that people can learn safely.

Ed has been published numerous times, including his own books The Hack-Counter Hack Training Course and Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, and he’s often referenced in security articles, like the wide press coverage on his RSA panels in recent years about the most dangerous attack techniques and security threats. He originally authored SANS’s flagship penetration testing courses, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC560: Network Penetration Testing and Ethical Hacking, but in the classroom is where his love of storytelling really shines, elevating the content with real examples to hammer home each detailed technical point through narrative.

His absolute favorite hobby is hacking together cool Internet of Things stuff for his office. Utilizing new hardware and automation, Ed can bring antique technologies back to life, writing code that stitches it all together with the cloud. Among other projects, he’s implemented the “MorseCodinator”, which is an 1861 telegraph key that follows him on Twitter, diligently typing out anything he tweets in morse code, and he’s taken a 1951 porthole TV and connected it to a Raspberry Pi to enable Netflix viewing while participating in Google Meets via the 19-inch black and white TV. “I have an old Tesla coil and a razor-sharp 1938 Westinghouse fan that I can control via Amazon Alexa. What can possibly go wrong! But, gosh, it’s so much fun!”

Here is a SANS Summit presentation by Ed Skoudis:



Using CTF Challenges to Level-Up Your Cybersecurity Career w/ Ed Skoudis - HackFest 2020

So You Want To Be a Pen Tester? 3 Paths to Consider

2019 SANS Holiday Hack Challenge Award Ceremony

More Super Practical Blue Tips, Tools, and Lessons Learned from Team-Based Training: Coordinating Hand-Offs, Your Buddy RITA, and Microsoft Message Analyzer FOR THE WIN!

Tips, Tricks, and Cheats Gathered from Red vs. Blue Team-Based Training

Introducing the NEW SANS Pen Test Poster - Pivots & Payloads Board Game


The Latest Cyber Attack Techniques to Watch for in 2020: Our Interview with Ed Skoudis

The 5 Most Dangerous New Attack Techniques: Are They Evolving?

How to Get the Most Value out of Your Penetration Test

The Enigma Machine

Derby Con 2019 Opening Keynote

Welcome Our New A.I. Overlords with Ed Skoudis

Honey, Please Don’t Burn Down Your Office Further Adventures in IoT and Office Automation


Paul's Security Weekly #653

Paul's Security Weekly #586

Paul's Security Weekly #540

Paul's Security Weekly #531

Paul's Security Weekly #484


COVID-19 Quarantine: A Unique Learning Opportunity for Defenders

Poster: Pivots and Payloads

Poster: Command Line Kung Fu


You can check out Ed's Youtube channel here.

Ed's Contributions