Today Eric serves as founder and CTO of Recon Infosec, a provider of managed security services and network defense range simulations. Previously, Eric managed the Security Operations Center for the Texas Department of Public Safety, where he singlehandedly built the agency's first CSIRT, and is an instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, a role he's proud to fill.
"I firmly believe there is no higher quality training program, in this field or many others for that matter, than SANS," says Eric. "The seamless combination of world-class expert instructors and highly relevant, in-depth course material is unparalleled in any other program I have encountered."
In addition to these roles, Eric continues to serve part-time in the Texas Air National Guard as a Cyber Warfare Operator. He also leads the team that develops and runs OpenSOC.io, a DFIR CTF, at the Blue Team Village at DEF CON each year. Even in his spare time, Eric enjoys tinkering in Python, analyzing malware, authoring threat signatures/IOCs, and developing/maintaining honeypots and deception systems.
Eric routinely leverages Windows forensics skills in support of defensive and incident response operations as well as providing support to law enforcement. This experience enables Eric to provide real-world forensics experience not only for LE/investigative purposes, but also for identifying attack methods and infection timelines of compromised systems. He has a passion for detailed threat analysis and uses those skills to bolster defensive postures by leveraging defense-in-depth methodologies.
Eric's raw passion for forensics shines through in the classroom as well, giving him a connection with students from a wide variety of backgrounds. Eric utilizes a range of methods to ensure each of his students has an "ah-ha" moment with the material he's teaching, along with conveying the importance of attention to detail and uncompromised integrity with investigations. "My goal as an instructor is to teach not only the technical skills required to perform the job, but also the core principles and processes that must be followed to preserve accuracy and fidelity in your investigations," he says.
A mentor and teacher at heart, Eric's greatest career highlight is centered around his role as an instructor. "While I sincerely love the technical, hands-on aspect of the job, I feel my most significant accomplishment is the time spent working with analysts that I have had the distinctive honor to train over the years," he says. "By sharing my passion, knowledge, and lessons learned, I hope that I have boosted their careers and helped them quickly identify the areas of this field that they will enjoy the most."
In one memorable situation, a young undergrad was participating in an incident response simulation that Eric was operating at a local security conference. "This young lady had no prior experience in this field but through sheer dedication and drive took first place over 42 other participants in the event," he says. "I found out a few weeks later that the employer of a few other participants in that challenge had offered her a job shortly after her accomplishment that day." Seeing the ripple effect of his efforts was incredibly rewarding and humbling experience for Eric.
Eric is GIAC GCFE, GIAC GCFA, Certified Ethical Hacker, Security+, Linux+, LPIC-1, PCNSE, and A+ certified. He shares opinions and techniques centered around information security on his blog at https://blog.reconinfosec.com, and supports and contributes to open source projects in his spare time. "I enjoy leveraging Python to automate security operations to make life easier for analysts and to enhance effectiveness of security teams," he says.
An avid adventure motorcycle rider, Eric's ideal weekend is loading up his motorcycle and heading to the mountains for camping and adventure.
ADDITIONAL CONTRIBUTIONS BY ERIC CAPUANO: