Erik Van Buggenhout

Erik Van Buggenhout is a co-founder of NVISO, a Belgian cybersecurity firm, as well as a SANS Senior Instructor and lead author of SEC599: Defeating Advanced Adversaries and SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection, as well as coauthor of SEC560 - Network Penetration Testing & Ethical Hacking. Prior to NVISO, Erik spent five years at a Big 4 firm, where he evolved into a subject matter expert for the EMEA region. He has been involved with SANS since 2009: first as a Mentor, then working his way to Community Instructor in 2012, becoming a Certified Instructor in 2016 and a Senior Instructor in 2020.

More About Erik


Erik began his career as an intern at EY. He accidentally ended up in the cybersecurity team and was asked to assist in pen testing. At that time, he didn't know he could make money in the field. He signed on at EY in 2008 and didn't look back. Over time, he evolved from pure pen testing/red team to doing more blue/purple team work today.

Erik has an interesting mix of experiences and skills that range from offensive security topics (pen test, red team, adversary emulation) to defensive security topics (security monitoring, threat hunting, incident response) over his 10+ years in the industry.

Erik is the lead author for two SANS courses - SEC599: Defeating Advanced Adversaries and SEC699: Purple Team Tactics - Adversary Emulation for Breach Prevention & Detection, as well as coauthor of SEC560 - Network Penetration Testing & Ethical Hacking.As a SANS Senior Instructor, Erik enjoys standing in front of a classroom and explaining deeply technical concepts by using war stories, and adding a few funny anecdotes here and there. He believes this love for knowledge transfer is recognized by his students and has resulted in his success as an author and instructor.

In addition to his work with SANS, Erik is the co-founder of Belgian cybersecurity firm NVISO, specializing in the government, defense and the financial sector. Erik and his team have built NVISO into a 100-man organization in the span of 7 years, and now serves some of the most critical organizations in the European region. Together with his team of technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Furthermore, Erik sits on the board of directors of his company NVISO and also runs the Belgian Cyber Security Challenge and German Cyber Security Rumble. These competitions are aimed at university students to entice the next generation of cybersecurity experts!

Erik holds a master’s degree in Cyber Security from Royal Holloway University of London, and has earned a number of professional certifications over the years including: GSEC, GCIH, GCIA, GNFA, GPEN, GWAPT, and GSE certifications. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

When he’s not teaching or writing courses, Erik enjoys a few healthy things like road cycling (a STRAVA fanboy), indoor soccer, snowboarding, and also a few less healthy things like BBQ, cigars, and whiskey (in no particular order).

A self-confessed speed walker, if you see Erik rushing around at a conference: feel free to stop him and say "Hi!"

Here is a SANS presentation by Erik Van Buggenhout:

Stealth persistence strategies | SANS@MIC Talk



Updates to SANS' flagship penetration testing course SEC560, July 2020

Leveraging MITRE ATT&CK and ATT&CK Navigator, Feb 2019

Purple PowerShell: Current attack strategies & defenses, April 2019

The SANS Purple Team Curriculum - SEC599 and SEC699, Dec 2019

SEC599: Defeating Advanced Adversaries - Implementing Kill Chain Defenses, May 2018

How to Prevent, Detect & Respond to an Advanced Attack, Oct 2017