Greg Bailey

A “curious defender” at heart, Greg Bailey loves puzzles and has an insatiable desire to know how things work. “I take things apart, I learn how they operate. I break things so I know how to fix them. That's just how my brain works,” he says. But it was a chance opportunity that initially brought him into the information security field.

While in college studying radio communications, the world wide web took off and due to Greg’s experience with computers he was immediately hired by a consulting firm in his hometown of Chicago upon graduation. “It was there I witnessed our firm and others get hit by some of the more famous viruses at the time: ILOVEYOU, AnnaK, Code Red, SQLSlammer, Blaster, etc.,” he says. “That first time I experienced running around our office pulling LAN cables with my IT buddy, I was hooked. I had to know how these programs had gotten into our network and how they operated.”

Since then, he’s spent more than 20 years in the IT field, working for large financial institutions including Discover, HSBC, and SunGard; professional services organizations such as Accenture, Fishnet/Optiv, and HP; and as the acting CISO at mobile game company Zynga. Through these roles, Greg has built years of experience running security operations and performing penetration testing and adversary emulation.

More About Greg


Today, Greg is the director of incident handling at Red Canary, where he manages operational and strategic duties for all of the company’s customer-facing incident handlers comprised of researchers, former military personnel, forensicators, incident responders, red teamers, and code hackers. “I manage and perform hands-on research across multiple organizations and industries, taking what I know of adversary tactics to help organizations defend against them,” says Greg. He also runs a cyber security program for a small gaming company, and is the principal consultant at Fox River Information Security.

A SANS instructor since 2018, Greg is currently a SANS certified instructor teaching SEC560: Network Penetration Testing and Ethical Hacking. And although he’s an instructor today, Greg’s first interaction with SANS was as a student. “I took my first SANS class, a penetration testing class, with John Strand in 2009 and was blown away,” says Greg. “The amount of information that I received in those six days was overwhelming, but immediately changed the way I did my job.”

Today, as an instructor, Greg enjoys watching his students have those same lightbulb moments, where all of a sudden something the class has discussed or introduced comes into focus. He also enjoys sitting down with students during breaks when they have a question related to their day-to-day jobs, noting that students who listen and ask questions tend to have the most success in his classes.

Greg’s former role at Fishnet Security gave him the chance to do actual hands-on penetration testing services, an experience he says taught him what organizations are truly concerned about, the diverse set of problems that organizations face across multiple industries, and most importantly, how to effectively communicate results to executive management and IT staff. “Technique and tooling is one aspect of penetration testing, but methodology is a big part of that,” he says.

Today, he couldn’t be more proud to share that knowledge and more with his students. “As a student, I knew the information I was getting was relevant, timely, and the instructors were the best in the business because they were practitioners who did the work day-to-day and could speak about it,” he says. “Someone took the time to pull me aside and teach me all that they knew. I consider it imperative to do the same and I am honored to be a part of this organization.”

Greg received his bachelor’s degree in English from Colorado State University and a master’s in computer, information, and network security from DePaul University. He holds GCIH, GPEN, GXPN, GCIA, GCFA, and OSCP certifications. Greg is also is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

When he’s not teaching and consulting, Greg enjoys his role as a father and mentor, and supports local community services. He enjoys getting outdoors with his son, playing board games, and traveling.