Today, Greg is the director of incident handling at Red Canary, where he manages operational and strategic duties for all of the company’s customer-facing incident handlers comprised of researchers, former military personnel, forensicators, incident responders, red teamers, and code hackers. “I manage and perform hands-on research across multiple organizations and industries, taking what I know of adversary tactics to help organizations defend against them,” says Greg. He also runs a cyber security program for a small gaming company, and is the principal consultant at Fox River Information Security.
A SANS instructor since 2018, Greg is currently a SANS certified instructor teaching SEC560: Network Penetration Testing and Ethical Hacking. And although he’s an instructor today, Greg’s first interaction with SANS was as a student. “I took my first SANS class, a penetration testing class, with John Strand in 2009 and was blown away,” says Greg. “The amount of information that I received in those six days was overwhelming, but immediately changed the way I did my job.”
Today, as an instructor, Greg enjoys watching his students have those same lightbulb moments, where all of a sudden something the class has discussed or introduced comes into focus. He also enjoys sitting down with students during breaks when they have a question related to their day-to-day jobs, noting that students who listen and ask questions tend to have the most success in his classes.
Greg’s former role at Fishnet Security gave him the chance to do actual hands-on penetration testing services, an experience he says taught him what organizations are truly concerned about, the diverse set of problems that organizations face across multiple industries, and most importantly, how to effectively communicate results to executive management and IT staff. “Technique and tooling is one aspect of penetration testing, but methodology is a big part of that,” he says.
Today, he couldn’t be more proud to share that knowledge and more with his students. “As a student, I knew the information I was getting was relevant, timely, and the instructors were the best in the business because they were practitioners who did the work day-to-day and could speak about it,” he says. “Someone took the time to pull me aside and teach me all that they knew. I consider it imperative to do the same and I am honored to be a part of this organization.”
Greg received his bachelor’s degree in English from Colorado State University and a master’s in computer, information, and network security from DePaul University. He holds GCIH, GPEN, GXPN, GCIA, GCFA, and OSCP certifications.
When he’s not teaching and consulting, Greg enjoys his role as a father and mentor, and supports local community services. He enjoys getting outdoors with his son, playing board games, and traveling.