Gregory Leonard

Greg is a Managing Principal Consultant with DirectDefense where he helps clients secure their applications by performing penetration tests, secure code reviews, and risk assessments. Greg's responsibilities over the course of his career have included application architecture and security, infrastructure design and implementation, performance diagnostics, and security research. In his time with SANS, Greg has authored application security content related to secure coding for web and mobile applications, threat awareness, and top development design flaws, as well as contributing to DevSecOps and Cloud Security content. He is a SANS Certified Instructor teaching SEC540: Cloud Security and DevOps Automation.

More About Gregory


Greg’s career began in web application development but it was not until a decade later that he became cognizant of the importance and complexity of the security component. After learning the ways in which a web application can be attacked, it completely changed his development philosophy. He now uses the lessons he learned when introduced to application security to try to guide students to have the same awareness. There are so many interesting challenges related to security, that there really never is a dull day at work in development. Greg’s professional experience encompasses a variety of industries including finance, technology, pharmaceutical, and manufacturing.

Coming from a traditional waterfall development background, Greg understands a lot of the pain points that people have experienced in dealing with the hand-off between dev and ops while also trying to integrate proper security practices. Another challenge Greg feels many of his students face is the sheer number of options for all the various tools that can be used within different aspects of the DevOps lifecycle. Due to the time constraints of the classroom setting, it’s impossible to cover every available option. Greg addresses this is by providing a baseline understanding of the more popular tools that are in use in such a way that students can translate lessons learned from one tool and apply them to another. While it can be overwhelming to see all of the different options that are available when dealing with DevOps, not to mention cloud deployments, Greg revels in watching things start to click with students when they begin putting the pieces together.

In 2011 Greg took his first SANS course and immediately took an interest into the possibility of teaching. He began his journey with the SANS Mentor Program and taught his first run in 2013. Greg is always looking to challenge himself to become better and learn more about what he can do. Becoming a SANS instructor has done just that both by pushing Greg to continue to learn more about different aspects of security, as well as becoming a better teacher and presenter.

As an exercise to learn more about the configuration management tools discussed in SANS courses related to DevSecOps, Greg taught himself how to use Vagrant and Ansible to build out several virtual machines, one of which is being used as the baseline for several lab VMs in the SANS Cloud Security curriculum. Another of his builds has been designed to let DevOps newcomers play around with different pipeline tools and security scanners to see how they can be integrated effectively.

Now that the primary daily focus of Greg’s career is security testing, the biggest highlight for him are the times he’s helped a client work through a significant security problem in their application or configuration. Greg finds it very rewarding to know that he’s helping organizations avoid significant exploitation from zero-day attacks.

Greg holds a bachelor’s degree in computer engineering from University of Illinois. He’s an avid gamer with a life-long interest in martial arts - practicing taekwondo on and off since he was 16 years old.



Secure DevOps: Microservices and API Security, February 2018

Mobile App Security Trends and Techniques, April 2017

Going Mobile: Are your apps putting you at risk?, June 2016