SANS Instructors

Ed is the founder of the SANS Penetration Testing Curriculum and Counter Hack; leads the team that builds NetWars, Holiday Hack, and CyberCity; and is President of the SANS Technology Institute.

As a Special Agent with the Air Force Office of Special Investigations, Chad served on the national computer intrusion team and helped expand counter-espionage techniques. At SANS, Chad is a senior instructor and co-author for FOR500 and FOR508.

Dr. Johannes Ullrich is the Dean of Research for SANS Technology Institute, a SANS Faculty Fellow, and founder of the Internet Storm Center (DShield.org) which provides a free analysis and warning service to thousands of Internet users and organizations.

Joshua Wright, Senior Technical Director at Counter Hack Challenges and author of SEC504, has spent over two decades teaching and building tools that help defenders identify and counter real-world cyber threats through practical, hands-on learning.

Lenny Zeltser, CISO at Axonius, is a leader in developing resilient security programs. His invaluable tools, like REMnux, a widely used Linux distribution for malware analysis, have become industry standards in combating malicious software.

While at the Institute for Security Technology Studies, George was the developer of Tiny Honeypot and the IDABench intrusion analysis system and led the Dartmouth Distributed Honeynet System, studying the actions of attackers worldwide.

Domenica brings 20 years of mobile forensics experience supporting U.S. federal law enforcement and intelligence agencies while leading global training programs for elite investigative units including FBI and military special operations forces.

Christopher Crowley, a SANS Senior Instructor, has 25 years of industry experience managing and securing networks. He has authored numerous courses and is considered a leading expert in building an effective SOC.

Matt Edmonson, Senior SANS Instructor, STI faculty, and Founder of Argelius Labs, authored SEC497 and SEC587. An industry veteran with 11 GIAC certifications and OSCP, he draws on 20 years of investigations to deliver accessibly, real-world OSINT training.

Sarah Edwards is a pioneering force in Apple forensics, having revolutionized the field through the creation of APOLLO—an open-source tool that deciphers macOS and iOS pattern-of-life data.

Brandon is a Partner at Cyverity and SANS Senior Instructor at the SANS Institute. He is lead author for SEC510: Cloud Security Engineering and Controls; GPCS holder #1, multi-year RSA Conference presenter, and cloud Bug Bounty collector.

Moses has built an impressive career as a Network Architect, DevOps Engineer, and Information Security professional. Today, he works in the Offensive Operations space as a Red Team Operator and serves as the course author for SEC588.