Ismael Valenzuela

Ismael Valenzuela is author of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering and co-author of SEC568: Combating Supply Chain Attacks with Product Security Testing. Ismael is Vice President Threat Research & Intelligence at BlackBerry Cylance, where he leads threat research, intelligence, and defensive innovation. Ismael Valenzuela has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.

More About Ismael


As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies

Prior to his current role at BlackBerry, Ismael worked as a Senior Principal Engineer at McAfee, where he founded the Applied Countermeasures group (AC3), leading Threat Content Research and Engineering efforts for SecOps products, driving visibility, detection, and investigation efficacy for EDR/XDR, as well as MITRE ATT&CK evaluations. Before that, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally, and worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Ismael holds a bachelor's degree in computer science from the University of Malaga (Spain), and is certified in business administration. Additionally, he holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132) in addition to GREM, GCFA, GCIA, GCIH, GPEN, GCUX, GCWN, GWAPT, GSNA, GMON, CISSP, ITIL, CISM, and IRCA 27001 Lead Auditor from Bureau Veritas UK. Ismael is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.


"He is clearly one of the best minds we have on how SOCs worked. He is an expert in network traffic analysis and has responded to countless intrusion cases over his career." - Rob Lee- SANS Fellow, DFIR Curriculum Lead and Technical Advisor to US DOJ

"He’s really a trailblazer in our industry." - Chris Young, Former CEO McAfee

Hear Ismael discuss defeating attackers with preventative security here:



Social Engineering Your Way to Success, July 2020

Extending Your Home Lab to include Cloud, July 2020

Building an Enterprise Grade Home Lab, May 2020

Journey to Becoming An All-Around Defender, April 2020

Architecting for Security Operations: Divide and Conquer!, February 2020

Have You Taken The "Endpoint Blue Pill"? Debunking The Endpoint Protection Myth, October 2019

Why Traditional EDR Is Not Working -- And What to Do About It, June 2019

How SOC Superheroes Win, June 2019

Defensible Security Architecture and Engineering - Part 3: Protect your Lunch Money - Keeping the Thieves at Bay, May 2019

Defensible Security Architecture and Engineering - Part 2: Thinking Red, Acting Blue - Mindset & Actions, April 2019

Defensible Security Architecture and Engineering - Part 1: How to become an All-Round Defender - the Secret Sauce, March 2019

Enterprise Security Weekly #70


You can read Ismael's personal blog here.

You can read Ismael's professional blog through McAfee here.

Ismael's Contributions