Jake relishes the idea of meeting adversaries on the cyber battlefield. "I went into this field because I wanted a challenge," he says. "Infosec is like a game of chess to me. The attacker plays their moves and you play yours."
Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. "I am immensely proud of the things I've accomplished," Jake says. "I'm positive the world is a safer place because of my work."
Today, Jake runs a successful Infosec consultancy. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. In one, Jake discovered attackers compromising a custom service the client had distributed to all its endpoints. Leveraging experience and insight with advanced persistent threats helped Jake "think like the attacker" and determine the attacker's likely hiding spots.
Jake's work has led to his invention of DropSmack, a proof-of-concept tool for highlighting the danger that cloud-based file sharing services pose to corporate networks, and the creation of ADD (Attention Deficit Disorder), a publicly-available memory anti-forensics toolkit.
Jake's work also led him to teaching. "I chose to be a SANS instructor because they are the very best in the business. Others talk about being the best, but SANS actually is the best," he says. "I love teaching people, but it goes beyond teaching for me. With many students, I'm making lasting professional relationships. Students come back again and again and have a lifelong learning relationship with SANS."
Jake is the co-author of the FOR578: Cyber Threat Intelligence course and teaches a variety of classes (SEC503, SEC504, SEC660, SEC760, FOR508, FOR578, FOR610). He prefers an active learning approach, using demos rather than slides to teach lessons. "It takes me back to my first exploits and I get the chance to relive that magical feeling all over again," he explains.
More importantly, Jake wants students to walk out of class being able to critically analyze a problem, discover a solution, and do something they couldn't do before. "I don't teach button-clicking steps, my goal is to ensure students understand how to take concepts from the class and apply them to their own cases and engagements."
Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and breathes Infosec. When he's not teaching, he's consulting. He's a regular speaker at industry conferences including DC3, BSides (including BSides Las Vegas), DEFCON, Blackhat, Shmoocon, EnFuse, ISSA Summits, ISACA Summits, SANS Summits, and Distributech. He has also presented security topics to a number of Fortune 100 executives.
Jake is also a two-time victor at the annual DC3 Digital Forensics Challenge. He drew on his passion for hands-on capture-the-flag events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses.
- 12-year veteran of information security
- Instructor of eight SANS courses
- Prolific speaker
- Co-author of the FOR578: Cyber Threat Intelligence course
- GIAC Security Expert (GSE), March 2016
- GIAC Security Essentials Certification (GSEC), June 2015
- GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), March 2015
- GIAC Certified Forensic Analyst (GCFA), October 2013
- GIAC Penetration Tester (GPEN), January 2013
- GIAC Certified Incident Handler (GCIH), January 2013
- GIAC Certified Intrusion Analyst (GCIA), December 2012
- GIAC Certified Windows Security Administrator (GCWN), November 2012
- GIAC Reverse Engineering Malware (GREM), October 2012
- GIAC Certified Forensic Examiner (GCFE), September 2012
- GIAC Systems and Network Auditor (GSNA), February 2012
Get to Know Jake Williams:
Jake teaches the following courses for SANS:
- FOR578: Cyber Threat Intelligence
- FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
- SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking
- FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
- SEC760: Advanced Exploit Development for Penetration Testers
- SEC504: Hacker Tools, Techniques, Exploits and Incident Handling
- SEC503: Intrusion Detection In-Depth