homepage
Open menu
Contact Sales

Jason Fossen

Jason Fossen is the president and chief consultant of Enclave Consulting and a SANS Faculty Fellow Instructor. He has worked as an independent consultant supporting Microsoft environments for over 25 years and has trained thousands of Windows network administrators and security personnel in more than a dozen countries around the world. Jason is the author of SEC505: Securing Windows and PowerShell Automation, a course that prepares administrators for the GCWN certification exam. He is the top instructor to help security professionals understand Microsoft Windows at a deeper level.

More About Jason
Specialties
Photo

Profile

Jason is known as “The PowerShell Guy” at SANS and has a deep knowledge of Windows Server security. With every new update, all eyes look to him to dissect what’s new with Microsoft's latest operating systems, and what to watch out for. Jason Fossen is a Faculty Fellow who specializes PowerShell security automation for Windows, Active Directory and Azure. Jason has written and taught SANS courses for more than 25 years. Jason has written and taught SANS courses for more than 25 years. Jason is the owner of Enclave Consulting LLC and has worked as an independent consultant supporting Microsoft environments for over 25 years.

According to Jason, "There is a large demand in the market for IT professionals who understand Microsoft Windows at a deeper level. Forensics, reverse engineering malware, hacking techniques, and implementing defenses in the kernel, such as DEP, ASLR and User Account Control are just a few examples. Figuring out how to obtain this knowledge (beyond sifting through hundreds of pages of Microsoft articles) is something many struggle with.” Jason is passionate about creating tools and teaching students to understand Windows to be effective cybersecurity professionals.

One student wrote “Jason is a Guru at Microsoft Windows Security. I attended a course he led for advance IT Security professionals and he gave all of us lots of new information. It is apparent that Jason invests an enormous amount of time tracking down all the intricate details of Windows servers. His consulting skills, training skills, and knowledge all come together to provide enormous value.”

Jason graduated from the University of Virginia and obtained his master’s degree from the University of Texas at Austin. Jason is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. He has held several certifications including GIAC GCWN, GSEC and was a Microsoft MVP for the ISA Server firewall. Jason gives away all of his PowerShell scripts at https://BlueTeamPowerShell.com.

ADDITIONAL CONTRIBUTIONS BY JASON FOSSEN:

WEBCASTS

PowerShell 2020: State of the Art / Hack / Infection, September 2020

What's New for Security in Windows Server 2016?

TOOLS

Go here to download hundreds of PowerShell and VBScript scripts for tasks large and small related to Microsoft product security.


Jason's Contributions

PowerShell-Blue-Team.jpg
Blog
Instructor Spotlight: Jason Fossen for SEC505 PowerShell
Meet Jason Fossen, SANS Fellow and author of SEC505: Securing Windows and PowerShell Automation
Jason Fossen
Fellow
read more
Blog
Windows 7 and IE8 CIS Security Baselines
The Center for Internet Security (CIS) and Microsoft are collaborating on security baselines for Windows 7 and Internet Explorer 8. On July 13, 2009, beta versions of these baselines will be available for review from the Microsoft Connect site. On August 5, 2009, Microsoft will host a Live Meeting...
Jason Fossen
Fellow
read more
Blog
PowerShell Script to Block Cortana for Privacy
Privacy advocates dislike the amount of personal information shared with Microsoft through the Windows 10 Cortana search feature.In Windows 10 version 1607 (the "Anniversary Update" released in August 2016) Microsoft removed the easy-to-find on/off switch to disable Cortana, but at least there is a...
Jason Fossen
Fellow
read more
PowerShell-Blue-Team.jpg
Blog
PowerShell 7-Zip Module Versus Compress-Archive with Encryption
Archive File Management In PowerShell PowerShell 5.0 includes two cmdlets for working with compressed Zip files: Compress-Archive and Expand-Archive. However, these cmdlets do not support encryption, are relatively slow, cannot handle other archive formats, cannot peek at file listings inside of...
Jason Fossen
Fellow
read more
PowerShell-Blue-Team.jpg
Blog
PowerShell Function to Send UDP SYSLOG Message Packets
The syslog protocol is very widely used for sending UDP log messages over the network to a centralized logging server, typically running UNIX or Linux. Today, virtually every Security Information Event Management (SIEM) product supports inbound syslog as well, despite the security shortcomings of...
Jason Fossen
Fellow
read more
PowerShell-Blue-Team.jpg
Blog
Launch PowerShell Script From Within KeePass And Include Password Secure String Credential
The Task You want to 1) launch PowerShell.exe using the KeePass password manager by double-clicking an entry in KeePass, perhaps to run a script, 2) inject a password stored in KeePass into that PowerShell.exe process as a variable, such as for a secure string or a PSCredential object, but 3) you...
Jason Fossen
Fellow
read more