Jim Simpson

As a Director of Threat Intelligence with years of hands-on experience, Jim is eminently suitable as Certified Instructor Candidate for the FOR578: Cyber Threat Intelligence course at SANS. He realizes the public perception of Cyber Threat Intelligence (CTI) differs from the polished blog posts and white papers the marketing teams of big security firms put out. As he was part of such a company, he has insight into how the work is done to get there, so he can cut through all the fluff and make it tangible and impactful for his students. He recognizes that the CTI course has several challenging aspects that he has dealt with personally and helped his teams with. “It all comes down to identifying how you think to establish and control bias and logical fallacies.”

More About Jim
Headshot of Jim Simpson


The task of babysitting an onsite pen test when he was working in IT was how Jim Simpson got hooked on cybersecurity in 2008. As it is an ever-changing field and there is always something to learn, he loves the opportunities it brings, especially with Cyber Threat Intelligence. He started doing that as a Principal Threat Researcher for Cylance/BlackBerry. “Digging through malware and seeing the ingenuity and effort that goes into the development of it, I wanted to know more about where it came from, what ties it to the whole attack, tracking groups of activity and learning from them to help companies defend or detect future breaches.” At BlackBerry, Jim also co-authored the book Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence.

Jim took his first course with SANS in 2013 via on-demand. He immediately loved the content and enthusiasm, but when he stepped into John Strand's SEC504: Hacker Tools, Techniques, and Incident Handling class a year later and saw how John took the concepts and lifted them into reality, Jim knew immediately that this was what he wanted to do too. “I want to have that impact, simplify the subject, and cut through the noise that can be deafening, so my students can walk away better placed to do good in the world.”

At the heart of things, Jim is still a big kid and gets a huge buzz from helping people understand the world a little differently. The public perception of CTI differs from how marketing teams at big security firms picture it in their blogs and white papers. “I have been in one of those places and have insights into how the work is done to get there, so I can cut through all that fluff and make it something tangible and impactful.”

According to Jim, the CTI course is a concept, an idea, a way to look at the world. It is about more than just the tools and processes to follow. “I love the freedom that brings and exploring those boundaries with the class.” He absolutely loves it when he sees students let go of the ideas they have of CTI and challenge their biases and preconceptions and start thinking about thinking.

Could he choose to do anything at any time, ever? It would be snowboarding, but as that is not realistic in the UK, Jim resorts to the next best thing: onewheeling