John TerBush

John TerBush currently works as a senior threat researcher with the Insikt Group at Recorded Future, a leading provider of cyber threat intelligence and is co-author of SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis. He has decades of experience in physical investigations and security, intelligence gathering and analysis, and computer network defense. He enjoys sharing the insight gained from this experience with his students while teaching for SANS.

More About John


Before working in threat intelligence roles, John worked as a security operations center (SOC) analyst with a large managed security service organization handling response for numerous Fortune 500 companies as well as smaller enterprises. While working through a sea of alerts and research, he developed a focus on creating network detections and tracking attacks.

Prior to entering the information security field, John worked for over two decades as a researcher and private investigator, providing open-source research, surveillance, court testimony, undercover operations and other investigatory work. John acted as the director of investigations and lead investigator for two regional investigation companies for over a decade before starting his own.

John's background as both a private investigator and cyber threat intelligence analyst make him uniquely suited to share a well-rounded perspective on open-source investigations and other forms of intelligence gathering and research. Having worked at large corporations such as Booz Allen Hamilton and Symantec as well as his own investigative firm, serving clients large and small, private sector and government, he understands how to conduct investigations from all angles.

John is co-author of SEC587: Advanced Open-Source Intelligence (OSINT) Gathering and Analysis and assisted with the development of the SEC487: Open-Source Intelligence Gathering and Analysis course. He is a co-chair of the SANS Open-Source Intelligence Summit Advisory Board, a member of the SANS GIAC Advisory Board, and a founding member of the OSINT Curious project. He holds the GIAC GCIA and GREM certifications as well as the CISSP. John is also active within the information security and investigative communities.

John is an avid outdoorsman and in his free time may be found camping, mountain biking, kayaking or doing other such activities as far from civilization as possible.



Consuming OSINT: Watching You Eat, Drink, and Sleep     Oct 2018