John Terbush

John TerBush currently works as a senior threat researcher with the Insikt Group at Recorded Future, a leading provider of cyber threat intelligence (CTI). Prior to this and other roles in CTI, he worked as a security operations center (SOC) analyst with a large managed security service organization handling response for numerous Fortune 500 companies. While working through a sea of alerts and research, he developed a focus on creating network detections and tracking attacks. His first role in cyber security consisted of conducting vulnerability and security assessments.

More About John


Prior to entering the information security field, John worked for over two decades in legal research and private investigations, providing open-source research, surveillance, court testimony, undercover operations and other investigatory work of all types. John acted as the director of investigations and lead investigator for two well-known regional investigation companies for over a decade, before starting his own investigations firm.

John's background as both a private investigator and cyber threat intelligence analyst make him uniquely suited to share a well-rounded perspective on open-source investigations and other forms of research.

John assisted with the development of the SEC487: Open-Source Intelligence Gathering and Analysis course.

He is a member of both the SANS GIAC Advisory Board and the SANS Open Source Intelligence Summit Advisory Board, and holds the GIAC GCIA and GREM certifications as well as the CISSP. John is also active within the information security and investigative communities.

John is an avid outdoorsman and in his free time may be found camping, mountain biking, kayaking or doing other such activities as far from civilization as possible.