Jonathan Ham

Jonathan Ham, a SANS Principal Instructor and independent consultant, specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 20 years, advising in both the public and private sectors, from small upstarts to the Fortune 500.

More About Jonathan


Jonathan has been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. Civilian Federal agencies. He holds several industry certifications including the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board.

Jonathan is the co-author of "Network Forensics: Tracking Hackers Through Cyberspace" (Prentice Hall, 2012)---the first comprehensive textbook on the subject. He is also the co-author (with Shon Harris) of the CISSP Practice Exams, now in it's 5th Edition (McGraw-Hill, 2018). A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.

Watch Jonathan sit down with fellow SANS Instructor, Jake Williams to discuss "Ethical Issues in Breach Disclosure"