Jonathan Kirby

Jonathan Kirby is an SROC Engineer for SANS, as well as the founder and owner of JKirby Security, which focuses on Cloud Security and DevSecOps consulting. His expertise includes AWS, SaaS applications, governance, risk management, and audit/compliance programs. With more than a decade of working across nearly every domain of information security, Jonathan understands that security must be an enabler for business, not a roadblock to it. He can be found teaching SEC540: Cloud Security and DevOps Automation.

More About Jonathan


Like many experienced cybersecurity professionals of today, Jonathan’s path into this field was not a direct one. While working in the hospitality industry, he shifted to a Customer Care Manager position in a software company that developed programs specific to hotels. This is where his circuitous route began into cybersecurity. He discovered his passion for technology which led him to become an IT Business Analyst for Best Western Hotels & Resorts. In that role, Jonathan realized it was not just IT, but specifically cybersecurity that was calling to him. His interests in technology, doing good in the world, keeping people safe, participating in exciting, ever-changing work, and mentoring others merged.

As a self-starter, Jonathan was determined to learn all he could about cybersecurity. He connected with the corporate Information Security team to support where he could. Jonathan took advantage of many free, online resources to learn both the technical side of cybersecurity as well as the human side, which fed his interest in human psychology. Jonathan moved into a security analyst position, earned some cybersecurity certifications, and began his focus on helping developers build more security into their applications from the start.

Working side-by-side with software developers, network and systems engineers, IT Operations, as well as business operations, sales & marketing, finance, and leadership, Jonathan has a well-rounded view of where security enhances business operations, as well as where and how it can hinder them. Jonathan finds the fast pace of cloud development coupled with the innate possibilities embedded in DevSecOps to “bake in” security, rather than “bolt it on” later to be the perfect fit for him.

An early mentor of Jonathan’s solidified his desire to teach by telling him “It is never a waste of time to invest in another human being.” Having taken SANS courses, GIAC certifications, and volunteered at SANS previously, when the opportunity arose for him to teach with SANS, it was an easy choice. Jonathan describes himself as a servant leader whose mission it is to help others achieve their greatest potential. He is generous in sharing his knowledge, skills, and experiences while challenging his students to be creative and think critically about new problems.

In Jonathan’s opinion, many security practitioners believe they know what is best for security, so they try to control things. However, his approach is to help others learn to be more secure in what they do, not to tell them “No, you can’t do that.” The iterative nature of improvements to a company’s security culture is often longer lasting and more impactful in the end.

Jonathan is a SANS/GIAC Advisory Board member and a Cybersecurity Instructor for University of California, San Diego Extension, holds the GCSA, GSNA, GSLC, GSEC, AWS Certified Solutions Architect – Associate, as well as the Security+ certifications. Beyond technology, Jonathan is extremely interested in human behavior, performance and social psychology. He’s an animal lover with a special affinity for dogs, and enjoys hiking and being outdoors.

Listen in to Jonathan in his webcast, "AWS Well-Architected: A Well-Architected Environment is a More Secure & Operationally Excellent Environment"