Kai Thomsen

Kai has worked in a wide range of IT security roles for more than 15 years. Currently, he is the lead Digital Forensics and Digital Response (DFIR) analyst at premium automaker AUDI AG. He has played a key role in establishing a modern cyber defense team at Audi to protect the enterprise, industrial control system (ICS), and connected car infrastructure. Kai has spoken and taught at various security conferences, including S4 Europe, CS3STHLM, Troopers, ISF, and SIGS SCADA in Switzerland. In 2018, he chaired the SANS Automotive Cybersecurity Summit and the SANS ICS Europe Summit. Kai holds the GIAC Response and Industrial Defense (GRID) certification and has a master's degree in computer science and English and American literature from the University of Siegen.

More About Kai


Before Audi, Kai worked for more than 12 years in the steel industry at the engineering company SMS Group, where he designed and implemented defensible LANs for enterprise and ICS environments in-house as well as for customers' plants. The steel industry was also where Kai delved into Network Security Monitoring and DFIR, building security monitoring solutions for company and customer sites and performing incident response in Europe, Asia, and the United States.

In the little free time that is left between working in his DFIR job and as a SANS instructor, Kai loves to travel the world, especially mountain regions where climbing, hiking, and skiing look promising.

Kai holds an MA in Computer Science and English and American Literature.

“Kai is a very detailed and expert trainer. He helped me understand what is possible to do at a technical level.” - former ICS515 attendee



SANS @MIC Talk - Incident Response in ICS in times of Lockdown, May 2020

ICS515 update: what’s new in the course and why detection and response in ICS is more important than ever, February 2020

ICS Active Defense Primer, June 2019

ICS Active Defense Primer Part 2, May 2018

Securing Connected Vehicles – what you need to know, April 2018


Attacking Cars Revisited, CS3STHLM 2018