Kenneth Hartman

Kenneth G. Hartman owns Lucid Truth Technologies, a Michigan-based digital private investigation agency and forensic consulting firm specializing in computer, mobile, network, and cloud forensics. Ken’s mission is to “make the truth clear,” and that is reflected in his teaching style. Ken has expertise in cloud technology with a career spanning various architecture, engineering, compliance, and security product management roles. He is an instructor for SEC510: Cloud Security Controls and Mitigations and SEC488: Cloud Security Essentials and a co-author for the SANS 2022 DevSecOps Survey and the SANS 2022 Multicloud Survey.

More About Kenneth

Upcoming Courses


Ken has always been interested in technology and criminal investigation, influenced by his uncle, an engineering executive, and his father, a detective. Kenneth Hartman’s first criminal forensic case was the 2008 murder trial of Charles Curtis Merriman. The case was unique because the alleged victim’s body was never found. As a result, the case left a big impression on him regarding the importance of digital forensics.

From 2002-2011, Ken helped launch and lead a company called Visonex. Visonex is a nationwide electronic medical record for dialysis patients. Visonex was the first Software-as-a-Service (SaaS) medical record solution. Before joining Visonex as the first non-founding employee, Kenneth worked for ten years at Kraft Foods as an Industrial Controls Engineer and Electrical Systems Manager, working on PLCs and SCADA systems for well-known products like Lunchables® and Oscar Mayer®.

After Visonex, Kenneth worked at (an Amazon subsidiary) and OneNeck IT Solutions (a mid-size cloud provider) in Madison, Wisconsin, before moving to Silicon Valley. In the San Francisco Bay Area, Ken worked for Google, SAP Ariba, and Illumina—all the while working on the side as a confidential expert consultant on various digital forensic cases. While Ken was at Google, he wrote a SANS GIAC Gold Paper calledBitTorrent& Digital Contraband,” which summarized much of what was known publicly at the time regarding the technology used to investigate criminals distributing child sexually abusive media (CSAM).

While working as the leader of Illumina’s Cloud Security team, Ken helped develop and refine DFIR procedures for investigating security incidents on Amazon Web Services (AWS) Elastic ComputeCloud (EC2) virtual machines. This research led to another SANS GIAC Gold Paper, Digital Forensic Analysis of Amazon Linux EC2 Instances.” This paper was the first publicly available guidance providing detailed steps for incident responders dealing with Amazon Linux virtual machines. Since publishing that paper in the SANS Reading Room in January 2018, the information has been updated and is available at  

In 2019, Ken left Illumina and transitioned into full-time independent security consulting to have more control over the type of projects he works on and to enable ample time for teaching and security research. An area of research interest for Ken is how to use cloud technologies, DevOps, and data science to automate the eDiscovery and forensic analysis processes. In 2022, Kenneth G. Hartman rebranded his consulting company as “Lucid Truth Technologies” to best reflect his passion for using cutting-edge technologies to advance his mission to “make the truth clear.

Although he wanted to take a SANS course while still at Kraft in the late ’90s (thanks to the emails and brochures he’d been receiving), Ken’s first SANS course was MGT414: SANS Training Program for CISSP® Certification with Dr. Eric Cole in 2010. The class did not disappoint. He remembers seeing the energy, passion, and expertise of Dr. Cole and thought to himself, “I want to do that.”He mentored MGT414 twice and SEC401: SANS Security Essentials: Network, Endpoint, and Cloud once and promptly decided to enroll in the SANS Information Security Engineering master’s program. His application essay stated that his long-term goal was to become a Certified SANS Instructor. His words in that essay were, “As I have learned more about the SANS organization and have seen the caliber of the fellows and instructors, I knew that this was an organization that I wanted to be affiliated with.Serving as a mentor has helped to solidify this resolve and to make contacts that have validated my goals.” (8/25/2012).That decade-long goal was realized in mid-November 2019 when SANS promoted Ken to Certified Instructor after two years of teaching SEC545: Cloud Security Architecture and Operations (retired course).

The fact that Ken has worked for several cloud service providers in a variety of leadership and technical roles has equipped him to speak intelligently about the challenges facing today’s cloud security professionals.  As the Cloud is rapidly evolving and constantly changing, innovation is frenetic. This requires cloud security professionals to continually upgrade their skills just to compete. This crucible brings the best and the brightest students to SANS courses. To add value and meet expectations, Ken is constantly upping his game – a challenge he loves. The Cloud is far too big for any one person to know everything about all cloud services or even those from a single provider. Instead of imparting facts or figures, Ken wants to teach students how to think holistically about cloud security from a perspective of risk management to help their organization achieve its mission. He wants to remove any trepidation students might have about jumping in, getting hands-on and tinkering with cloud technologies.  He encourages his students to figure out what works and what doesn’t work the way it is expected to by experimentation and to leverage the self-service aspects of the cloud to chart their own adventures. Lastly, he wants to inspire students to share those learnings back with the cloud security community. 

Ken was most satisfied when given opportunities to build high-performance cloud security teams with hand-picked folks he knew would coalesce around a common vision. “It was wonderful to create a climate where the team could grow, and each individual could become the best professional they aspired to be.”  This is exactly the mentality he brings to his classroom. He teaches students to facilitate secure computing behaviors across their organization and not try to uphold the impossible role of the “cyber policeman.”  Teaching students what to care about and what to focus on from a risk management perspective improves them as professionals while ensuring a stronger, safer organization. 

Ken believes the biggest challenge students will face in cloud security is constant change.  Every cloud service is being developed by semi-autonomous agile development teams. This means that the services they are using this month are slightly different from the same services they were using last month. Sometimes these changes break things. To boot, there are not enough trained security folks to adequately maintain a typical organization’s adoption of the cloud. Companies are rapidly moving to the cloud, but cyber security is generally an afterthought if it is considered at all.  Ken shows students how to use and create automation to deal with the global scale of the cloud, while keeping them engaged with war stories of real-life situations he has encountered.

Ken holds a BS degree in Electrical Engineering from Michigan Technological University and a master’s degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, GCFA, GFCE, GWAPT, GCIH, GCIA, GSEC, GCCC, GCPM, as well as the GIAC Security Expert (GSE). Ken is also a Licensed PI in Michigan, as required by law to consult on criminal cases involving digital forensics.

While young at heart, Ken has also been around the block a few times and brings that sage wisdom from many lessons learned, often the hard way, to his classroom.  When not working, Ken enjoys barbeques, boating, and riding his Harley with friends.

Here is a SANS Summit presentation by Kenneth G. Hartman:




GIAC Gold Papers:

HIMSS Whitepapers: