Lenny Zeltser

Aptly called the "Yoda" of malware analysis by his students, Lenny Zeltser keeps his eye on the big picture and focuses on the sum of events rather than individual occurrences. He lives by that philosophy and brings it to his job and classroom. "Even those professional moments that seem insignificant by themselves can be an important piece of the progressive journey that, hopefully, takes us toward our career objectives and honors our ideals," says Lenny. "And you may not even see the value in those moments until you look back on the path."

More About Lenny


A tech leader with extensive cybersecurity expertise, Lenny is the CISO at Axonius, a cybersecurity tech company. Earlier, he helped build anti-malware software at an innovative startup and oversaw security services at a Fortune 500 technology company. Beforehand, he led the security consulting practice at a leading cloud services provider.
Lenny is also a Fellow Instructor at SANS and the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques, a course he designed as an on-ramp into the malware analysis field. FOR610 helps students expand and systematize their approaches to examining malicious software using a variety of techniques. He is also the author of the SEC402: Cybersecurity Writing: Hack the Reader, a course designed exclusively for cybersecurity professionals, that teaches the key topics to address in security reports and other written communications and how to pick the best words, structure, look, and tone.
"My goal is to make this topic as accessible to people as possible," says Lenny. "There is indeed much one needs to know to understand the inner workings of malicious code, but the good news is that people can begin learning how to do this work by building on the technical skills they already have, whether they are grounded in system administration, network security, software development or other aspects of IT."
Like many of his students, Lenny's career path began in an IT role, which lends unique strengths to his information security expertise.

"My first job in IT was Unix system administration, then I moved onto Windows sysadmin, and then I spent a bit of time on software development," Lenny explains. "I found myself gravitating toward the information security aspects of these jobs. For me, Infosec exists at the intersection of many disciplines, and working in this field allows me to make use of the skills and interests I've acquired across various aspects of IT."
Along the way, Lenny earned the prestigious GIAC Security Expert professional designation, and he currently serves on the Board of Directors of SANS Technology Institute and on the Advisory Board of Minerva Labs, a young company that develops innovative anti-malware solutions. Lenny holds a bachelor's degree in computer science from the University of Pennsylvania and a master's in business administration from MIT Sloan.
A co-author of four books on malware, network security, and digital forensics, Lenny also developed the Linux toolkit REMnux to make it easier to use a variety of freely available malware analysis tools, many of which run well on Linux but can be difficult to find and install. REMnux has grown to become a very popular toolkit and today is used by malware analysts throughout the world. The FOR610 course that Lenny teaches covers many of the tools installed on REMnux.
Lenny gives his students more than technical tools, however, and he says that the most important lesson he teaches his students is: "You can do it."
"It's easy to get discouraged when you run into professional challenges that you're not equipped to handle," Lenny explains. "But when you participate in SANS training, you encounter many new tools and concepts that you will be able to attach to the techniques you already know from prior experience in the field. Much of what you learn will occur after you finish the course and begin applying the concepts to your work outside the classroom. I strive to give students the confidence and the core skills they need to keep learning about and curtailing malware threats even after the class ends."
In his free time, Lenny indulges his love of food both as chef and consumer. "Eating a delicious meal in good company is always time well spent for me," he says. Lenny also loves to cook as a way to clear his mind, disconnect from the day-to-day challenges of business and IT, and connect with family and friends. Lenny subscribes to several food and cooking magazines and enjoys experimenting with new recipes, ingredients, and spices. "Not everything I cook turns into a great dish—sometimes experiments lead towards unfavorable results—so I keep reminding myself to think about this process as a journey, not as a destination."

Qualifications Summary

Get to Know Lenny Zeltser

  • Lenny's personal website and blog: https://zeltser.com
  • Lenny's REMnux Linux toolkit: https://remnux.org
  • Co-author of the SIFT Workstation & REMnux poster and security cheat sheets
  • Presenter of introductory malware analysis webcasts
  • Listen to Lenny"s Reflections of a Security Professional: Podcast Interview



What’s New in REMnux v7?

Security Leadership: Managing in Turbulent Times, presented by SANS Summits

SANS @MIC Talk - Reflections of a New CISO: 5 Lessons Learned

The State of Malware Analysis: Advice from the Trenches

Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them

Using Anti-Evasion to Block Stealth Attacks with Minerva Labs

Using Malware Analysis to Explore the Potential of Malware Vaccination


Hack the Reader: Writing Effective Threat Reports with Lenny Zeltser

Practical Malware Analysis Essentials for Incident Responders

How to Intercept IP Connections in a Malware Analysis Lab


Interview with TAG Cyber

Enterprise Security Weekly #77

Paul's Security Weekly #585

Lenny's Contributions