Mark Orlando started his security career in 2001 as a SOC Analyst, and since then has been both fighting for blue team resources and trying to automate them out of a job. He has built, assessed, and managed security teams at the Pentagon, the White House, the Department of Energy, global Managed Security Service Providers, and numerous Fortune 500 clients.
Mark's passion is finding new and innovative ways to help defenders scale through the right application of foundational knowledge and assistive technology and helping people in leadership and non-technical roles navigate the many challenges of information security.
More recently Mark built a Managed Detection and Response (MDR) service offering and helped invent an automated hunting and analytics technology, both of which were later acquired. Today, he is the Co-Founder and CEO of Bionic Cyber, a cyber defense company focused on helping organizations build and improve their security operations. He brings all of these experiences as a practitioner, manager, executive, consultant, and entrepreneur to his teaching.
Being part of a company that was acquired for something he helped build was immensely gratifying as it validated his vision and the work he and his team had done over many years. Seeing some of the people he worked with and mentored through that experience go on to become very successful was also incredibly rewarding.
Mark Orlando is a SANS Instructor who teaches SEC450: Blue Team Fundamentals: Security Operations and Analysis. As a SANS Instructor, being able to talk about the evolution of certain approaches and concepts and share some of his own experiences defending some very high-profile networks, gives his students valuable background and context for the work they are doing. Mark also did a lot of different things before he went into security - including design school, the Marine Corps, clerical work, and loaded trucks in warehouses. With students from so many different environments and walks of life, these experiences Mark shares help him better relate to them.
SANS courses are known for their density and quality, which often relates to an overwhelming experience in class (in the best way). Mark tries to tap into that initial shock to the system, and help his students understand that they must continue learning and growing and developing their skillset even after they leave the classroom. He spends a lot of time referencing additional training resources, community events, and reference materials that students can refer back to continue their development and build upon the skills they have learned in class.
Mark has presented at numerous events including the 2020 SANS Blue Team Summit, DefCon 27 Blue Team Village, the Institute for Applied Network Security (IANS) Forum, BSidesDC, CircleCityCon, Black Hat 2016, and the RSA Conference. He has also been quoted in the New York Times, the Washington Post, Forbes, CNBC, SC Magazine, Bloomberg, Axios, and NPR’s Morning Edition. He holds a Bachelor's Degree in Advanced Information Technology from George Mason University and served in the US Marine Corps as an Artillery Non-Commissioned Officer.
In his spare time, Mark enjoys reading, going to rock shows, and sneaking in the occasional Netflix binge.
Hear Mark teach about Smart Automation for Blue Teams here:
ADDITIONAL CONTRIBUTIONS BY MARK ORLANDO:
- Crash and Burn: My Ten Favorite Security Failures, Feb 2023
- Building Better CSIRTs Using Behavioral Psychology, Nov 2021 at BlackHat Europe 2021
- Cyber42 Game Day: SOC version, Oct 2021
- 5-Day Blueprint for the Supercharged SOC: MGT551, Building and Leading Security Operations Has Expanded, April 2021
- Rekt Casino Hack Assessment Operational Series – Putting It All Together, March 2021
- Rekt Casino Hack Assessment Operational Series – Security Operations Center Ill-equipped and Unprepared, March 2021
- Five Ways To Cut Costs in Your SOC, May 2020
- When a Plan Comes Together: Building a SOC “A-Team”, February 2020
PODCASTSShock to the System: Re-Evaluating Your Security Operations, Blueprint podcast