Micah Hoffman

Micah Hoffman has been active in the information technology field since 1998, working with federal government, commercial, and internal customers to discover and quantify cybersecurity weaknesses within their organizations. As a highly active member of the cybersecurity and OSINT communities, Micah uses his real-world Open-Source Intelligence (OSINT), penetration testing, and incident response experience to provide customized solutions to his customers and comprehensive instruction to his students.

More About Micah

Upcoming Courses

Profile

Micah found himself drawn to the world of computers from the time he got his first Apple IIe, and that comfort with technology eventually led him to an entry-level help desk job. Later positions in server maintenance and networking helped him move into cybersecurity consulting, working with companies like General Dynamics and Booz Allen Hamilton. In 2018, Micah founded his own consulting company, Spotlight Infosec, that focuses on OSINT and cyber security.

Over the years, Micah has conducted cyber-related tasks like penetration testing, OSINT investigations, APT hunting, and risk assessments for government, internal, and commercial customers. He took his first SANS course in the early 2000s. To date, he has earned several GIAC certifications, as well as a CISSP, and has shared his knowledge with others by speaking at multiple conferences and posting on his https://webbreacher.com blog.

Micah's SANS coursework, cybersecurity expertise, and inherent love of teaching eventually pulled him toward an instructional role, and he's been a SANS Certified Instructor since 2013. He's the author of the SANS course SEC487: Open Source Intelligence Gathering and Analysis, and also teaches both SEC542: Web App Penetration Testing and Ethical Hacking and SEC567: Social Engineering for Penetration Testers.

Watch Micah's webcast on "OSINT for Pentesters: Finding Targets and Enumerating Systems"

WEBCASTS

SANS @ MIC "Git'ing Users for OSINT: Analysis of All GitHub Users", July 2020
SANS Cybercast "Moving Past Just Googling It: Harvesting and Using OSINT", March 2020
"Consuming OSINT: Watching You Eat, Drink, and Sleep", October 2018
"Collecting OSINT: Grabbing Your Data Now to Use Later", July 2018
"OSINT for Pentesters: Finding Targets and Enumerating Systems", March 2018

FREE TOOLS

Author of WhatsMyName - an OSINT/recon tool for user name enumeration. JSON file that is used in Spiderfoot and Recon-ng modules.
Co-Author of untappdScraper - OSINT tool for scraping data from the untappd.com social media site.

Micah's Contributions

Blog

January 23, 2020

#OSINTforGood: Using Open-Source Intelligence to Solve Real-World Problems

90+ SANS students used their skills to help uncover tips on real missing persons cases at CDI 2019. Learn how you can use OSINT for good as well.

The 5 Biggest Mistakes Made During an OSINT Investigation

I've learned that you can get better at something by learning from others' mistakes and misfortunes. When I was growing up, I watched America's Funniest Home Videos on TV. Nowadays, "fail" videos are all over the internet. We see what happens to the people in these videos and learn without having...

Micah Hoffman

Principal Instructor