Nik Alleyne

Nik Alleyne is a SANS Certified Instructor with over 20 years in IT, with the last 10 years being more focused in cybersecurity. He is currently the Director of Business Development for a Managed Security Services Provider (MSSP), where he is responsible for leading multiple teams supporting various security technologies including IDS/IPS, Anti-Malware tools, proxies, firewalls, SIEM, Cloud, and WAF. Nik teaches both SEC503: Network Monitoring and Threat Detection In-Depth and SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling for SANS and is a published author of two books Hack and Detect and Mastering TShark Network Forensics.

More About Nik


As a SANS Principal Instructor, Nik teaches SEC503: Network Monitoring and Threat Detection In-Depth, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, and SEC595: Applied Data Science, and AI/Machine Learning for Cybersecurity Professionals for SANS. Teaching at SANS allows Nik to demonstrate to the students how they can learn about AI and applied data science, along with how they can detect various attacks and the measures they can put in place to prevent them where possible. In situations where they are unable to prevent the attacks, he helps them understand how they can reduce the likelihood, thus reducing the impact and, ultimately, the risk.

Nik is the author of the books Learning By Practicing - Hack & Detect: Leveraging the Cyber Kill Chain for Practical Hacking and its Detection via Network Forensics along with Learning By Practicing: Mastering TShark Network Forensics. During his free time, he actively writes on his blog at He also works with local colleges through their co-op programs, to aid in the development of their cybersecurity students.

His academic credentials include a MSc Cyber Security Forensics, BSc Computer Science, along with PG Cert (Hons) specialization in VoIP and Wireless Broadband. He currently holds various industry certifications such as CISSP, GCIA, GCIH, GCFA, GPEN, MCSE, MCITP/EA, etc. Nik is also is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

Why is it so important to continuously learn and train yourself?



Getting To Know Nik Alleyne, SANS DEI Webcast, May 2021

Full Packet Capturing with TShark for Continuous Monitoring & Packet Threat Intelligence via IP, Domains and URLS

Canadian Webcast Series Part 3: ICS Defense: It’s Not a “Copy-Paste” From an IT Playbook & Importance of Intrusion Detection in a Compromised Prone World


  • pktIntel - This tool is used to perform threat intelligence against packet data.
  • QRadar Threat Intelligence - Download a list of suspected malicious IPs and Domains. Create a QRadar Reference Set. Search Your Environment For Malicious Ips.
  • DNSSpoof - Script to perform and teach how easy it is to build a DNS Spoofing tool using scapy.


Hack and Detect: Leveraging the Cyber Kill Chain for Practical Hacking and its Detection via Network Forensics

Learning By Practicing - Mastering TShark Network Forensics: Moving From Zero to Hero


You can read Nik's blog here.