Phil Hagen
FellowPrincipal Information Security Researcher at Red Canary
Specialities
Digital Forensics and Incident Response
Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsDigital Forensics and Incident Response
Phil Hagen is a SANS Faculty Fellow and the author and lead of SANS FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. As the architect of FOR572, Phil integrates his investigative expertise into every lab so students practice workflows that have been tested in real-world cases. Phil is also the Principal Information Security Researcher at Red Canary, a ZScaler Company, where he supports the company’s content creation and open source programs.
Even by SANS standards, Phil clearly 'goes the extra mile' in depth of information, especially on exercises.
I really like how Phil incorporates real-life examples into the material. It really helps me visualize it!
As a long-time, enterprise network defender, I can say that Phils knowledge is excellent and this class should be manditory training for all blue training.
Here are upcoming opportunities to train with this expert instructor.
Explore content featuring this instructor’s insights and expertise.
SOF-ELK® (Security Operations and Forensics ELK) is a public, fully-configured, appliance-like distribution consisting of components from the Elastic Stack as well a hundreds of parsers and numerous dashboard for various log formats commonly encountered in incident response and security operations work.
SOF-ELK® (Security Operations and Forensics ELK)は、Elastic Stackのコンポーネントと、インシデントレスポンスやセキュリティ運用業務で必要とされることの多い様々なログフォーマット用の数百のパーサーと数多くのダッシュボードから構成されており、すぐに利用できるように事前に設定されたアプライアンスのようなディストリビューションとして公開されています。
Review relevant educational resources made with contribution from this instructor.