Roger O'Farril

Roger O’Farril is an information technology professional with 20 years of experience in a wide variety of IT areas with a specific focus on Information Security. Currently he is an Information Security Manager in the financial sector, where he has worked since 2014, heavily involved with the cloud security aspects of the move of workloads to public cloud, as well as leading a blue team responsible for incident response, forensics, security analytics, and other disciplines. His areas of expertise include cloud security, threat hunting, vulnerability management, digital forensics, and more. Roger is an adjunct professor with Purdue Global University and teaches SANS SEC488: Cloud Security Essentials.

More About Roger


Roger has a broad knowledge base of hardware, software, and networking technologies, which lends to his ability to provide a powerful combination of analysis, planning, implementation, and ongoing maintenance of security objectives. His experience in hardware evaluation, project management, systems and network security, incident response and forensics allows him to bridge the gap between policy and technical controls as well as interface with all levels of the enterprise to bring meaningful, strategic change in the Information Security arena.

Starting in IT in 1999, Roger began as a desktop support technician and moved through network admin and systems administration. As his career progressed, he kept running across many misconfiguration issues that jeopardized all the hard work that other teams put into bringing systems online. The problem is even worse when it comes to the cloud. This is why Roger decided to move into security, to take on a more active role in preventing these issues.

Roger’s interest in the cloud began many years ago. He still remembers his first experiments with AWS and what started out as a fun project turned south quickly when he realized his bill was creeping up rapidly. Nothing was compromised, it was simply not understanding how services that cost "a few cents" could add up so quickly. To avoid that, Roger started learning as much as he could on billing alerts and pricing and was able to keep his momentum going by starting to speak at conferences.

Roger took his first SANS courses in 2012 and after seeing the quality of both the materials and the instructors, he was hooked. One day at a class, he told someone he had taken seven SANS courses and was asked why he himself wasn't teaching. That comment was a catalyst for Roger to pursue teaching. He began adjunct teaching Cisco classes to test the waters, loved the experience, and expanded to teach other courses. Once comfortable enough, Roger applied to teach at SANS.

Bi-directional engagement in learning is what you can expect to find in Roger’s classroom. Although he’s leading, he feels strongly that student participation is an essential element to make the most out of the learning experience. Roger’s passion and energy for cloud security, along with his vast experiences over the decades, coupled with student interaction stirs up abundant discussions. The cloud has a lot of moving parts, so at times it may seem overwhelming. For students new to cloud security, Roger believes it is imperative that they absorb the material and work through the lab exercises despite the feeling of "drinking from a firehose". Roger enjoys working with students so they do not give up, particularly those who come from smaller environments who are now being exposed to more enterprise-grade practical cloud concepts who need extra time to comprehend the material.

One of the most satisfying experiences is his career is seeing people line up to ask questions after he delivers a conference talk. To Roger, that means two things. First, it validates that people listened to his message, and secondly, it is knowing his talk got attendees minds going and exploring possibilities that they may not have thought of before.

Roger holds a Bachelor of Science in Information Networking and Telecommunications, a Master of Science in Information Security and Assurance, and a long list of professional certifications including GIAC GCED, GCFE, GSTRT, and GCIH; AWS Certified Security Specialty, AWS Solutions Architect, and AWS Certified Cloud Practitioner; CISSP, CCSP, CISM, CompTIA Security+ and Network+. He’s also a Subject Matter Expert for GIAC GCED, CompTIA CySA+, ISC2 CCSP, and Western Governors University Forensics and Cloud. Additionally, Roger is a member of InfraGard (FBI), Chicago Electronic Crimes Task Force, and the GIAC Advisory Board. Roger has been a speaker at Enfuse, ISACA CSX, InfosecWorld, and, and a leader for Peer2Peer sessions at RSA.

When not behind a computer screen, you can find Roger behind the wheel of his Camaro convertible enjoying the open roads or around Chicago car shows sharing his passion for cars with others.



Enhancing Visibility for Cloud Security Operations - CyberWeek 2021, Oct 21

Cloud security: You’re it!, April 2021

Stranger Things in the Cloud: How Do We Stop Breaches?, Aug 2020