Ryan Chapman

Ryan Chapman has a zest for life-long learning and loves to push himself and others to learn new things. He is an incident response analyst with over 18 years of experience in IT. His day-to-day tasks involve host and network forensic analysis; malware analysis; threat intelligence; and many of the other fun facets of the blue team realm. Prior to working in IR, Ryan worked as a technical trainer for over five years. "We must not teach people how to press buttons to get results. We must teach people what happens when these buttons are clicked, such that they fully understand the processes occurring in the background," says Ryan.

More About Ryan


Ryan has worked in Security Operations Center and Computer Incident Response Team roles that handled incidents from inception all the way through remediation. Reviewing log traffic; researching domains and IPs; hunting through log aggregation utilities; sifting through pack captures; analyzing malware; and performing host and network forensics are all things that Ryan loves to do.

Outside of work, Ryan spends time with his family, helps organize the CactusCon security conference, and plays plenty of Street Fighter. Hadouken!

Ryan's primary interest in the security world is the exciting world of reverse engineering. Malware has become pervasive, and Ryan relishes in the ability to dissect, understand, and protect against evolving threats. Ryan loves finding all the new tricks that malware authors use to circumvent security appliances.

Qualifications Summary:
Seasoned speaker at technical conferences including DefCon, various BSides events, CactusCon, Splunk .Conf, and more
More than 7 years of experience in digital forensics investigations, incident response, network forensics, and malware analysis
Author of several PluralSight.com training courses

Ryan's Workshops, Blog Posts, and Podcasts:
Follow along with Ryan's hands-on workshop "Understanding and Analyzing Carrier Files"
Follow along with Ryan's hands-on workshop "Exploit Kit Shenanigans: They're Cheeky!"
Follow along with Ryan's hands-on workshop "Network Forensics Workshop: Packet Pillaging Done Right!"
Follow along with Ryan's hands-on workshop "Network Forensics Workshop Deux: Long Live Packet Pillaging!"
Watch Ryan's "Threat Intelligence - buzzword or buzz-worthy" podcast
Read Ryan's "Testing Network Forensics Skills: Challenge Accepted" blog post
Read Ryan's "Landing a Hands-On Security Gig Part 1 & 2" blog post

Get to Know Ryan Chapman:
Master's of Information Assurance from NSA-certified Regis University
GIAC Reverse Engineering Malware (GREM)
GIAC Defending Advanced Threats (GDAT)
GIAC Certified Incident Handler (GCIH)
Splunk Certified Admin and Power User
CompTIA Securtiy+ and Linux+
Certified Linux Server Professional (LPIC-1)
1st Place in Network Forensics Puzzle Contest at DefCon 23 and DefCon 22 (team)
Advisory Council member for both the IT Security and Coding academies at Western Maricopa Education Center (West-MEC)