Sean O'Connor

Sean O’Connor is an industry expert with nearly 15 years of experience in various security disciplines, ranging from Counterintelligence (CI), Human Intelligence (HUMINT), Digital Forensics & Incident Response (DFIR) for the defense sector, to managing security research teams and building Cyber Threat Intelligence (CTI) programs for the private sector. He is an author, a teacher, holds a number of industry certifications, has been invited to speak at international conferences and quoted by media outlets on various security research topics. Sean currently serves as the Global Head of the Equinix Threat Analysis Center (ETAC)™, which is comprised of some of the world’s top security experts who identify and analyze emerging cyber threats, while developing countermeasures to better protect Equinix and its customers. He is passionate about volunteering his time to causes that he supports such as the CTI League and Curated Intelligence, as well as providing mentoring opportunities to students and to veterans looking to break into the cybersecurity industry. On top of all this, Sean is the author and the course lead for the first SANS cybercrime intelligence course, FOR589.

More About Sean


Sean O’Connor has predominately worked in the Intelligence Community (IC), starting his career, like many do, in the US military, where he worked in various intelligence disciplines, ranging from Human Intelligence (HUMINT) to tactical Signals Intelligence (SIGINT), and later serving as a Counterintelligence (CI) contractor for the Department of Defense (DoD).

Sean has always been passionate about all things intelligence and all things cyber. With this combined passion, Sean decided after his third tour in Afghanistan, to transition to the private sector as a Cyber Threat Intelligence (CTI) researcher for Dell Secureworks in the exclusive Counter Threat Unit (CTU). "The intelligence training and experience I obtained throughout my military career and in the DoD gave me the tools necessary to build the CTU's first ever virtual HUMINT team." By applying traditional HUMINT tradecraft through sock puppet accounts, the CTU vHUMINT team was able to infiltrate dark web cybercriminal networks for the purpose of collecting, analyzing and producing intelligence.

After six years in the Secureworks CTU, Sean took on a new opportunity with KPMG US as their head of Threat Intelligence, where he built the CTI program for the US, LATAM, and Israel member firms. Fast forward to today, Sean is the Global Head of the Equinix Threat Analysis Center (ETAC), which is comprised of teams focused on threat intelligence research, threat hunting, consulting services and data analytics.

Sean is a Partnered Faculty member, instructor, and Project Coordinator at Georgia State University’s Evidence-Based Cybersecurity (EBCS) Research Group. Sean partnered with EBCS to coauthor GSU's first ever Darknet Intelligence course, which is taught to various Law Enforcement agencies. Sean is a firm believer in continuing education, especially in the field of CTI. “As analysts we should always be trying to keep up with the ever-evolving threat landscape, and as an instructor, I enjoy teaching these topics to anyone who has the willingness to learn," he says.

Through years of covert cybercrime intelligence operations, Sean identified how these criminals were laundering their money, such as through the use of cryptocurrency mixing/tumbling services, illicit exchanges, and Dark Web marketplaces. "Intelligence is a crucial piece of the puzzle that can significantly benefit cyber professionals in the DFIR cases they respond to. However, the cyber threat landscape continues to evolve, and as such, so should the intelligence supporting these DFIR cases," says Sean. With Blockchain and Dark Web Intelligence, responders can better understand the criminals involved in their investigations. In some cases, this intelligence can give Law Enforcement (LE) agencies the evidence they need to attribute activity to individuals, allowing LE to make arrests. These kind of observations are captured in the SANS FOR589: Cybercrime Intelligence course.
As the lead author of FOR589, Sean takes CTI a step further by teaching students how to collect, analyze, and produce intelligence derived from cybercriminals' cryptocurrency activity and from the dark web.

Sean's unique background enables him to share his experience with his students through the courses he has authored and through mentorship opportunities. An example of this that Sean is most proud of is the mentorship he provides to veterans who are transitioning out of the military and into the civilian workforce. "I was so fortunate to have had a successful transition out of the defense sector because I was able to translate the skills that I had obtained while in the military into the needs of the private sector, and I want to help as many veterans as I can do the same thing," Sean explains.

In his spare time, Sean enjoys traveling, playing soccer (futbol), reading, working out, and spending time with his family and friends. Sean also likes to volunteer his time to non-profit organizations and causes that he supports in both the physical and cyber space, such as the CTI-League, which works side by side with law enforcement to protect healthcare organizations from cybercriminals, and was recognized by SANS as a 2020 Difference Maker. Sean founded the CTI-League's Darknet team (CTIL Dark), which publishes an annual dark web threat landscape report on cybercriminal threats to the healthcare sector.

Qualifications Summary

  • Nearly 15 years of experience in various intelligence and cybersecurity disciplines
  • Author of SANS FOR589: Cybercrime Intelligence course
  • Global Head of the Equinix Threat Analysis Center (ETAC)
  • Faculty Member, Instructor, & Project Coordinator for Georgia State University’s Evidence-Based Cyber Security (EBCS) Research Group
  • Author of Georgia State University's Darknet Intelligence Collector and Investigator course
  • CTI-League’s Head of Darknet Intelligence Operations and Founder of the CTIL Dark team
  • Contributing Member of the Curated Intelligence trust group

Presentations and Podcasts

Media Coverage

Publications and Papers


  • Carnegie Mellon University: Chief Information Security Officer (CISO) Executive Certification
  • Georgia Southern University: Master of Business Administration (MBA)
  • University of Arizona: Bachelor in Business Information Systems
  • Cochise College: Advanced Subsidiary Level in Intelligence Operations

Certifications Summary