Sean O'Connor

Sean O'Connor has primarily worked in the Intelligence Community (IC). He began his career in the US military, working in various intelligence disciplines, including Human Intelligence (HUMINT) and tactical Signals Intelligence (SIGINT). Later, he served as a Counterintelligence (CI) contractor for the Department of Defense (DoD).

Due to his passion for intelligence and cybersecurity, Sean transitioned to the private sector after his third tour in Afghanistan. He became a Cyber Threat Intelligence (CTI) researcher for Dell Secureworks in the Counter Threat Unit (CTU). His military and DoD experience equipped him to build the CTU's first virtual HUMINT team. The team applied traditional HUMINT tradecraft through sock puppet accounts to infiltrate dark web cybercriminal networks for intelligence collection, analysis, and production.

After six years at Secureworks, Sean joined KPMG as the head of Threat Intelligence, where he established the CTI program for the US, LATAM, and Israel member firms. Currently, Sean is the Global Head of Cyber Threat Intelligence at Equinix, where he leads the Equinix Threat Analysis Center (ETAC), overseeing teams focused on threat intelligence research, threat hunting, consulting services, and data analytics.

Sean is a Partnered Faculty member, instructor, and Project Coordinator at Georgia State University's Evidence-Based Cybersecurity (EBCS) Research Group. He coauthored GSU's first Darknet Intelligence course, teaching it to various Law Enforcement agencies. Sean emphasizes the importance of continuing education, especially in the field of cybersecurity.

Through years of covert cybercrime intelligence operations, Sean identified how criminals laundered money using cryptocurrency mixing services, illicit exchanges, and Dark Web marketplaces. He believes that intelligence significantly benefits cyber professionals in incident response cases, and advocates for evolving intelligence to support these cases.

Sean is the lead author of the SANS FOR589: Cybercrime Intelligence course, teaching students how to collect, analyze, and produce intelligence from cybercriminals' cryptocurrency activity and the dark web. He also provides mentorship to veterans transitioning into the civilian workforce.

In his spare time, Sean enjoys traveling, playing soccer, reading, working out, and spending time with his family and friends. He volunteers with non-profit organizations and causes in both physical and cyber spaces, such as the CTI-League, which collaborates with law enforcement to protect healthcare organizations from cybercriminals, and was recognized by SANS as a 2020 Difference Maker. Sean also founded the CTI-League's Darknet team (CTIL Dark), which publishes an annual dark web threat landscape report on cybercriminal threats to the healthcare sector.

Qualifications Summary

• Over 15 years of experience in various security disciplines
• Author of SANS FOR589: Cybercrime Intelligence course
• Global Head of the Equinix Threat Analysis Center (ETAC)
• Faculty Member, Instructor, & Project Coordinator for Georgia State University's Evidence-Based Cyber Security (EBCS) Research Group
• Author of Georgia State University's Darknet Intelligence Collector and Investigator course
• CTI-League's Head of Darknet Intelligence Operations and Founder of the CTIL Dark team
• Contributing Member of the Curated Intelligence trust group

Presentations and Podcasts

• SANS FOR589: Cybercrime Intelligence Overview
• EC-Council Hacker Halted - Ransomware Data Leak Site TTPs
• CTI-League Hackathon summit - Introduction to Darknet Hunting
• The Cyber5 by Nisos Podcast - Defining Metrics for Attribution in Cyber Threat Intelligence and Investigations
• SANS DFIR Summit: The Darknet of Things - Hunting Cybercriminals
• SCATTERED SPIDER and The Com: Cybercrime Intelligence for Proactive Defense

Media Coverage

• Dark Reading - Growing Collaboration Among Criminal Groups Heightens Ransomware Threat for Healthcare Sector
• WIRED - The Cyber-Avengers Protecting Hospitals From Ransomware
• Australia Computer Society - Cyber Experts give their Time to Tackle Criminals
• Wall Street Journal - Hacker for Hire Market is Booming

Publications and Papers

• SANS FOR589: Cybercrime Intelligence - NEW SANS DFIR Course
• SANS - Enhance your Cyber Threat Intelligence with the Admiralty System
• Dell Secureworks CTU - Cybercriminals Target U.S. Citizens for COVID-19 Stimulus Fraud
• Dell Secureworks CTU - 2016 Underground Hacker Markets Annual Report
• CTI League - 2021 Annual Darknet Report
• Curated Intelligence - Curated Intelligence Stands With Ukraine
• Curated Intelligence - Curated Intel's Response To Log4Shell
• Equinix - Top 5 Cyberthreats to Your Digital Infrastructure
• Equinix Threat Analysis Center (ETAC) - Ukraine Cyber Operations
• Equinix Threat Analysis Center (ETAC) - Log4Shell

Education

• Carnegie Mellon University: CISO Executive Certification
• Georgia Southern University: Master of Business Administration (MBA)
• University of Arizona: Bachelor's in business information systems
• Cochise College: Advanced Subsidiary Level in Intelligence Operations

Certifications Summary

• GCFA - GIAC Certified Forensic Analyst
• GCTI - GIAC Cyber Threat Intelligence
• GCED - GIAC Certified Enterprise Defender
• CEH - EC-Council Certified Ethical Hacker

Training

• FOR578: Cyber Threat Intelligence
• FOR508: Advanced Incident Response and Threat Hunting
• SEC401: Security Essentials
• SEC504: Hacker Tools, Techniques, & Incident Handling
• SEC501: Advanced Security Essentials - Enterprise Defender
• LDR551: Building & Leading Security Operation Centers
• Department of Defense (DOD): Human Intelligence (HUMINT) Collector (35M)
• National Ground Intelligence Center (NGIC): Digital Media Exploitation
• Department of Defense Cyber Crime Center (DC3): Digital Forensics Examiner
• Foundry: Media Exploitation (MEDEX)
• Foundry: Sensitive Site Exploitation - Document & Media Exploitation (DOMEX) Analysis

Website

• HUMINT[.]io - https://humint.io