Shaun McCullough

Shaun spent 20+ years at the National Security Agency working in all aspects of cyber operations. A software engineer, manager, researcher, and operations lead, including as the technical director of the Blue, Red, and Hunt teams. Today, Shaun is a staff level Cloud Security Engineer at GitHub focusing on cloud infrastructure. Shaun is also the lead author of SANS SEC541: Cloud Security Threat Detection, which focuses on how attackers target cloud infrastructure and what security analysts, SOC operators, and detection engineers can do to protect their organizations.

More About Shaun


After taking SEC560: Network Penetration Testing and Ethical Hacking with Ed Skoudis in 2011, Shaun knew that using an offensive mindset to create defensive infrastructure was the career path for him. That SANS course changed the trajectory of his career, launching him directly into a renewed focus for information security and never looking back. Since that time, Shaun has immersed himself in learning and understanding the industry, its gaps, and how he can utilize his vast skill set to be a part of it all.

In his current role, Shaun’s focus is on cloud infrastructure and creating new ways to run secure workloads for organizations. Working in both security engineering and software development through the years, Shaun has a particular affinity with the Cloud, as it brings together these two distinct worlds. Knowing the Cloud can be so much more than a virtualized copy of traditional IT infrastructure, Shaun enjoys diving into the *how* of the cloud, reimagining new architecture and operations design patterns that move infrastructure security into the future. He thoroughly enjoys the freedoms, and challenges, of combining these two disciplines into a new type of IT infrastructure.

Shaun is happiest when creating something brand new and really stretching the boundaries of an organization, product platform, or new ways of thinking. He understands that while some of these creations will be a great success, others will not. However, even with the failures, he gains new perspective and skills to take into future projects. This is the type of atmosphere Shaun likes to create for his students.

As a hands-on practitioner with a gift for architecture design, Shaun explores the good and bad of how the Cloud is changing the way the industry secures and runs infrastructure. He believes one of the biggest challenge students face is that the big cloud infrastructure companies are releasing new services that look less and less like the standard on-prem virtualized infrastructure, which in turn presents a steep learning curve for students. As an instructor, Shaun wants to give back to students just as SANS instructors have helped him through the years and therefore provides his own stories and life experiences in the classroom.

Back in 2011 in his first SANS course, Shaun was blown away by the fact SANS instructors were not just relaying canned content, but were sharing their experiences, deep research, and unique perspectives. Now, a SANS instructor himself, he has seen first-hand how students elevate their game after engaging with SANS training, which inspires him to continue to further his own game and stretch his comfort zone.

Shaun gives back to his profession by mentoring and supporting the next generation of cyber professionals at his work. He has spoken at numerous private conferences, SANS events and at BSides DC. He has a bachelor's degree in Computer Engineer from Virginia Tech and a masters in Information Security Engineering from the SANS Technology Institute, as well as numerous professional certifications including: GSE, GSEC, GCIA, GCFE, GXPN, GCIH, GREM, GCFA, GCCC, and GCPM.

In his spare time, Shaun enjoys chauffeuring his children around town and refurbishing old or building new wood furniture.




Finding Sherlock: Cloud Attack and Detect, poster