Stephen Sims

Stephen Sims began working on computers at a young age with a fellow enthusiast: his father. Amazed by how easy it was to change an application's intended behavior, Stephen was quickly hooked. Today, he's an industry expert with over 20 years of experience in information technology and security. He's authored SANS most advanced course, SEC760: Advanced Exploit Development for Penetration Testers, was the 9th person in the world to earn the GIAC Security Expert certification (GSE), and co-author of the Gray Hat Hacking book series, as well as a keynote speaker who's appeared at RSA USA and APJ, OWASP AppSec, BSides events and more. On top of all this, Stephen is Curriculum Lead for SANS Offensive Operations.

More About Stephen


Stephen has worked for Wells Fargo, Charles Schwab, CSC, and is now a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, threat modeling, secure coding, and other areas, giving him ample opportunity to use his skills in a variety of ways. "You will never know everything in this field and there are so many directions one can take," he says. "If you ever get bored with an area in security you can change over to a hundred other exciting roles."

Shortly after launching his career, Stephen set the goal of becoming a SANS instructor. After attending a SANS training in 2003, he was blown away by the knowledge and presentation skills of the instructor. "SANS also gives so much back to the community through immersion programs and scholarships to veterans and underrepresented groups," says Stephen. "I set becoming a SANS instructor as a goal of mine and went after it."

Stephen became a SANS instructor in 2006, and today is curriculum lead for SANS Offensive Operations, as well as faculty fellow for the SANS Institute. He authored SANS' most advanced technical course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. He's also the lead author of SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking and coauthor of SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. In the classroom, you'll find him teaching these courses along with SEC401: Security Essentials: Network, Endpoint, and Cloud and SEC501: Advanced Security Essentials - Enterprise Defender.

As an instructor, Stephen enjoys watching his students work through a problem to completion, either on their own or in collaboration with another student. "You learn a lot more when you work hard to solve a complex problem without asking for assistance," he says, noting that you should never be afraid to ask for help when you need it. "Sometimes we all need a little nudge in the right direction, but it's always best to exhaust all possibilities first."

Stephen says his most successful students are ones who come to class well-rested and with an open mind. "Be prepared to have to work through solutions and spend additional time after class is over to go back through in order to absorb all of the material," he says.

Stephen is the 9th person in the world to receive the prestigious GIAC Security Expert certification (GSE). He is a Certified Information Systems Auditor (CISA) and certified Immunity Network Offense Professional (Immunity NOP), along with many other certifications. Stephen is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

An author of the Gray Hat Hacking book series, Stephen holds a master's degree in Information Assurance from Norwich University. A frequent presenter, Stephen has spoken at RSA USA in previous years and was keynote speaker for the 2019 event. He's also presented at RSA APJ, OWASP AppSec, BSidesCharm, AISA, and more. When he's not working, you'll find him hitting the slopes on his snowboard and writing music.

Hear Steve speak at the 2019 RSA Conference:



Purple Team Tactics: A Technical Look at Windows 10 Exploit Mitigations

Introduction to Reverse Engineering with IDA Pro

IDA Pro Challenge Walk Through & What's New in SEC760 'Advanced Exploit Dev'

How to accelerate your cyber security career

Windows Defender Exploit Guard for Windows 10

Kolide & OSQuery - How to build solid queries & packs for incident detection & threat hunting

Weaponizing Browser-Based Memory Leak Bugs

What is Purple Team? Updates to SEC599

Improving Your Defenses - EMET & Window Defender Exploit Guard

Improving Your Defenses - CredentialGuard in Windows 10


Security Weekly #421

Patching Exploits with Duct Tape: Bypassing Mitigations and Backward Steps


Gray Hat Hacking: The Ethical Hacker's Handbook, 5th Edition