Stephen has worked for Wells Fargo, Charles Schwab, CSC, and is now a full-time consultant helping clients with product security testing, reverse engineering, penetration testing, exploit developing, threat modeling, secure coding, and other areas, giving him ample opportunity to use his skills in a variety of ways. "You will never know everything in this field and there are so many directions one can take," he says. "If you ever get bored with an area in security you can change over to a hundred other exciting roles."
Shortly after launching his career, Stephen set the goal of becoming a SANS instructor. After attending a SANS training in 2003, he was blown away by the knowledge and presentation skills of the instructor. "SANS also gives so much back to the community through immersion programs and scholarships to veterans and underrepresented groups," says Stephen. "I set becoming a SANS instructor as a goal of mine and went after it."
Stephen became a SANS instructor in 2006, and today is curriculum lead for SANS Offensive Operations, as well as faculty fellow for the SANS Institute. He authored SANS' most advanced technical course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. He's also the lead author of SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking and coauthor of SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. In the classroom, you'll find him teaching these courses along with SEC401: Security Essentials: Network, Endpoint, and Cloud and SEC501: Advanced Security Essentials - Enterprise Defender.
As an instructor, Stephen enjoys watching his students work through a problem to completion, either on their own or in collaboration with another student. "You learn a lot more when you work hard to solve a complex problem without asking for assistance," he says, noting that you should never be afraid to ask for help when you need it. "Sometimes we all need a little nudge in the right direction, but it's always best to exhaust all possibilities first."
Stephen says his most successful students are ones who come to class well-rested and with an open mind. "Be prepared to have to work through solutions and spend additional time after class is over to go back through in order to absorb all of the material," he says.
Stephen is the 9th person in the world to receive the prestigious GIAC Security Expert certification (GSE). He is a Certified Information Systems Auditor (CISA) and certified Immunity Network Offense Professional (Immunity NOP), along with many other certifications.
An author of the Gray Hat Hacking book series, Stephen holds a master's degree in Information Assurance from Norwich University. A frequent presenter, Stephen has spoken at RSA USA in previous years and was keynote speaker for the 2019 event. He's also presented at RSA APJ, OWASP AppSec, BSidesCharm, AISA, and more. When he's not working, you'll find him hitting the slopes on his snowboard and writing music.
Hear Steve speak at the 2019 RSA Conference:
ADDITIONAL CONTRIBUTIONS BY STEVE SIMS:
Purple Team Tactics: A Technical Look at Windows 10 Exploit Mitigations
Introduction to Reverse Engineering with IDA Pro
IDA Pro Challenge Walk Through & What's New in SEC760 'Advanced Exploit Dev'
How to accelerate your cyber security career
Windows Defender Exploit Guard for Windows 10
Kolide & OSQuery - How to build solid queries & packs for incident detection & threat hunting
Weaponizing Browser-Based Memory Leak Bugs
What is Purple Team? Updates to SEC599
Improving Your Defenses - EMET & Window Defender Exploit Guard
Improving Your Defenses - CredentialGuard in Windows 10
PODCASTS AND PRESENTATIONS
Patching Exploits with Duct Tape: Bypassing Mitigations and Backward Steps
Gray Hat Hacking: The Ethical Hacker's Handbook, 5th Edition