Trevor Giffen

Trevor Giffen is currently working as a Threat Intelligence Advisor at the Equinix Threat Analysis Center. In addition to his work at Equinix, he is a SANS co-author of the SANS FOR589 course: Cybercrime Intelligence, is the founder of the Curated Intelligence trust group, and was previously the Threat Intelligence Manager at KPMG-Egyde. Academically, he is certified in GCTI and studied the Networking & I.T. Security program at Ontario Tech University. As a SANS co-author for FOR589 he can realize his mission to demystify ‘dark arts’ knowledge that historically has been overly complex to attain, such that it can prevent and mitigate cyber-attacks, and attribute and deter threat actors.

More About Trevor


Trevor has always been interested in investigations. He started as a pre-teen learning to identify and exploit vulnerabilities following OWASP Top 10. This quickly evolved into a niche interest focused on the intercepts of open-source intelligence (OSINT), operational security (OPSEC), social engineering (SE), and mass surveillance implications. Naturally, these interests merged into his passion for threat intelligence. “Cybersecurity has always drawn me as I possess an investigator’s mindset. Life in this field always keeps me interested,” he says.

His mission is to demystify ‘dark arts’ knowledge that has historically been overly complex to attain. He enjoys educating people on this knowledge. Trevor believes the content of lessons should adhere to a self-imposed ‘PTR’ principle: provable, teachable, repeatable. As the cybercrime landscape is difficult to investigate and track, Trevor shines his light on this with practical methods and techniques necessary for understanding how to investigate and monitor the multiple platforms, networks, communities, and pacts cybercriminals leverage to operate. “I would like to broaden this accessibility,” he says.

As an independent security researcher, he learned the culture of cybersecurity, including the ‘hacker underground,’ through online security communities. Over time, he discovered opportunities to holistically understand the ‘hacker’s view’ beyond scans, vulnerabilities, and exploits, allowing him to turn the available information into actionable intelligence to prevent, mitigate, and respond to cyber-attacks. These efforts caused him to discover cybercrime-focused counterintelligence opportunities that many security professionals do not yet fully grasp.

In his work, he has supported multi-faceted teams across dozens of security breach cases, from a CTI perspective, to help those teams understand and track aspects of cybercrime stemming from Russian-language or English-language cybercrime communities. “Among these, I have worked several high-profile, news-headlining cases which I, unfortunately, cannot disclose. In some, I even got hands-on in traditional digital forensics labs, including within executive war rooms.” These first-hand cases have ranged from ransoms, extortions, hacktivism, insider threats, advanced persistent threats, and more. These cases typically spanned victims in Quebec, Canada, the USA, and the UK.

Outside his work, he administers Curated Intelligence, a leading trust group connecting some of the best intelligence researchers and incident responders. “I have consistently kept myself up-to-date with cybercrime trends and insights by associating myself in conversation with like-minded peers every day since its creation in 2019.” He sometimes creates detailed research resources, “typically only when I feel there’s a gap in the threat research landscape.” A recent significant resource he created for the security community is the ‘Initial Access Broker (IAB) Landscape', referenced and released via Curated Intelligence. “This IAB Landscape is even used to teach about IABs in the course material for the FOR528 ransomware course.”

Trevor is uniquely qualified to author FOR589 content due to his skills from studying the ‘cybercrime underground’ and his past and current experience building and operationalizing CTI teams.

You can find more from Trevor online:

Initial Access Broker (IAB) Landscape: (Curated Intelligence, 2021)

Blog ‘Assessing the state of breached data search services’: (Curated Intelligence, 2021)

Presentations on ‘Breach Analytica’ Project: (HackFest 2018) (conINT, 2020)