SANS penetration testing instructors are some of the most noted experts in the field of penetration testing, masters of serious black arts dedicated to helping the world improve its security practices. Each is a real-world practitioner who specializes in the subjects they teach. Their instruction is soaked through with their real-world experience in the methods that they teach, the examples they've lived, the stories they share, all wrapped up in their excitement in the course material.
All of our instructors undergo rigorous training and evaluation before earning the much coveted "SANS Certified Instructor" status. This grueling process helps us guarantee that what you learn in class will be up-to-date and directly relevant to your job, providing you with skills that you can use the day that you return to work
Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialized in the technical aspects of IT security from 1997 onward, and before retiring from active duty, he lead the RAF's penetration and TEMPEST testing teams. He founded Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and both music and film labels worldwide.
When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in gaming and music media. To relax Steve enjoys playing Battlefield to loud music and developing collaborative DFIR tools.
Steve Armstrong's energy is contagious. Although the day was long, I felt alert and engaged at all times. - Amr Zakaa Khalife, Vodafone Egypt
Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services. Mark has more than 28 years of commercial and government experience ranging from Software Developer to Chief Information Security Officer. Mark is a Senior Instructor for The SANS Institute and the author of the Python for Penetration testers course (SEC573). Mark has a Master's Degree in Information Security Engineering and many industry certifications including being 15th person in the world to receive the prestigious GIAC Security Expert certification (GSE). Mark is very active in the information security community. Mark is the founding president of The Greater Augusta ISSA (Information Systems Security Association) chapter which has been extremely successful in bringing networking and educational opportunities to Augusta Information Technology workers. Since January 2011, Mark has served as the Technical Advisor to the DoD for SANS where he assists various government organizations in the development of information security capabilities.
Mark's teaching style is very relevant and sets an atmosphere where you are excited to learn. - Jeff Turner, Lexis Nexis Risk Solutions
George Bakos has been interested in computer security since the early 1980s when he discovered the joys of BBSs and corporate databases. These days he is Technical Fellow & Manager of Cyber Threat Assessment & Awareness at Northrop Grumman, a global leader in Cybersecurity, Aerospace & Defense. While at the Institute for Security Technology Studies, George was the developer of Tiny Honeypot and the IDABench intrusion analysis system and led the Dartmouth Distributed Honeynet System, fielding deception systems and studying the actions of attackers worldwide. He developed and taught the U.S. Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams throughout the United States. A recognized authority in computer security, he has contributed to numerous books and open source software projects; has been interviewed on radio, television, and online publications; briefed the highest levels of government; and has been a member of the SANS Institute teaching faculty since 2001. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.
George teaches you practical skills and provides real-world examples of IT security issues. - Mark Lian, Northrop Grumman
SANS Senior Instructor Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the books the CISSP Study Guide, and the Eleventh Hour CISSP: Study Guide.
Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.
Eric is fantastic and does an excellent job relating the material to real-life examples. - Robby Croft, Brown Foreman
Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.
Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming.
He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities."
Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.
"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College
"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous
Pieter Danhieux is a certified instructor for the SANS Institute, teaching military, government, and private organizations offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. He is also one of the founders of the security and hacking conference BruCON in Belgium.
Pieter has worked in the cyber security space since 2002. He was one of the youngest persons ever in Belgium to obtain the Certified Information Systems Security Professional (CISSP) certification. He then obtained the Certified Information Systems Auditor (CISA) and the GIAC Certified Forensics Analyst program (GCFA) and is currently one of the select few people worldwide to hold the GIAC Security Expert (GSE) certification.
Pieter is Co-founder and Chief Architect of the Secure Code Warrior platform (http://www.securecodewarrior.com), a gamified environment where developers and security testers can learn how to properly identify and fix security weaknesses in software. Until January 2015, he was part of the leadership at BAE Systems APAC in his role as Head of Delivery of the Applied Intelligence business unit. Before that, Pieter worked for seven years at Ernst & Young in Europe as one of their information security experts running a team of attack and penetration resources operating in the financial industry and telecommunication space.
SANS is by far the best hands-on training. Peter is very knowledgeable and knows how to transfer that to students. - Rob Brabers, Sincerus
Adrien de Beaupre
Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). He is actively involved with the information security community, and has been working with SANS since 2000. Adrien holds a variety of certifications including the GXPN, GPEN, GWAPT, GCIH, GCIA, GSEC, CISSP, OPST, and OPSA. When not geeking out he can be found with his family, or at the dojo.
Kevin Fiscus is the founder of and lead consultant for Cyber Defense Advisors where he performs security and risk assessments, vulnerability and penetration testing, security program design, policy development and security awareness with a focus on serving the needs of small and mid-sized organizations. Kevin has over 20 years of IT experience and has focused exclusively on information security for the past 12. Kevin currently holds the CISA, GPEN, GREM, GMOB, GCED, GCFA-Gold, GCIA-Gold, GCIH, GAWN, GPPA, GCWN, GCSC-Gold, GSEC, SCSA, RCSE, and SnortCP certifications and is proud to have earned the top information security certification in the industry, the GIAC Security Expert. Kevin has also achieved the distinctive title of SANS Cyber Guardian for both red team and blue team. Kevin has taught many of SANS most popular classes including SEC401, SEC464, SEC503, SEC504, SEC542, SEC560, SEC561, SEC575, FOR508, and MGT414.
You can reach Kevin on Twitter @kevinbfiscus or on LinkedIn at http://www.linkedin.com/in/kevinbfiscus.
Kevin Fiscus is one of the best instructors I have seen! Great find SANS! - David Hoid, Employers Holdings
"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeroes, little bits of data. It's all just electrons." -- Cosmo, from "Sneakers"
As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies, he was a member of Foundstone's renowned penetration testing team and served as a senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On course series. Bryce is currently the owner of Layered Security where he provides specialized vulnerability assessment and penetration testing services for clients. He teaches several of the SANS Institute's most popular courses and develops curriculum around current topics. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce is an active member of several security-related organizations, he holds several security certifications and speaks at conferences around the world.
Bryce is an excellent instructor. His knowledge and delivery are exceptional. - Chris Shipp, DM Petroleum Operations Co.
Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world penetration testing and incident response experience to provide excellent solutions to his customers. Micah holds GIAC's GMON, GAWN, GWAPT, and GPEN certifications as well as the CISSP and is a SANS Certified Instructor.
Micah is an active member in the NoVAHackers community, writes Recon-ng modules and enjoys tackling issues with the Python scripting language. When not working, teaching, or learning, Micah can be found hiking or backpacking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.
"Great instructor, well spoken, excitable about the subject." - Gharrett Worku, Paycom
"Micah's delivery was entertaining and engaging." - Paul Ryan, GDIT
"Instructor keeps students engaged. Provides assistance when needed, excellent attitude." - Nathan Peterson
"Good pace - good depth of knowledge." - Robert Smith, Intel Corp
James Lyne is Global Head of Security Research at the security firm Sophos. He is a self-professed 'massive geek' and has technical expertise spanning a variety of the security domains from forensics to offensive security. James has worked with many organisations on security strategy, handled a number of severe incidents and is a frequent industry advisor. He is a certified instructor at the SANS Institute and is often a headline presenter at industry conferences.
James firmly believes that one of the biggest challenges we face is in making security accessible and interesting to those outside the industry. As a result, he takes every opportunity to educate on security threats and best practice - always featuring live demonstrations and scenarios of how cyber criminals operate in the real world.
James has given multiple TED talks, including at the main TED event. He's also appeared on a long list of national TV programmes to educate the public including CNN, NBC, BBC News, Bill Maher and John Oliver. As a spokesperson for the industry, he is passionate about talent development, regularly participating in initiatives to identify and develop new talent for the industry
James Lyne made this course a tremendous experience. James made it his personal mission to make sure he carried everyone with him no matter what their skill level is. Outstanding! - S. Khan, EADS-NA
Tim Medin is a senior technical analyst at Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. Prior to Counter Hack, Tim was a Senior Security Consultant for FishNet Security where the majority of his focus was on penetration testing. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim regularly contributes to the SANS Penetration Testing Blog (pen-testing.sans.org/blog/) and the Command Line Kung Fu Blog (blog.commandlinekungfu.com). He is also project lead for the Laudanum Project, a collection of injectable scripts designed to be used in penetration testing. Currently Tim is a certified instructor for the SANS Institute.
"Tim is a great instructor, I really enjoyed the live demos and the style of his teaching. He really keeps you engaged." - Drew Davis, Rook Security
Seth Misenar is a Cyber Security Expert who serves as a Senior Instructor with the SANS Institute and Principal Consultant at Context Security, LLC. He is numbered among the few security experts worldwide to have achieved the GIAC GSE (#28) credential. Seth teaches a variety of cyber security courses for the SANS Institute including two very popular courses for which he is lead author: the bestselling SEC511: Continuous Monitoring and Security Operations and SEC542: Web Application Penetration Testing and Ethical Hacking.
Seth's background includes security research, network and web application penetration testing, intrusion analysis, incident response, and security architecture design. He has previously served as a security consultant for Fortune 100 companies, as well as the HIPAA Security Officer for a state government agency.
In addition to serving as lead author for two SANS classes, Seth also co-authored Syngress CISSP® Study Guide, now in its 3rd Edition, the Eleventh Hour CISSP®: Study Guide and MGT414: SANS Training Program for CISSP® Certification. Seth has a Bachelor of Science degree in Philosophy from Millsaps College and resides in Jackson, Mississippi with his wife, Rachel, and children, Jude, Hazel, and Shepherd.
Seth's enthusiasm makes the class work very well. His knowledge is amazing and will certainly be taken back to work with me! - Kevin Cowell, BT
Larry is a Senior Security Analyst with InGuardians after a long stint in security and disaster recovery in healthcare, performing penetration testing, wireless assessments, and hardware hacking. He also diverts a significant portion of his attention co-hosting the PaulDotCom Security Weekly podcast and likes to tinker with all things electronic and wireless, much to the disappointment of his family, friends, warranties, and his second Leatherman Multi-tool. Larry also co-authored Linksys WRT54G Ultimate Hacking and Using Wireshark and Ethereal from Syngress. Larry is an Extra Class Amateur Radio operator (KB1TNF) and enjoys developing hardware and real-world challenges for the Mid-Atlantic Collegiate Cyber Defense Challenge. He is also a SANS certified instructor.
SEC617 was great and I am still impressed with the consistency from Day 1-6 of Pesce keeping a high level of energy and knowledge throughout. - Philip Mein, JCCC
Mike is a founder and senior security analyst for the DC firm InGuardians, Inc. In the past he has worked for Sourcefire as a research engineer and for SANS leading their intrusion analysis team. As a consultant, Mike conducts incident response, breach analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds the GCIA certification and is an expert in network engineering and systems and network and Web administration. Mike is an author of the international best selling Snort series of books from Syngress, a member of the Honeynet Project, and a handler for the SANS Internet Storm Center.
Mike respects what we are here for and doesn't rush us out. He takes the time to explain problem areas. - Aaron Didier, Motorola Solutions
Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. Mr. Searle is currently a certified instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework (SamuraiWTF), the Samurai Security Testing Framework for Utilities (SamuraiSTFU), Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).
Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security:
Protecting Virtualized Environments, as well as the coauthor of Hands-On Information Security from Course Technology. Recently Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.
Dave knows his stuff and explains the material in an easy-to-understand way. - Jonathan O'Neal, Monster.com
James has over 15 years' experience in IT. He is a SANS certified instructor and is one of the first certified GSE-Malware experts. He graduated with a BS in computer science from the University of Idaho. James is a founder and active consultant for Bluenotch Corporation, which focuses on investigations, penetration testing, and analysis. He develops applications and appliances for broadcast radio, Internet, and satellite devices. James also contributes to the FreeBSD project and is a port maintainer. He presents at various security and IT conferences, is a courseware contributor, and is actively involved in the COINS program.
Raul Siles is founder and senior security analyst at DinoSec. For over a decade, he has applied his expertise performing advanced technical security services and innovating offensive and defensive solutions for large enterprises and organisations in various industries worldwide. He has been involved in security architecture design and reviews, penetration tests, incident handling, intrusion and forensic analysis, security assessments and vulnerability disclosure, web applications, mobile and wireless environments, and security research in new technologies. Throughout his career, starting with a strong technical background in networks, systems and applications in mission critical environments, he has worked as an information security expert, engineer, researcher and penetration tester at Hewlett Packard, as an independent consultant, and on his own companies, Taddong and DinoSec.
Raul is a certified instructor for the SANS Institute, regularly teaching penetration testing courses. He is an active speaker at international security conferences and events, such as RootedCON, Black Hat, OWASP, BruCON, etc. Mr. Siles is author of security training courses, blogs, books, articles, and tools, and actively contributes to community and open-source projects. He loves security challenges, and has been a member of international organisations, such as the Honeynet Project or the SANS Internet Storm Center. Raul is one of the few individuals worldwide who have earned the GIAC Security Expert (GSE) designation, as well as many other certifications. Raul holds a master's degree in computer science from UPM (Spain) and a postgraduate in security and e-commerce.
Raul is a top bloke, absolute genius, would recommend the course based on his teaching skills alone!! - Nic Trujillo, VM
Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Stephen has an MS in information assurance from Norwich University and is a course author and senior instructor for the SANS Institute. He is the author of SANS' only 700-level course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.
Looking at everything I have learned from Stephen, I definitely feel I have gained an edge when it comes to the augmentation of my pentest skills. He made the impossible understandable and I am grateful for that. - Alexander Cobblah, Booz Allen Hamilton
Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.
Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.
"Ed Skoudis has been named by others in my organization as a great instructor and I completely agree." - Travis Peska, ManTech
"Getting the war stories from Ed as part of the material helps me understand how things really happen." - Kevin Eveker, IDA
"Ed is a fantastic and charismatic instructor who helps get the key points across to students." - Thomas Rogers, Chevron
"Ed is one of the best instructors I have ever had. It's no secret why he is such a world class pen-tester!" - Patrick McCoy, KEYW
"Ed pulls all of the available knowledge into a very understandable easy to digest format." - Bill Hinds, PMI
John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services. He is the also the CTO of Offensive Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network.
John is an experienced speaker, having done presentations to the FBI, NASA, the NSA and at various industry conferences. He is a senior instructor with the SANS Institute teaching:
- SEC504 - Hacker Techniques, Exploits, and Incident Handling
- SEC560 - Network Penetration Testing and Ethical Hacking
- SEC580 - Metasploit Kung Fu for Enterprise Pen Testing
- SEC550 - Offensive Countermeasures, Active Defense and Cyber Deception
And the lead course author of:
SANS 504: Hacker Techniques, Exploits, and Incident Handling
He also co-hosts Security Weekly, the world's largest information security podcast; co-authored Offensive Countermeasures: The Art of Active Defense; and writes loud rock music and makes various futile attempts at fly-fishing.
"Very informative! Mr. John Strand's experience shared through narrative brings course material to life."
- Christopher Wilson, USAF
Below are some videos of John presenting:
Arrigo Triulzi, trained in Pure Mathematics, holds an MSc in Mathematical Computation from Queen Mary, University of London, and is working towards a PhD in Algebraic Computation. He is co-founder and Chief Security Officer of K2 Defender Limited, a bespoke high-end IDS solutions provider. Arrigo is also a free-lance consultant in IT Security with particular expertise in secure network design, network security analysis, and incident handling. He is also the administrator of the IDS Europe mailing list. Having worked with both popular and less common flavours of Unix he is comfortable working in any heterogeneous networking environment and his knowledge also includes esoteric operating systems such as Guardian/NSK. Arrigo is co-inventor in an EU patent for a high-performance distributed IDS design, and has written on a variety of security topics. Recent work includes web research into IDS deployment on IPv6, firewall verification using IDS, and distributed concept virii. Arrigo is also a certified instructor for the SANS Institute.
Johannes Ullrich, Ph.D.
As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.
Listen to Johannes discuss "HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication" in this SANS webcast.
"Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day." - Brad Meyers, Molina Healthcare
"Excellent teaching style! Very knowledgeable, listens to questions, will keep explaining in different examples until you understand." - Lori Stockdale, NYISO
Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open-source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions cyber warriors in the US military, government agencies, and critical infrastructure providers.
Joshua's teaching style is phenomenal. He's very engaging, and does a great job of promoting discussions without getting too far off on a tangent. - Jeremy Erickson, Sandia National Labs