Instructors

Instructors

SANS penetration testing instructors are some of the most noted experts in the field of penetration testing, masters of serious black arts dedicated to helping the world improve its security practices. Each is a real-world practitioner who specializes in the subjects they teach. Their instruction is soaked through with their real-world experience in the methods that they teach, the examples they've lived, the stories they share, all wrapped up in their excitement in the course material.

All of our instructors undergo rigorous training and evaluation before earning the much coveted "SANS Certified Instructor" status. This grueling process helps us guarantee that what you learn in class will be up-to-date and directly relevant to your job, providing you with skills that you can use the day that you return to work


Steve Armstrong

Steve Armstrong

Steve began working in the security arena in 1994 whilst serving in the UK Royal Air Force. He specialized in the technical aspects of IT security from 1997 onward, and before retiring from active duty, he lead the RAF's penetration and TEMPEST testing teams. He founded Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and both music and film labels worldwide.

When not teaching for SANS, Steve provides penetration testing and incident response services for some of the biggest household names in gaming and music media. To relax Steve enjoys playing Battlefield to loud music and developing collaborative DFIR tools.

Here is What Students Say About Steve Armstrong:

"Steve Armstrong's energy is contagious. Although the day was long, I felt alert and engaged at all times." - Amr Zakaa Khalife, Vodafone Egypt

Mark Baggett

Mark Baggett

Mark Baggett is the owner of Indepth Defense, an independent consulting firm that offers incident response and penetration testing services.  Mark has more than 28 years of commercial and government experience ranging from Software Developer to Chief Information Security Officer.  Mark is a Senior Instructor for The SANS Institute and the author of the Python for Penetration testers course (SEC573).  Mark has a Master's Degree in Information Security Engineering and many industry certifications including being 15th person in the world to receive the prestigious GIAC Security Expert certification (GSE).  Mark is very active in the information security community.  Mark is the founding president of The Greater Augusta ISSA (Information Systems Security Association) chapter which has been extremely successful in bringing networking and educational opportunities to Augusta Information Technology workers.  Since January 2011, Mark has served as the Technical Advisor to the DoD for SANS where he assists various government organizations in the development of information security capabilities.

Here is What Students Say About Mark Baggett:

"Mark's teaching style is very relevant and sets an atmosphere where you are excited to learn." - Jeff Turner, Lexis Nexis Risk Solutions

George Bakos

George Bakos

George Bakos has been interested in computer security since the early 1980s when he discovered the joys of BBSs and corporate databases. These days he is Technical Fellow & Manager of Cyber Threat Assessment & Awareness at Northrop Grumman, a global leader in Cybersecurity, Aerospace & Defense. While at the Institute for Security Technology Studies, George was the developer of Tiny Honeypot and the IDABench intrusion analysis system and led the Dartmouth Distributed Honeynet System, fielding deception systems and studying the actions of attackers worldwide. He developed and taught the U.S. Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams throughout the United States. A recognized authority in computer security, he has contributed to numerous books and open source software projects; has been interviewed on radio, television, and online publications; briefed the highest levels of government; and has been a member of the SANS Institute teaching faculty since 2001. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.

Here is What Students Say About George Bakos:

"George teaches you practical skills and provides real-world examples of IT security issues." - Mark Lian, Northrop Grumman

Eric Conrad

Eric Conrad


SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the books the CISSP Study Guide, and the Eleventh Hour CISSP: Study Guide.


Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now CTO of Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.

Statements from SANS alumni regarding their training experience

"Eric is fantastic and does an excellent job relating the material to real-life examples." - Robby Croft, Brown Foreman

"I really love the opportunity to take a SANS course from an instructor that authored the material. Eric clearly knows this material inside & out." - Jesse Lane, IAG

Christopher Crowley

Christopher Crowley

Mr. Crowley has 15 years of industry experience managing and securing networks. He currently works as an independent consultant in the Washington, DC area focusing on effective computer network defense. His work experience includes penetration testing, security operations, incident response, and forensic analysis.

Mr. Crowley is the course author for for SANS Management 517 - Managing Security Operations and SANS Management 535 - Incident Response Team Management. He holds the GSEC, GCIA, GCIH (gold), GCFA, GPEN, GMOB, GASF, GREM, GXPN and CISSP certifications. His teaching experience includes FOR585, MGT517, MGT535, SEC401, SEC503, SEC504, SEC560, SEC575, and SEC580; Apache web server administration and configuration; and shell programming. 

He was awarded the SANS 2009 Local Mentor of the year award. "The Mentor of the Year Award is given to SANS Mentors who excel in leading SANS Mentor Training classes in their local communities." 

Mr. Crowley spends his spare time mountain biking, rock climbing and savoring epicurean treats.

Here is What Students Say About Christopher Crowley:

"Chris really knew his stuff and presented ideas that made me change my mind on some policies and configs we employ ." - William Jeskey, Tarrant County College

"Chris was one of the best instructors I have ever had in any training environment in almost 24 years of service." - Anonymous

Chris Dale

Chris Dale

Chris Dale is the Head of the Penetration Testing & Incident Handling groups at Netsecurity, a mid-sized company based out of Norway. Along with significant security expertise, Chris has a background in System Development, IT-Operations and Security Management. This broad experience in IT is advantageous when managing penetration tests, incidents and while teaching.

Chris is passionate about security -- both physical and in IT, and regularly presents and teaches at conferences and workshops. Chris holds the GCIH, GPEN, GSLC, and GMOB certifications. He also has a B.S in Informatics, with specialization in programming from Norwegian University of Science and Technology. He participates in panel debates and is invited to participate in Government related working groups, to recommend and improve the Norwegian private and public sectors.

Currently Chris teaches two SANS courses- MGT535: Incident Response Team Management  and SEC504: Hacking Techniques, Exploits & Incident Handling. SEC504 prepares students for the GIAC Certification in Incident Handling (GCIH).

Here is what students say about Chris Dale:

The fact that he spoke with the same amount of enthusiasm, passion, and energy on Monday morning that he did following lunch on the Friday is a real testament to his professionalism and diligence. I will be recommending colleagues to attend this course particularly if Chris is taking it." ~ Liam M.

"His teaching skills are extra-ordinary and the approach he uses to explain concepts is so unique that keeps the learners so interested. Chris is very highly skilled on Cyber Security, Incident Response and his enthusiastic passion for sharing that knowledge, spicing it with some fun is something special and hard to find in all trainers. I would say he is the best trainer I had until now in my career and recommend him as an excellent cyber security consultant to any firm. Thank You for the beneficial training, Chris." ~ Rini I.

"His experience in cyber security was immediately apparent, as was his enthusiasm for the subject. Chris was a great teacher combining energy with a genuine concern for his pupils. He was a pleasure to spend time with and an inspiration." ~ Jeremy M. 

Visit Chris Dale's blog

Pieter Danhieux

Pieter Danhieux

Pieter Danhieux is a certified instructor for the SANS Institute, teaching military, government, and private organizations offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. He is also one of the founders of the security and hacking conference BruCON in Belgium.

Pieter has worked in the cyber security space since 2002. He was one of the youngest persons ever in Belgium to obtain the Certified Information Systems Security Professional (CISSP) certification. He then obtained the Certified Information Systems Auditor (CISA) and the GIAC Certified Forensics Analyst program (GCFA) and is currently one of the select few people worldwide to hold the GIAC Security Expert (GSE) certification.

Pieter is Co-founder and Chief Architect of the Secure Code Warrior platform (http://www.securecodewarrior.com), a gamified environment where developers and security testers can learn how to properly identify and fix security weaknesses in software. Until January 2015, he was part of the leadership at BAE Systems APAC in his role as Head of Delivery of the Applied Intelligence business unit. Before that, Pieter worked for seven years at Ernst & Young in Europe as one of their information security experts running a team of attack and penetration resources operating in the financial industry and telecommunication space.

Here is What Students Say About Pieter Danhieux:

"SANS is by far the best hands-on training. Peter is very knowledgeable and knows how to transfer that to students." - Rob Brabers, Sincerus

Adrien de Beaupre

Adrien de Beaupre

Adrien de Beaupre is a certified SANS instructor and works as an independent consultant in beautiful Ottawa, Ontario. His work experience includes technical instruction, vulnerability assessment, penetration testing, intrusion detection, incident response and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu). He is actively involved with the information security community, and has been working with SANS since 2000. Adrien holds a variety of certifications including the GXPN, GPEN, GWAPT, GCIH, GCIA, GSEC, CISSP, OPST, and OPSA. When not geeking out he can be found with his family, or at the dojo.

Web: www.intru-shun.ca

Here is What Students Say About Adrien de Beaupre:

"Adrien has been AMAZING. There are a good amount of slides and no one has been bored. It's a testament to his skill." - Ashwin Venkat, F5 Networks

Mick Douglas

Mick Douglas

Even when his job title has indicated otherwise, Mick Douglas has been doing information security work for over 10 years. He received a bachelor's degree in communications from Ohio State University.  He is the managing partner for InfoSec Innovations.

He is always excited for the opportunity to share with others so they do not have to learn the hard way! By studying with Mick, security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find Mick indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.

Here is What Students Say About Mick Douglas:

"Mick does an excellent job of delivering the material. His interest in and passion for this class is obvious." - Matt Steinberg

"Priceless information! Best instructor ever." - Mat Rose, capgemini-gs

Matt Edmondson

Matt Edmondson

By day, Matt performs technical duties for the U.S. government and has extensive experience with open-source intelligence (OSINT) and digital forensics including conducting numerous examinations and testifying as an expert witness on multiple occasions. 

By night, he is a Principal at Argelius Labs, where he performs security assessments and consulting work.

A recognized expert in his field with a knack for communicating complicated technical issues to non-technical personnel, Matt routinely provides cybersecurity instruction to individuals from the Department of Defense, Department of Justice, Department of Homeland Security, Department of Interior, as well as other agencies, and has spoken frequently at information security conferences and meetings. 

"I think the thing I love most about teaching the SEC504 for SANS is that it allows me to geek out about both offensive tactics and digital forensics." says Matt. "To be able to cover things like exploit development and memory forensics in the same class is amazing."

Get to Know Matt Edmondson:

Here is What Students Say About Matt Edmondson:

"I''ve taken a few courses that taught cryptosystems. This was the best explanation and most easily understood presentation." - Justin Givhan, FBI

II especially enjoyed how Matt included his personal experiences to reinforce the course content." - Dan McClain, Regions Financial Corp.

Kevin Fiscus

Kevin Fiscus

Kevin Fiscus is the founder of and lead consultant for Cyber Defense Advisors where he performs security and risk assessments, vulnerability and penetration testing, security program design, policy development, and security awareness with a focus on serving the needs of small and mid-sized organizations. Kevin has over 20 years of IT experience and has focused exclusively on information security for the past 12. Kevin currently holds the CISA, GPEN, GREM, GMOB, GCED, GCFA-Gold, GCIA-Gold, GCIH, GAWN, GPPA, GCWN, GCSC-Gold, GSEC, SCSA, RCSE, and SnortCP certifications and is proud to have earned the top information security certification in the industry, the GIAC Security Expert. Kevin has also achieved the distinctive title of SANS Cyber Guardian for both red team and blue team. Kevin has taught many of SANS's most popular classes including SEC401, SEC464, SEC503, SEC504, SEC542, SEC560, SEC561, SEC575, FOR508, and MGT414.

You can reach Kevin on Twitter @kevinbfiscus or on LinkedIn at http://www.linkedin.com/in/kevinbfiscus.

Here is What Students Say About Kevin Fiscus:

"Kevin Fiscus is one of the best instructors I have seen! Great find SANS!" - David Hoid, Employers Holdings

Moses Frost

Moses Frost

Moses Frost (Hernandez) is a seasoned security professional with over 15 years in the IT industry. He has held positions as a network engineer, network architect, security architect, platform engineer, site reliability engineer, and consulting sales engineer. He has a background in complex network systems, systems administration, forensics, penetration testing, and development. He has worked with some of the largest companies in the nation as well as fast-growing, bootstrap startups.

Moses has developed information security regimens safeguarding some of the most sensitive personal data in the nation. He creates custom security software to find and mitigate unknown threats, and works on continually evolving his penetration testing skills. He enjoys building software, networks, systems, and working with business-minded individuals.

Moses's current passions include offensive forensics, building secure systems, finance, economics, history, and music.

Here is What Students Say About Moses Frost (Hernandez):

"Keep on killing it. Moses is the best SANS instructor I have had." - William Kubicz, ARCYBER

Bryce Galbraith

Bryce Galbraith


"The world isn't run by weapons anymore, or energy, or money. It's run by little ones and zeros, little bits of data. It's all just electrons. There's a war out there?and it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think, it's all about information." -- Cosmo from, Sneakers
 
As a contributing author of the internationally bestselling book, Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce was a member of Foundstone's world-renowned penetration testing team and served as a co-author and Senior Instructor of Foundstone's groundbreaking, Ultimate Hacking: Hands-On course series.
 
Bryce continues to provide highly specialized ethical hacking and cyber security consulting services to clients around the world and teaches thousands of cyber security professionals, from a who's who of top organizations, how to defend against advanced adversaries...

Here is What Students Say About Bryce Galbraith:

"Bryce is an excellent instructor. His knowledge and delivery are exceptional." - Chris Shipp, DM Petroleum Operations Co.

Micah Hoffman

Micah Hoffman

Micah Hoffman has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world OSINT, penetration testing, and incident response experience to provide excellent solutions to his customers. Micah is the author of SEC487: Open-Source Intelligence Gathering and Analysis, is a SANS Certified Instructor, and holds GIAC's GMON, GAWN, GWAPT, and GPEN certifications as well as the CISSP.

Micah is a highly active member in the cyber security and OSINT communities. When not working, teaching, or learning, Micah can be found hiking on Appalachian Trail or the many park trails in Maryland. Catch him on Twitter @WebBreacher.

Here is What Students Say About Micah Hoffman:

"Great instructor, well spoken, excitable about the subject." - Gharrett Worku, Paycom

"Micah's delivery was entertaining and engaging." - Paul Ryan, GDIT

"Instructor keeps students engaged.  Provides assistance when needed, excellent attitude." - Nathan Peterson

"Good pace - good depth of knowledge." - Robert Smith, Intel Corp

James Lyne

James Lyne

James Lyne is Global Head of Security Research at the security firm Sophos. He is a self-professed 'massive geek' and has technical expertise spanning a variety of the security domains from forensics to offensive security. James has worked with many organisations on security strategy, handled a number of severe incidents and is a frequent industry advisor. He is a certified instructor at the SANS Institute and is often a headline presenter at industry conferences.

James firmly believes that one of the biggest challenges we face is in making security accessible and interesting to those outside the industry. As a result, he takes every opportunity to educate on security threats and best practice - always featuring live demonstrations and scenarios of how cyber criminals operate in the real world.

James has given multiple TED talks, including at the main TED event. He's also appeared on a long list of national TV programmes to educate the public including CNN, NBC, BBC News, Bill Maher and John Oliver. As a spokesperson for the industry, he is passionate about talent development, regularly participating in initiatives to identify and develop new talent for the industry.

Here is What Students Say About James Lyne:

"James Lyne made this course a tremendous experience. James made it his personal mission to make sure he carried everyone with him no matter what their skill level is. Outstanding!" - S. Khan, EADS-NA

David Mashburn

David Mashburn

David Mashburn is currently the IT Security Manager for a global non-profit organization in the Washington, D.C. area. He also has experience working as an IT security professional for several civilian federal agencies, and over 15 years of experience in IT. He holds a masters degree in computer science from John Hopkins University, and a B.S. from the University of Maryland at College Park. David holds multiple security-related certifications, including CISSP, GPEN, GCIH, GCIA, and CEH. He is also a member of the SANS / GIAC Advisory Board, and has previously taught courses in the Cybersecurity curriculum at the University of Maryland - University College.

Here is What Students Say About David Mashburn:

"Dave is a top-notch instructor and delivered the material in spectacular fashion. I would absolutely take another course from him." - Dan Veum, Assurant Inc.

Jeff McJunkin

Jeff McJunkin

Jeff McJunkin is a senior staff member at Counter Hack Challenges with more than nine years of experience in systems and network administration and network security. His greatest strength is his breadth of experience - from network and web application penetration testing to digital/mobile forensics, and from technical training to systems architecture. Jeff is a computer security/information assurance graduate of Southern Oregon University and holds many professional certifications. He has also competed in many security competitions, including taking first place at a regional NetWars competition and a U.S. Cyber Challenge capture-the-flag competition, as well as joining the Red Team for the Pacific Rim Collegiate Cyber Defense Competition. His personal blog can be found at http://jeffmcjunkin.com/.

Here is What Students Say About Jeff McJunkin:

"Jeff is an awesome instructor and explains very complex topics in an easy to understand manner! Thank you for this great course!" - Walt Carruth, Real Page

Tim Medin

Tim Medin


Tim Medin is the founder and Principal Consultant at Red Siege, a company focused to adversary emulation and penetration testing. Tim is also the SANS MSISE Program Director and a course author. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to a organizations around the world. Tim is also the creator of the Kerberoasting, a technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. Tim earned his MBA through the University of Texas.
 

Here is What Students Say About Tim Medin:

"Tim is a great instructor, I really enjoyed the live demos and the style of his teaching. He really keeps you engaged." - Drew Davis, Rook Security

Seth Misenar

Seth Misenar

Seth Misenar is a Cyber Security Expert who serves as a Faculty Fellow with the SANS Institute and Principal Consultant at Context Security, LLC.  He is numbered among the few security experts worldwide to have achieved the GIAC GSE (#28) credential. Seth teaches a variety of cyber security courses for the SANS Institute including two very popular courses for which he is lead author: the bestselling SEC511: Continuous Monitoring and Security Operations and SEC542: Web Application Penetration Testing and Ethical Hacking. 

Seth's background includes security research, network and web application penetration testing, intrusion analysis, incident response, and security architecture design. He has previously served as a security consultant for Fortune 100 companies, as well as the HIPAA Security Officer for a state government agency.

In addition to serving as lead author for two SANS classes, Seth also co-authored Syngress CISSP® Study Guide, now in its 3rd  Edition, the Eleventh Hour CISSP®: Study Guide and MGT414: SANS Training Program for CISSP® Certification.  Seth has a Bachelor of Science degree in Philosophy from Millsaps College and resides in Jackson, Mississippi with his wife, Rachel, and children, Jude, Hazel, and Shepherd.

Here is What Students Say About Seth Misenar:

"Seth's enthusiasm makes the class work very well. His knowledge is amazing and will certainly be taken back to work with me!" - Kevin Cowell, BT

Michael Murr

Michael Murr

Michael has been a forensic analyst with Code-X Technologies for over five years, has conducted numerous investigations and computer forensic examinations, and has performed specialized research and development. Michael has taught SANS SEC504: Hacker Techniques, Exploits, and Incident Handling, SANS FOR508: Computer Forensics, Investigation, and Response, and SANS FOR610: Reverse-Engineering Malware; has led SANS Online Training courses and is a member of the GIAC Advisory Board. Currently, Michael is working on an open-source framework for developing digital forensics applications. Michael holds the GCIH, GCFA, and GREM certifications and has a degree in computer science from California State University at Channel Islands. Michael also blogs about digital forensics on his forensic computing blog.

Here is What Students Say About Michael Murr:

"Mike is exceptional. His presentation is super smooth, and he's ultra knowledgeable." - Matt McGuirl, Palo Alto Networks

Jorge Orchilles

Jorge Orchilles

Jorge Orchilles, author of Microsoft Windows 7 Administrator's Reference, holds a Masters of Science in Management Information Systems from Florida International University, leads the Advanced Penetration Testing & Vulnerability Assessment Quality Control teams in a large financial institution and serves on the board of the Information Systems Security Association South Florida Chapter.

Jorge Orchilles has been involved in the Information Technology field since 2001. He began his career as a network and system administrator for a small private high school in Orlando, FL, USA. Realizing his passion for IT, he founded The Business Strategy Partners - IT Consultants branch in 2002. Here he began serving residential and small business clients in the South Florida area as an IT Consultant. While gaining work experience, he was a very involved, full-time student in Florida International University (FIU). He founded the FIU MIS Club and continues to be an advisor to the club. While at FIU he was contracted to work on the University's Active Directory Migration Project. After completing the project he was employed by Terremark (now Verizon) as a system administrator to continue gaining knowledge and experience of the IT field in a larger environment. After two years of corporate IT he developed a large interest in Information Security and was promoted to a Security Operations Center Analyst position at the same organization. After a year of defending critical infrastructure for federal and commercial customers he has moved to an offensive analyst position with a large financial institution. Jorge has performed hundreds of application and infrastructure vulnerability assessments and penetration tests. His leadership gained him various promotions and opportunities to manage various teams within the offensive information security team. He now manages the Advanced Penetration Testing & Vulnerability Assessment Quality Control teams.

He holds a Bachelor of Business Administration in Management Information Systems from Florida International University. Jorge holds various certifications from ISC2, ISACA, SANS GIAC, EC-Council, Cisco, Microsoft, and CompTIA: GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), GIAC Certified Penetration Tester (GPEN), GIAC Certified Incident Handler (GCIH), EC-Council Certified Ethical Hacker (C|EH), Core Impact Certified Professional (CICP), Cisco Certified Design Associate (CCDA), Cisco Security Solutions for System Engineers (SSSE), CompTIA Security+ (2008), Microsoft Certified Professional (70-228, 70-282, 70-284) and Microsoft Certified Technology Specialist (70-620).

Jorge speaks English, Spanish, and Portuguese in decreasing order of fluency. For more about Jorge A. Orchilles please visit his LinkedIn page.

Larry Pesce

Larry Pesce

Larry is a Senior Security Analyst with InGuardians after a long stint in security and disaster recovery in healthcare, performing penetration testing, wireless assessments, and hardware hacking. He also diverts a significant portion of his attention co-hosting the PaulDotCom Security Weekly podcast and likes to tinker with all things electronic and wireless, much to the disappointment of his family, friends, warranties, and his second Leatherman Multi-tool. Larry also co-authored Linksys WRT54G Ultimate Hacking and Using Wireshark and Ethereal from Syngress. Larry is an Extra Class Amateur Radio operator (KB1TNF) and enjoys developing hardware and real-world challenges for the Mid-Atlantic Collegiate Cyber Defense Challenge. He is also a SANS certified instructor.

Here is What Students Say About Larry Pesce:

"SEC617 was great and I am still impressed with the consistency from Day 1-6 of Pesce keeping a high level of energy and knowledge throughout." - Philip Mein, JCCC

Chris Pizor

Chris Pizor

Chris Pizor is a civilian employee working for the U.S. Air Force as the lead curriculum designer for cyber warfare operations training. Chris served on active duty in the USAF as a Network Intelligence Analyst before retiring in 2010. He was part of the initial cadre of the NSA Threat Operations Center and helped develop tactics to discover and eradicate intrusions into U.S. government systems.  Chris has worked in the intelligence community for more than 20 years, including 12 years focused on cybersecurity. Over the course of his active duty career, Chris received multiple individual and team awards.

Chris is passionate about security and helping others advance their security knowledge, and he is continuously researching and refining his own skills so he can prepare U.S. airmen and women and other professionals defend their vital networks and critical infrastructure. 

Chris earned a bachelor's degree in intelligence studies and information operations from the American Military University and a master's of science in cybersecurity from University of Maryland University College.  He holds the GSEC, GCIA, GCIH, GPEN, GXPN, GCFA, GISP, and CISSP certifications.  

Chris is also a recipient of the "General John P. Jumper Award for Excellence in Warfighting Integration" for Air Force Space Command. The General Jumper award recognizes individuals for sustained superior performance and outstanding contributions to the integration of Air Force or DoD warfighting and/or operations support capabilities that shorten the kill chain and/or enhance the decision cycle.

When Chris isn't working, he enjoys spending time with his wife and two young children, woodworking, and spending time outdoors.

Here is What Students Say About Chris Pizor:

"Chris is a good presenter who kept me engaged, I really enjoyed his cool real-world stories" - Dan Cao, Target

Mike Poor

Mike Poor

Mike is a founder and senior security analyst for the DC firm InGuardians, Inc. In the past he has worked for Sourcefire as a research engineer and for SANS leading their intrusion analysis team. As a consultant, Mike conducts incident response, breach analysis, penetration tests, vulnerability assessments, security audits, and architecture reviews. His primary job focus, however, is in intrusion detection, response, and mitigation. Mike currently holds the GCIA certification and is an expert in network engineering and systems and network and Web administration. Mike is an author of the international best selling Snort series of books from Syngress, a member of the Honeynet Project, and a handler for the SANS Internet Storm Center.

Here is What Students Say About Mike Poor:

"Mike respects what we are here for and doesn't rush us out. He takes the time to explain problem areas." - Aaron Didier, Motorola Solutions

Justin Searle

Justin Searle

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. Mr. Searle is currently a Senior instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework (SamuraiWTF), the Samurai Security Testing Framework for Utilities (SamuraiSTFU), Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

Here is What Students Say About Justin Searle:

"Justin was great. He's an excellent speaker and kept me interested throughout. Very knowledgeable on content!" - Matt Laba, Gibson Energy

"Justin is awesome. Probably one of the best security instructors in the world!" - Ernie Hayden, Securicon

Dave Shackleford

Dave Shackleford

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security:

Protecting Virtualized Environments, as well as the coauthor of Hands-On Information Security from Course Technology. Recently Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance. Dave earned his MBA from Georgia State University.

Here is What Students Say About Dave Shackleford:

"Dave knows his stuff and explains the material in an easy-to-understand way." - Jonathan O'Neal, Monster.com

James Shewmaker

James Shewmaker

James Shewmaker is the founder and principal consultant at Bluenotch Corporation, Long Beach, California, which provides customized security services focusing on investigations, penetration testing, and analysis. 

James authored and maintains the post-exploitation content in the SANS Security 660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking course. Before becoming a SANS Certified Instructor in 2009, his creative technical work led him on many adventures, including "The Great Translator Invasion of 2003".

James led the development and operations for NetWars as a US Cyber Challenge game in June 2009. He is currently developing an independent cyber challenge, Bunker011, and is involved in the US Cyber Challenge as an instructor at Cyber Camps. James regularly teaches a Tactical Offense and Defense day at these events.

Raul Siles

Raul Siles

Raul Siles is founder and senior security analyst at DinoSec. For over a decade, he has applied his expertise performing advanced technical security services and innovating offensive and defensive solutions for large enterprises and organisations in various industries worldwide. He has been involved in security architecture design and reviews, penetration tests, incident handling, intrusion and forensic analysis, security assessments and vulnerability disclosure, web applications, mobile and wireless environments, and security research in new technologies. Throughout his career, starting with a strong technical background in networks, systems and applications in mission critical environments, he has worked as an information security expert, engineer, researcher and penetration tester at Hewlett Packard, as an independent consultant, and on his own companies, Taddong and DinoSec.

Raul is a certified instructor for the SANS Institute, regularly teaching penetration testing courses. He is an active speaker at international security conferences and events, such as RootedCON, Black Hat, OWASP, BruCON, etc. Mr. Siles is author of security training courses, blogs, books, articles, and tools, and actively contributes to community and open-source projects. He loves security challenges, and has been a member of international organisations, such as the Honeynet Project or the SANS Internet Storm Center. Raul is one of the few individuals worldwide who have earned the GIAC Security Expert (GSE) designation, as well as many other certifications. Raul holds a master's degree in computer science from UPM (Spain) and a postgraduate in security and e-commerce.

More information at http://www.raulsiles.com (@raulsiles) and http://www.dinosec.com (@dinosec).

Here is What Students Say About Raul Siles:

"Raul is a top bloke, absolute genius, would recommend the course based on his teaching skills alone!!"- Nic Trujillo, VM

Stephen Sims

Stephen Sims

Stephen Sims is an industry expert with over 15 years of experience in information technology and security. Stephen currently works out of San Francisco as a consultant performing reverse engineering, exploit development, threat modeling, and penetration testing. Stephen has a MS in information assurance from Norwich University and is a course author and a Faculty Fellow for the SANS Institute. He is the author of SANS' only 700-level course, SEC760: Advanced Exploit Development for Penetration Testers, which concentrates on complex heap overflows, patch diffing, and client-side exploits. Stephen is also the lead author on SEC660: Advanced Penetration Testing, Exploits, and Ethical Hacking. He holds the GIAC Security Expert (GSE) certification as well as the CISSP, CISA, Immunity NOP, and many other certifications. In his spare time Stephen enjoys snowboarding and writing music.

Here is What Students Say About Stephen Sims:

"Looking at everything I have learned from Stephen, I definitely feel I have gained an edge when it comes to the augmentation of my pentest skills. He made the impossible understandable and I am grateful for that." - Alexander Cobblah, Booz Allen Hamilton

Ed Skoudis

Ed Skoudis

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.  

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology.  He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies. Ed earned an M.S. in Information Networking from Carnegie Mellon University, and his B.S. in Electrical Engineering from the University of Michigan, summa cum laude.

Here is What Students Say About Ed Skoudis:


"Getting the war stories from Ed as part of the material helps me understand how things really happen." - Kevin Eveker, IDA

"Ed is a fantastic and charismatic instructor who helps get the key points across to students." - Thomas Rogers, Chevron

"Ed is one of the best instructors I have ever had. It's no secret why he is such a world class pen-tester!" - Patrick McCoy, KEYW

"Ed pulls all of the available knowledge into a very understandable easy to digest format." - Bill Hinds, PMI

John Strand

John Strand

John Strand is the owner of Black Hills Information Security, a firm specializing in penetration testing, Active Defense and Hunt Teaming services.  He is the also the CTO of Active Countermeasures, a firm dedicated to tracking advanced attackers inside and outside your network.

John is an experienced speaker, having done presentations to the FBI, NASA, the NSA and at various industry conferences.  He is a senior instructor with the SANS Institute teaching:

  • SEC504 - Hacker Techniques, Exploits, and Incident Handling
  • SEC560 - Network Penetration Testing and Ethical Hacking
  • SEC580 - Metasploit Kung Fu for Enterprise Pen Testing
  • SEC550 - Offensive Countermeasures, Active Defense and Cyber Deception

And the lead course author of:

SANS 504: Hacker Techniques, Exploits, and Incident Handling

He also co-hosts Security Weekly, the world's largest information security podcast; co-authored Offensive Countermeasures: The Art of Active Defense; and writes loud rock music and makes various futile attempts at fly-fishing.

Here is What Students Say About John Strand:

"Very informative! Mr. John Strand's experience shared through narrative brings course material to life." - Christopher Wilson, USAF

Below are some videos of John presenting:

Burn it all, the new security fundamentals

Sacred Cash Cow Tipping: Bypassing Firewalls and DLP

Pentest Trends report 2015

How not to suck at penetration testing

Peter Szczepankiewicz

Peter Szczepankiewicz

Formerly working with the military, Peter responded to network attacks, and worked with both defensive and offensive red teams. Currently, Peter is a Senior Security Engineer with IBM as well as a certified instructor for the SANS Institute. People lead technology, not the other way around. He works daily to bring actionable intelligence out of disparate security devices for customers, making systems interoperable. Peter expounds, "Putting together networks only to tear them apart, is just plain fun, and allows students to take the information learned from books and this hands-on experience back to their particular work place."

Here is What Students Say About Peter Szczepankiewicz:

"Peter is a great instructor. He is not only knowledgeable in the field, but captured everyone's attention for the full class time. Great instructor!" - Michael B., US Government

Jonathan Thyer

Jonathan Thyer

Jonathan (Joff) is a Senior Security Consultant, Researcher, and Penetration tester with Black Hills Information Security.   Joff has over 20 years of experience in the IT industry as an enterprise network architect, network security defender, information security consultant, software developer and penetration tester.  Joff has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis, and exploit research with related software development skills in multiple programming languages.

Joff is a certified SANS instructor for SEC573: Automating Information Security with Python, has mentored SANS SEC503, and also taught mastering packet analysis for SANS.    Joff is also a co-host on the Security Weekly podcast, which features latest information security news, research, interviews, and technical information.

Joff holds a B.Sc. in Mathematics, an M.Sc. in Computer Science, and GIAC penetration testing certifications GPEN, GWAPT, and GXPN.

Alissa Torres

Alissa Torres

Alissa Torres is an explorer at heart. Uncovering the full story of an attacker's exploits requires digging into known and unknown forensic artifacts, and this excavation is exactly what intrigues her. With more than 15 years of experience in computer and network security spanning government, academic, and corporate environments, Alissa has the deep experience and technical savvy to take on even the most difficult computer forensics challenges that come her way. Her current role as an Incident Response Manager at Cargill provides daily challenges "in the trenches" and demands constant technical growth. Alissa is also founder of her own firm, Sibertor Forensics, and has taught internationally in more than 10 countries.

Memory forensics is a bleeding-edge field of Digital Forensics & Incident Response (DFIR), and Alissa is the lead author as well as an instructor of FOR526: Memory Forensics In-Depth and co-author of the SANS Memory Forensics Poster. She also teaches  FOR500: Windows Forensic Analysis; FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting; and SEC504: Hacker Tools, Techniques, Exploits and Incident Handling.

Alissa was introduced to digital forensics during her four years of service in the U.S. Marine Corps. She moved on to various technical roles at KEYW Corporation, Northrop Grumman Information Systems, and as part of Mandiant's computer incident response team (MCIRT). Alissa has worked as an instructor at the U.S. Cyber Challenge Camps and at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She is passionate about sharing knowledge, presenting annually at regional and national industry conferences and encouraging women's participation in science, technology, engineering, and math through regional outreach programs.

As both an investigator and instructor, Alissa has a constant and infectious desire to always learn more and question everything, an ethos embodied in the SANS DFIR classes. "Our curriculum ensures students gain an understanding of why an artifact matters and how the tools interpret the data." Alissa explains. An inquisitive nature can be the determining factor in investigative success, as Alissa learned when she identified a critical error in one of her team's web proxy timeline procedures. This discovery allowed for the correction of contractual fraud investigations involving the U.S.  government.  Sharing personal success stories like this one gives students real-world applications for the material they are learning and inspires them to evaluate and optimize their own investigative processes, whether in incident response, digital forensic investigations, or internal offensive reconnaissance.

As attackers learn how forensic investigators work, they become increasingly more sophisticated at leaving fewer traces behind. "We are in an arms race where the key difference is training," says Alissa. Toward that end, she encourages her students to ask more questions, grow the common body of knowledge, and make a difference in the digital forensics community. Her teaching style is best described as a type of "exposure therapy" that introduces concepts but then pushes students to get behind the keyboard and apply these concepts themselves.

Alissa's true passion is memory forensics, a rapidly evolving area of expertise for both attackers and defenders. As malware strives for a minimal footprint on the host, the battlefield exists in system memory. Alissa's students take the skills taught in FOR526 and move their investigations forward, in some cases even uncovering new details in their cases before the week-long class ends.

Alissa has a B.S from the University of Virginia and a M.S. in information technology from the University of Maryland. She is a GIAC Certified Forensic Analyst (GCFA), and holds the GCFE, GCIH, GSEC, CISSP, and EnCE certifications. Alissa has served as a member of the GIAC Advisory Board since 2013 and was recognized by SC Magazine as one of its "2016 Women to Watch." Needless to say, she stays pretty busy. When not enmeshed in metadata and memory structures, Alissa catches every soccer game she can, cheering at her kids' games and scheming to attend matches of her favorite team, Everton. In what time she has left from constant cybersecurity vigilance, Alissa enjoys hiking in the Puerto Rican rain forest and scaling rocks at Big Sur.

Qualifications Summary

Certifications:

  • GIAC Security Essentials Certification (GSEC), June 2015
  • GIAC Certified Incident Handler (GCIH), June 2014
  • GIAC Reverse Engineering Malware (GREM), July 2013
  • GIAC Certified Forensic Examiner (GCFE), January 2013
  • Certified Forensic Computer Examiner (CFCE), December 2012
  • GIAC Certified Penetration Tester (GPEN), July 2012
  • GIAC Certified Forensic Analyst (GCFA), November 2011
  • Certified Information Systems Security Professional (CISSP), December 2010
  • EnCase Certified Examiner (EnCE), July 2010 - July 2019

Here is What Students Say About Alissa Torres:

"I love the energy of Alissa Torres' presentation style." - Scott S., US Govt.

"Alissa kept it interesting by pulling from her past experience and demonstrated great passion for the subject." - Matt Leach

"Alissa's teaching skills are remarkable - she is great." - Serge Tumba, GE Capital

"Fantastic- Energetic- Knowledgeable" - Dennis Mooney, Vanguard

"I highly recommend Alissa and SANS computer forensics courses. In April 2015 I attended the SANS Forensics 508: Advanced Digital Forensics and Incident Response (FOR508) course. I had high expectations for the course based on my team lead's recommendation. Alissa and the course exceeded my expectations. Alissa is an outstanding instructor, and SANS FOR508 was the best information security course I have attended. She mixed energy, knowledge, and experience to keep the content productive, relevant, and interesting. I look forward to attending more SANS courses instructed by Alissa." - Chad Rager,  Computer Forensic Engineer at ManTech

"This course is known throughout the industry as THE advanced IR and Threat Hunting course. This combined with Alissa's awesome teaching style makes it worth every penny! Alissa's subject matter expertise, enthusiasm, and insights are second to none! Her personalized attention to simulcast viewers was particularly nice because it felt like we were part of the class."  - Will Harmon, Trustwave

"Instructors like Alissa are why people keep coming back to SANS. Awesomeness and non-stop energy. She is one of my favorite instructors I've had from SANS, right up there with the likes of Ed Skoudis, John Strand, and Eric Cole. A brilliant presenter who keeps it fun, informative, and turns what other people could make sleep inducing, into non-stop engaging." - Eric Donaldson, Discover Financial Services

Matthew Toussain

Matthew Toussain

Matthew Toussain is the founder of Open Security and a penetration tester with Black Hills Information Security. As an avid information security researcher, Matthew regularly hunts for vulnerabilities in computer systems and releases tools to demonstrate the effectiveness of attacks and countermeasures. He has been a guest speaker at many conference venues, including DEFCON, the largest security conference in the world. Matthew is an author of SEC460: Enterprise Threat and Vulnerability Assessment.


After graduating from the U.S. Air Force Academy, where he architected and instructed the summer cyber course that now trains over 400 cadets per year, Matthew served as the Senior Cyber Tactics Development Lead for the U.S. Air Force. He directed the teams responsible for developing innovative tactics, techniques, and procedures for offensive operations as well as for cyber protection teams (CPT). Later, as a member of the 688th Cyber Warfare Wing he managed the Air Force's transition of all 18 CPTs to fully operational capability. He earned his master's degree in information security engineering as one of the first graduates of the SANS Technology Institute and supports many national and international cyber competitions including the CCDC, Netwars, and the National Security Agency's Cyber Defense Exercise as a red team member and instructor.

"Matthew is a solid instructor and very engaging."- Charles Warnky, Exeter Finance

"I enjoyed the sessions, partially due to Matthew's enthusiasm." - Andrew Quant

"Good instruction, explanation, and 'real-world scenarios'. " - Robert Islas, Intel

Arrigo Triulzi

Arrigo Triulzi

Arrigo Triulzi, trained in Pure Mathematics, holds an MSc in Mathematical Computation from Queen Mary, University of London, and is working towards a PhD in Algebraic Computation. He is co-founder and Chief Security Officer of K2 Defender Limited, a bespoke high-end IDS solutions provider. Arrigo is also a free-lance consultant in IT Security with particular expertise in secure network design, network security analysis, and incident handling. He is also the administrator of the IDS Europe mailing list. Having worked with both popular and less common flavours of Unix he is comfortable working in any heterogeneous networking environment and his knowledge also includes esoteric operating systems such as Guardian/NSK. Arrigo is co-inventor in an EU patent for a high-performance distributed IDS design, and has written on a variety of security topics. Recent work includes web research into IDS deployment on IPv6, firewall verification using IDS, and distributed concept virii. Arrigo is also a certified instructor for the SANS Institute.

Dr. Johannes Ullrich

Dr. Johannes Ullrich

Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. In 2000, he founded DShield.org, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format. Listen to Johannes discuss "HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication" in this SANS webcast.

Here is What Students Say About Dr. Johannes Ullrich:

"Dr. Ullrich is a dynamic speaker, very engaging & has good "nerd humor". Keep up good work!" - Shelly Lewis, PwC

Erik Van Buggenhout

Erik Van Buggenhout

Erik Van Buggenhout is the lead author of SEC599 - Defeating Advanced Adversaries. In addition to SEC599, Erik teaches SEC560 - Network Penetration Testing & Ethical Hacking and SEC542 - Web Application Penetration Testing & Ethical Hacking. He has been involved with SANS since 2009, first as a Mentor, working his way to Community Instructor in 2012 and finally becoming a Certified Instructor in 2016.

Erik loves explaining deeply technical concepts by using war stories, adding a few funny anecdotes here and there. As a testimony of his technical expertise, he has obtained the GSE, GCIA, GNFA, GPEN, GWAPT, GCIH, and GSEC certifications.

In addition to his work with SANS, Erik is the co-founder of Belgian cyber security firm NVISO, which focuses on high-end cyber security services, specializing in government, defense and the financial sector. Together with his team of 20+ technical experts, Erik delivers a wide array of technical security services, including penetration testing, security monitoring & incident response.

Prior to NVISO, Erik spent five years at Big 4 firm, starting as a junior penetration tester and evolving into a subject matter expert for the EMEA region.

A self-confessed speed walker, if you see Erik rushing around at a conference: feel free to stop him and say "Hi!"

Here is What Students Say About Eric Van Buggenhout:

"Erik is a great instructor. The course as a whole has been amazing, the way Erik prepared and taught it." - Wouter Doerflein, Ordina

Donald Williams

Donald Williams

Donald retired from active duty in 2014 after over 20 years of service in the U.S. Army.  He has extensive experience in incident handling, intrusion analysis, and network auditing.  During his career in the Army, he served as the Defensive Cyber Operations Chief for the Army's Regional Computer Emergency Response Team in South West Asia (RCERT-SWA), directly overseeing the intrusion analysis and incident response teams for one of the Army's largest networks spanning over 10 countries.  Donald holds several GIAC certifications, including the GIAC Security Expert (GSE), GCIH, GCIA, and GSNA certifications, as well as numerous other industry certifications. 

Here is What Students Say About Donald Williams:

"Don has a great sense of humor, fantastic energy and clearly deep deep knowledge." - John Shea, Eaton Vance

Jake Williams

Jake Williams

When a complex cyber attack put a private equity investment of more than $700 million on hold, the stakes couldn't have been higher. But that's exactly the kind of challenge that motivates Jake Williams, a computer science and information security expert, U.S. Army veteran, certified SANS instructor and co-author of FOR526: Memory Forensics In-Depth and FOR578: Cyber Threat Intelligence. To help mitigate the attack, Jake plied his information security expertise, discovered that not one but three different attackers had compromised the firm's network, and went about countering their moves.

Jake relishes the idea of meeting adversaries on the cyber battlefield. "I went into this field because I wanted a challenge," he says. "Infosec is like a game of chess to me. The attacker plays their moves and you play yours."

Jake started his information security career doing classified work with the U.S. government and was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually. "I am immensely proud of the things I've accomplished," Jake says. "I'm positive the world is a safer place because of my work."

Today, Jake runs a successful Infosec consultancy. He's been involved in high-profile public sector cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. He's also tackled a variety of cases in the private sector. In one, Jake discovered attackers compromising a custom service the client had distributed to all its endpoints. Leveraging experience and insight with advanced persistent threats helped Jake "think like the attacker" and determine the attacker's likely hiding spots.

Jake's work has led to his invention of DropSmack, a proof-of-concept tool for highlighting the danger that cloud-based file sharing services pose to corporate networks, and the creation of ADD (Attention Deficit Disorder), a publicly-available memory anti-forensics toolkit.

Jake's work also led him to teaching. "I chose to be a SANS instructor because they are the very best in the business. Others talk about being the best, but SANS actually is the best," he says. "I love teaching people, but it goes beyond teaching for me. With many students, I'm making lasting professional relationships. Students come back again and again and have a lifelong learning relationship with SANS." 

Jake teaches a variety of classes (SEC503, SEC504, SEC660, SEC760, FOR508, FOR526, FOR578, FOR610) and prefers an active learning approach, using demos rather than slides to teach lessons. "It takes me back to my first exploits and I get the chance to relive that magical feeling all over again," he explains.

More importantly, Jake wants students to walk out of class being able to critically analyze a problem, discover a solution, and do something they couldn't do before. "I don't teach button-clicking steps, my goal is to ensure students understand how to take concepts from the class and apply them to their own cases and engagements."

Given his accomplishments, it should come as no surprise that Jake lives, sleeps, and breathes Infosec. When he's not teaching, he's consulting. He's a regular speaker at industry conferences including DC3, BSides (including BSides Las Vegas), DEFCON, Blackhat, Shmoocon, EnFuse, ISSA Summits, ISACA Summits, SANS Summits, and Distributech.  He has also presented security topics to a number of Fortune 100 executives.

Jake is also a two-time victor at the annual DC3 Digital Forensics Challenge. He drew on his passion for hands-on capture-the-flag events to design the critically acclaimed NetWars challenges for the SANS malware reversing and memory forensics courses.

Qualifications Summary:

GIAC Certifications:

  • GIAC Security Expert (GSE), March 2016
  • GIAC Security Essentials Certification (GSEC), June 2015
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), March 2015
  • GIAC Certified Forensic Analyst (GCFA), October 2013
  • GIAC Penetration Tester (GPEN), January 2013
  • GIAC Certified Incident Handler (GCIH), January 2013
  • GIAC Certified Intrusion Analyst (GCIA), December 2012
  • GIAC Certified Windows Security Administrator (GCWN), November 2012
  • GIAC Reverse Engineering Malware (GREM), October 2012
  • GIAC Certified Forensic Examiner (GCFE), September 2012
  • GIAC Systems and Network Auditor (GSNA), February 2012

Get to Know Jake Williams:

Jake teaches the following courses for SANS:

Here's What Students Are Saying about Instructor Jake Williams:

"Jake's teaching style and practical experience totally make the course." - Andrew Nelson, Chevron

"Jake is awesome! The experience is massive!" - Late Adodo Placca, iProcess International

"Provides great balance between structured analytical approaches and technical analysis." -  Ladell Marshall, Goldman Sachs

"Jake goes off-book in a good way, sharing useful tools & information in addition to the already-included useful tools & info." - Robin Stuart, Salesforce

Joshua Wright

Joshua Wright

Joshua Wright is a senior technical analyst with Counter Hack, a company devoted to the development of information security challenges for education, evaluation, and competition. Through his experiences as a penetration tester, Josh has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations. As an open-source software advocate, Josh has conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms. As the technical lead of the innovative CyberCity, Josh also oversees and manages the development of critical training and educational missions cyber warriors in the US military, government agencies, and critical infrastructure providers.

Here is What Students Say About Joshua Wright:

"Joshua's teaching style is phenomenal. He's very engaging, and does a great job of promoting discussions without getting too far off on a tangent." - Jeremy Erickson, Sandia National Labs