The SANS Technology Institute

Stephen Northcutt - Ex Officio: Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.

Alan Paller - Chair:

Alan Paller is the director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet’s early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

His degrees are from Cornell University and the Massachusetts Institute of Technology.

Ronald A. Phipps - Higher Education Community Representative: Ron Phipps is a Senior Associate at the Institute for Higher Education Policy where he manages projects related to financing of higher education, statewide governance and administration, distance learning and technology, and other topics in the field of higher education policy. Dr. Phipps is the author of the definitive study of distance learning in higher education, Quality on the Line, which addressed benchmarks for success in Internet-based distance education. Dr. Phipps has managed several large-scale analysis projects in support of state higher education agencies and educational institutions in Russia and other countries. Dr. Phipps has almost four decades of higher education experience as a higher education administrator, researcher, and analyst. He previously served as Executive Director of the Alaska Commission on Postsecondary Education and as Assistant Secretary of the Maryland Higher Education Commission, where he conducted and supervised policy analysis, planning, and research.

Dave Shackleford - Security Industry Representative: Dave Shackleford has been involved in information technology, particularly the areas of networking and security, for over ten years. Dave is currently Vice President at the Center for Internet Security and previously the CTO of a security consulting firm in Atlanta, GA. Dave has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition to these roles, Dave has consulted with hundreds of organizations for regulatory compliance, as well as security and network architecture and engineering. His areas of specialty include incident handling and response, intrusion detection and traffic analysis, and vulnerability assessment and penetration testing. Dave is also a courseware and exam author for the SANS Institute, where he also serves as a GIAC Technical Director. He is the co-author of Hands-On Information Security from Course Technology, as well as the Managing Incident Response chapter in the Course Technology book Readings and Cases in the Management of Information Security.

Ed Skoudis - SANS Teaching Faculty Representative: Ed Skoudis is a founder and Senior Security Consultant with Intelguardians, a Washington DC based information security consulting firm. Ed teaches SANS Hacker Techniques, Exploits and Incident Handling course on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed security assessments and designed information security governance and operations teams for Fortune 500 companies, and has provided rapid response to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the Prentice Hall best selling book, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. His latest book is titled Malware: Fighting Malicious Code. Ed was also awarded a 2004 Microsoft MVP award for Windows Server Security, and is a member of the Honeynet Project. Ed's Master of Science degrees was earned at Carnegie Mellon University.

Lenny Zeltser - GIAC Certification Representative: Lenny Zeltser leads the New York security consulting team at SAVVIS, a premier provider of IT infrastructure services. He is also a member of the Board of Directors at SANS Technology Institute, a senior faculty member at SANS, and an incident handler at the Internet Storm Center. Lenny co-authored a number of books, including Inside Network Perimeter Security and Malware: Fighting Malicious Code. He also contributed articles to publications such as the Information Security magazine, and presented to IT executives at conferences and private summits. In addition to holding the CISSP certification, Lenny is one of the few individuals in the world who have earned the highly-regarded GIAC Security Expert (GSE) designation. He has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. More information about Lenny's projects and interests is available at http://www.zeltser.com.

Richard Hammer - Alumni Representative: Richard is a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, GSPA certifications, CISSP and Security+ certifications, CEH certification; and he is a former Chair/Vice Chair of the GCFW advisory board. Richard is the first graduate of the SANS Technology Institute (MSISE), and serves as a Course Advisor for students at SANS Technology Institute.

Thomas A. Johnson - Higher Education Community Representative: Dr. Johnson serves as Dean of the College of Criminal Justice and Forensic Sciences. He received his undergraduate education at Michigan State University and his graduate education at the University of California - Berkeley and is the author of four textbooks and numerous publications. Dean Johnson founded the Center for Cybercrime and Forensic Computer Investigation, and serves as Director of the Forensic Computer Investigation Graduate program and the on-line program in Information Protection and Security at the University of New Haven. Dean Johnson developed the Graduate National Security program with campus offerings in Connecticut, Virginia and two of our National Nuclear Security Administration Laboratories in California and New Mexico.

Rick Wanner - Master's Candidate Director in Training: Rick Wanner is a security manager in Corporate Security at SaskTel responsible for all aspects of policy compliance including policy development, security consulting, risk assessment, compliance assessment and penetration testing. Rick has over 20 years experience in IT, and since 1996 has specialized in Information Security, working in many facets of security, including firewall analyst, security architect, security integration specialist, security consultant and penetration tester. Rick is active with SANS and GIAC and has participated in numerous activities including the Top 20 vulnerabilities project, SSH Step by Step guide, GSEC courseware revisions, courseware development, GIAC Gold advisor, SANS Advisory Board, and was integral in the creation of the GIAC Ethics Council. Rick holds GIAC GCFW, GCIH, GSNA, GCIA, GHTQ, and GREM and is currently completing his MSISE with SANS Technology Institute. Rick is a member of the Canadian Information Processing Society (CIPS), a certified Information Systems Professional (ISP), and member of the CIPS Saskatchewan Professional Conduct Committee. Rick is involved in running a community soccer league, coaching his children, and teaching security in his community.