The SANS Technology Institute

Faculty

Version 2.2

FACULTY - SANS Technology Institute

Name: Dr. Johannes Ullrich
Title/Role: STI Dean of Faculty, SANS Certified Instructor, STI Committee Member, STI & SANS Chief Research Officer, Manager of GIAC Gold Program, Manager of the Internet Storm Center
Most Advanced Degree: Ph.D. Physics, SUNY Albany
Field of Experience: Information Security Research Expert. See details below.
Discipline: Security

Dr. Johannes Ullrich is Dean of Faculty, Chief Research Officer and a faculty member. Johannes also serves on the following SANS Technology Institute committees: Faculty and Administration, Curriculum and Long Range Planning. As chief research officer, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a Web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. He also enjoys blogging about application security tips.

Name: Dr. Eric Cole
Title/Role: STI Department Chair, SANS Faculty Fellow, Course Lead, Course Author, STI Faculty Advisor Chair, STI Committee Member
Most Advanced Degree: Ph.D., Computer Science, Pace University
Field of Experience: Information Security Expert. See details below.
Discipline: Security and Management

Dr. Eric Cole is the Department Chair of SANS Technology Institute, faculty member, general faculty advisor, and he teaches, maintains and develops courseware. Eric serves on the following SANS Technology committees: Faculty and Administration, Curriculum, and Academic and Student Affairs. He is an industry recognized security expert, with over 15 years of hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is also the CTO of the Americas for McAfee. He is a SANS Faculty Fellow and course author.

Name: President Stephen Northcutt
Title/Role: STI President, Ex-Officio Director on the Board of SANS Technology Institute, SANS Faculty Fellow, Course Author, Course Lead, STI Committee Member, STI Faculty Advisor
Most Advanced Degree: Bachelor of Science, Mary Washington College
Discipline: Security and Management

Stephen Northcutt founded the GIAC certification and serves as president of the SANS Technology Institute, a postgraduate level IT security college. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.

Since 2007 Stephen has conducted over 34 in depth interviews with leaders in the security industry, from CEOs of security product companies to the most well known practitioners in order to research the competencies required to be a successful leader in the security field. He maintains the SANS Leadership Laboratory where research on these competencies is posted. He is the lead author for Execubytes, a monthly newsletter that covers both technical and pragmatic information for security managers. He leads the Management 512 Alumni forum, where hundreds of security managers post questions. He is the lead author/instructor for Management 512: SANS Security Leadership Essentials, a prep course for the GSLC certification that meets all levels of requirements for DoD Security Managers per DoD 8570 and he also is the lead author/instructor for Management 421: Management and Leadership Competencies. Stephen also blogs at the SANS Security Leadership blog.

Name: Ed Skoudis
Title/Role: Director on the Board of SANS Technology Institute, SANS Faculty Fellow, Course Lead, STI Faculty Advisor
Most Advanced Degree: M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
Field of Experience: Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
Discipline: Security

Ed Skoudis is a founder and senior security consultant with InGuardians. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed serves on the Board of Directors of SANS Technology Institute. He also serves on the following SANS Technology Institute committees: Faculty Administration and Curriculum.

Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published numerous articles on these topics as well as the Prentice Hall best sellers Counter Hack Reloaded and Malware: Fighting Malicious Code. Ed was also awarded 2004-2009 Microsoft MVP awards for Windows Server Security and is an alumnus of the Honeynet Project. Previous to InGuardians, Ed served as a security consultant with International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips.

Name: Lenny Zeltser
Title/Role: Director on the Board of SANS Technology Institute, SANS Senior Instructor, Course Lead, STI Committee Member
Most Advanced Degree: M.B.A. from M.I.T.
Field of Experience: Security. See details below.
Discipline: Security, Management, Forensics

Lenny Zeltser leads the security consulting practice at Savvis, where he focuses on designing and operating security programs for cloud-based IT infrastructure. Lenny's other area of specialization is malicious software; he teaches how to analyze and combat malware at the SANS Institute. He is also a member of the board of directors for the SANS Technology Institute and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.

Lenny is one of the few individuals in the world who has earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a computer science degree from the University of Pennsylvania. For more information about his projects, see http://zeltser.com and http://twitter.com/lennyzeltser

Name: Dave Shackleford
Title/Role: Director on the Board of SANS Technology Institute, SANS Certified Instructor
Most Advanced Degree: Masters in Business Administration, Georgia State University
Field of Experience: Security. See details below.
Discipline: Security, Audit, Management

Dave Shackleford is EMC's chief security strategist, as well as the head of the Center for Policy and Compliance, a group focused on developing controls for industry and regulatory compliance initiatives. He is also an instructor and course author for the SANS Institute, where he serves as a GIAC technical director. Previously, Dave worked as chief technical officer for both the Center for Internet Security and a security consulting firm in Atlanta where he became one of the first Visa-certified Qualified Security Assessors while managing the firm's PCI compliance practice. He has managed information security for a major airline and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition, he has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture, and engineering. Dave is the co-author of Hands-On Information Security from Course Technology as well as the "Managing Incident Response" chapter in the Course Technology book Readings and Cases in the Management of Information Security. Recently, Dave co-authored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the Technology Association of Georgia's Information Security Society and the SANS Technology Institute.

Name: Alan Paller
Title/Role: Chair and Director on Board of SANS Technology Institute, Advisor on Presentations, STI Committee Member
Most Advanced Degree: Masters, Engineering, Massachusetts Institute of Technology; and B.S., Engineering, Cornell University.
Field of Experience: Public Policy and Marketing Security in Large Organizations. See details below.
Discipline: Security

Alan Paller is the director of research for the SANS Institute, responsible for projects ranging from the SANS Internet Storm Center (the Internet's early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. Alan advises STI Master's candidates in preparing and giving presentations. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

Name: Rob Lee
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: M.B.A. Georgetown University, Washington D.C.; B.S. Space Operations Engineering, U.S. Air Force Academy
Field of Experience: Forensics. See details below.
Discipline: Forensics

Rob Lee is a member of ManTech's Computer Forensics & Intrusion Analysis Division that provides advanced computer forensics and intrusion operations support to the national security and intelligence communities. He works for commercial and government clients, providing incident response, forensics, intrusion detection, vulnerability analysis, and specialized R&D. Rob is a graduate of the U.S. Air Force Academy. He served in the U.S. Air Force performing intrusion detection while at the 609th Information Warfare Squadron. As a member of the Air Force Office of Special Investigations he performed network wiretaps, computer forensics, and conducted computer crime intrusion investigations. Rob regularly assists the Honeynet Project and coauthored the bestselling book, Know Your Enemy, 2nd Edition.

Name: Jeff Frisk
Title/Role: SANS Certified Instructor, Course Lead, Course Author, STI Committee Member, Director of GIAC Certification Program
Most Advanced Degree: BS, Engineering, Rochester Institute of Technology
Field of Experience: Engineering, Project Management.
Discipline: Management

Jeff Frisk currently serves as the director of the GIAC certification program and is a member of the STI Curriculum Committee. Jeff holds the PMP certification from the Project Management Institute and GIAC GSEC credentials. He also is a certified SANS instructor and course author for MGT 525. He has worked on many projects for SANS and GIAC including courseware, certification and exam development. Jeff has an engineering degree from The Rochester Institute of Technology and more than 15 years of IT project management experience with computer systems, high tech consumer products, and business development initiatives. Jeff has held various positions including managing operations, product development, electronic systems/computer engineering. He has many years of international and high-tech business experience working with both big and small companies to develop computer hardware/software products and services.

Name: David Hoelzer
Title/Role: SANS Faculty Fellow, Course Lead, Course Author, STI Faculty Advisor, STI Committee Member
Most Advanced Degree: B.S. in Information Technology, Summa Cum Laude.
Field of Experience: Intrusion Detection and Auditing. See details below.
Discipline: Security, Management, Audit

David Hoelzer is a high scoring certified SANS instructor and author of more than twenty sections of SANS courseware. He is an expert in a variety of Information Security fields having served in most major roles in the IT and Security industries over the past twenty five years. Recently, David was called upon to serve as an expert witness for the Federal Trade Commission for ground-breaking GLBA Privacy Rule litigation. David has been highly involved in governance at SANS Technology Institute, serving as a member of the Curriculum Committee. As a SANS instructor, David has trained security professionals from organizations including NSA, DHHS, Fortune 500 security engineers and managers, various Department of Defense sites, national laboratories and many colleges and universities. David is a Research Fellow in the Center for Cybermedia Research; and also a Research Fellow for the Identity Theft and Financial Fraud Research Operations Center (ITFF/ROC). He also is an adjunct research associate of the UNLV Cybermedia Research Lab and a Research Fellow with the Internet Forensics Lab. David has written and contributed to more than 15 peer reviewed books, publications and journal articles. Currently, David serves as the Principal Examiner & Director of Research for Enclave Forensics; a New York/Las Vegas based incident response and forensics company. He also serves as the Chief Information Security Officer for Cyber-Defense, an Open Source security software solution provider. In the past, David served as the Director of the GIAC Certification program, bringing the GIAC Security Expert certification to life. David holds a BS in IT, Summa Cum Laude, having spent time either attending or consulting for Stony Brook University, Binghamton University & American Intercontinental University.

Name: Richard Hammer
Title/Role: Director on the Board of SANS Technology Institute, STI Course Advisor
Most Advanced Degree: Master of Science in Information Security Engineering, SANS Technology Institute
Field of Experience: See details below.

Richard is a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, GSPA certifications, CISSP and Security+ certifications, CEH certification. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE). Richard serves on the Board of Directors of SANS Technology Institute.

Other Faculty - SANS Technology Institute

Name: Tanya Baccam
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: B.S. Dordt College, Management Information Systems, Business Administration, and Accounting.
Field of Experience: Security Services. See details below.
Courses: Security, Audit

Tanya is a SANS senior certified instructor, as well as a SANS courseware author. With more than 10 years of information security experience, Tanya has consulted with a variety of clients about their security architecture including areas such as perimeter security, network infrastructure design, system audits, web server security and database security. Currently, Tanya provides a variety of security consulting services for clients such as system audits, vulnerability and risk assessments, database assessments, web application assessments and penetration testing. She has previously worked as the Director of Assurance Services for a security services consulting firm and served as the Manager of Infrastructure Security for a healthcare organization. She also served as a Manager at Deloitte & Touche in the Security Services practice. Tanya has played an integral role in developing multiple business applications and currently holds the CPA, GIAC GCFW, GIAC GCIH, CISSP, CISM, CISA, CCNA, and OCP DBA certifications. Tanya completed a Bachelor of Arts degree with majors in Accounting, Business Administration and Management Information Systems.

Name: George Bakos
Title/Role: SANS Certified Instructor
Most Advanced Degree: Credits in Computer Science, Science, and English Science
Field of Experience: Intrusion Detection. See details below.
Discipline: Security

George Bakos has been interested in computer security since the early 1980s when he discovered the joys of BBSs and corporate databases. These days he is a senior engineer for Northrop Grumman's Cyber Threat Analysis & Intelligence team working to understand what's going on inside the minds and hearts of his adversaries. He was the developer of Tiny Honeypot and the IDABench intrusion analysis system and was one of the researchers behind the Dartmouth Distributed Honeynet System. George developed and taught the U.S. Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams nationwide. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.

Name: Chris Brenton
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: Electrical Engineering Courses at North Eastern in Boston
Field of Experience: Security, Incident Handling. See details below.
Discipline: Security

Chris Brenton is a private consultant with over ten years of experience in the field. He is one of the founding members of the initial Honeynet Project and one of the original Internet Storm Center handlers, and he started up one of the first managed security ISP's. Over the years, he's been credited with the discovery of numerous vulnerabilities in various software products. Along with being a published author, Chris is responsible for maintaining all of the material in the SANS Perimeter Protection In-Depth course. In his spare time, Chris teaches rally and high speed off road security driving where he can be found teaching students to make their side window the front of the car.

Name: Guy Bruneau
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: B.A. in Information Technology, University of Quebec
Field of Experience: Security, Incident Handling, Packet Forensics, Vulnerability Assessment, Intrusion Detection and Prevention. See details below.
Discipline: Security

Guy is a Senior Security Consultant with IPSS Inc. in Ottawa, Ontario. He works within IPSS Inc. security practice assisting clients with their Security needs, implementation and engineering of Intrusion Detection/Prevention Systems (IDS/IPS) on large networks, integration of Enterprise Security Management (ESM) solutions, Network Packet Forensic analysis, Network Security Auditing, and Incident Response and Reporting. Guy has a B.A. (IT) from University of Quebec, holds GIAC GSEC, GCIA, GCIH, GCUX and GCFA certifications. He is a SANS a course author, SANS certified instructor and a SANS Incident Storm Center handler. He authored the OS hardened Snort with Sguil IDS platform and DNS Sinkhole platform where both ISO are freely available at: http://www.whitehats.ca.

Name: Eric Conrad
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S. Information Security Engineering, SANS Technology Institute
Field of Experience: Security. See details below.
Discipline: Security

Certified SANS instructor Eric Conrad is lead author of the book The CISSP Study Guide. Eric's career began in 1991 as a UNIX systems administrator for a small oceanographic communications company. He gained information security experience in a variety of industries, including research, education, power, Internet, and health care. He is now president of Backshore Communications, a company focusing on intrusion detection, incident handling, information warfare, and penetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security at www.ericconrad.com.

Name: Ted Demopoulos
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S., Mathematics, University of New Hampshire
Field of Experience: Security. See details below.
Discipline: Security; Management and Developer

Ted Demopoulos' first significant exposure to computers was in 1977 when he had unlimited access to his high school's PDP-11 and hacked at it incessantly. He consequently almost flunked out but learned he liked playing with computers a lot. His business pursuits began in college and have been continuous ever since. His background includes over 20 years of experience in information security and business, including 15+ years as an independent consultant. Ted helped start a successful information security company, was the CTO at a "textbook failure" of a software startup, and has advised several other businesses. Ted is a frequent speaker at conferences and other events, quoted often by the press, and blogs on new media at BloggingForBusinessBook.com. In his spare time he writes books on Web 2.0, including Blogging for Business and What No One Ever Tells You About Blogging and Podcasting. He also has an ongoing software concern in Hong Kong, The Arial Group, an enterprise risk management solutions provider. Ted lives in New Hampshire with his wife, three children and dog.

Name: Jason Fossen
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: Masters, Philosophy of Science, University of Texas at Austin
Field of Experience: Security with Microsoft/Windows Emphasis. See details below.
Discipline: Security

Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS Institute's week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He graduated from the University of Virginia, received his master's degree from the University of Texas at Austin, and holds a number of professional certifications. He currently lives in Dallas, Texas. Jason blogs about Windows Security Issues on the SANS Windows Security Blog.

Name: Bryce Galbraith
Title/Role: SANS Certified Instructor
Most Advanced Degree: Computer Science Courses
Field of Experience: Security
Discipline: Security

Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem. As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies as well as being a senior member of Foundstone's world-renowned attack and penetration team. Bryce also served as senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On series. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce currently teaches Security 504: Hacker Techniques, Exploits, and Incident Handling, Security 560: Network Penetration Testing and Ethical Hacking, Security 517: Cutting-Edge Hacking Techniques, Security 550: Information Reconnaissance: Competitive Intelligence and Online Privacy, Security 401: SANS Security Essentials Bootcamp Style, Security 553: Metasploit for Penetration Testers, Security 561: Network Penetration Testing: Maximizing the Effectiveness of Reports, Exploits, and Command Shells, and several other courses for the SANS Institute. Bryce is an active member of several security-related professional organizations, he speaks at a variety of conferences, and he holds a number of certifications: CISSP, GCIH, GSEC, CEH, CHFI, Security+, and CCNA. Bryce is currently the chief hacking officer at Layered Security, where he provides vulnerability assessment services to clients around the world. Bryce also blogs about security issues at http://blog.layeredsec.com.

Name: Jess Garcia
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.Sc. in Telecommunications Engineering, Univ. Politecnica de Madrid
Field of Experience: Security. See details below.
Discipline: Security and Forensics

Jess Garcia, founder of One eSecurity, is a senior security engineer with over 15 years of experience in information security. During the last five years Jess has worked on highly sensitive projects in Europe, the United States, Latin America, and the Middle East with top global customers in the financial, insurance, corporate, media, health, communications, legal, and government sectors. His work has included incident response, computer forensics, malware analysis, security architecture design and review, and more. Previously, Jess worked for 10 years as a systems, network, and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations.

Jess is a frequent speaker at security events, having been invited to dozens of them around the world during the last few years. Jess has also contributed to several books, articles, SANS courseware, the GIAC program, etc. Jess is an active security researcher in areas such as incident response and computer forensics and honeynets. Jess holds a Master's of Science in telecommunications engineering from the Univ. Politecnica de Madrid.

Name: Jonathan Ham
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: M.S.,CIS-Information Systems Security, University of Denver; B.A., Anthropology, University of Nebraska-Lincoln.
Field of Experience: Packet Analysis, Incident Response, Large-Scale Enterprise and Program Management
Discipline: Security

Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He's been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.

Name: Jim Herbeck
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.A., Major in Computer Science and Minor in Business Administration, University of Iowa
Field of Experience: Computer Science. See details below.
Discipline: Security, Management, Audit

Jim Herbeck, CISSP, is a managing partner and principal consultant at NOUVEL Strategies, an information risk and security management company based in Geneva, Switzerland.

Jim is a co-founder and advisory board member for the Business Information Security Competency Center at the Geneva School of Business Administration. The center is focused on performing information security research, training, and resources that is business-oriented.

Jim has spent over 20 years working with information systems in commercial, government, academic, and research environments, both in the US and Europe. He received a computer science degree from the University of Iowa and has been an adjunct professor for the Computer Science Department at the University of New Mexico.

Name: Mark Hofman
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Major in Computing, Minor in Management, Northern Territory University.
Field of Experience: Security. See details below.
Discipline: Security, Management, Audit

Mark Hofman is a director and founder of Shearwater Solutions and has over 15 years' experience in ICT Security. He has worked for both private industry and government and has provided a wide range of information security consulting services to numerous organizations, including the financial sector, private sector, and government organizations. Mark has had a number of publications, has trained and lectured internationally, and is a handler for the Internet Storm Center. Mark holds professional certifications, including CISSP, GIAC GCFW, CompTIA Security+ and BSI lead auditor accreditations.

Name: Kevin Johnson
Title/Role: SANS Certified Instructor
Most Advanced Degree: See qualifications below
Field of Experience: Security. See details below [in bio paragraph]
Discipline: Security, Developer, Forensics

Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Name: Frank Kim
Title/Role: SANS Certified Instructor, Course Lead, Course Author
Most Advanced Degree: Bachelor of Science, UC Berkeley
Field of Experience: Security and application development. See details below.
Discipline: Security; Development

Frank Kim is a co-founder and principal consultant with Think Security Consulting (http://www.thinksec.com), a San Francisco Bay area based application security consulting firm. Frank is an author and instructor for SANS Security 541: Secure Coding in Java/JEE. He has over ten years of experience developing applications using Java/Java EE and has designed and developed Web applications for large health care, technology, insurance, and consulting companies. Frank currently focuses on integrating security into the software development life cycle by doing penetration testing, security assessments, architecture reviews, code reviews, and training. Frank holds the CISSP, GPEN, GCIH, GCFA, GCIA, and GSSP Java certifications and is a Sun Certified Java Developer and Programmer.

Name: Jason Lam
Title/Role: SANS Certified Instructor, Course Lead, Course Author
Most Advanced Degree: B.A. Computer Science, York University
Field of Experience: Secure development, Penetration testing and Merger & Acquisition Security. See details below
Discipline: Security; Developer

Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He currently holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.

Name: Randy Marchany
Title/Role: SANS Certified Instructor, STI Committee Member
Most Advanced Degree: Master of Science MSEE, Computer Engineering, Virginia Polytechnic and State University: B.S., Computer Science, Virginia Polytechnic Institute and State University
Field of Experience: Security. See details below.
Discipline: Security

Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.

Name: Seth Misenar
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Philosophy, Millsaps College
Field of Experience: Network Security, Intrusion Detection, Penetration Testing. See details below.
Discipline: Security

Seth Misenar is a certified SANS instructor and also serves as lead consultant and founder of Jackson, Mississippi-based Context Security, which provides information security though leadership, independent research, and security training. Seth's background includes network and Web application penetration testing, vulnerability assessment, regulatory compliance efforts, security architecture design, and general security consulting. He has previously served as both physical and network security consultant for Fortune 100 companies as well as the HIPAA and information security officer for a state government agency. Prior to becoming a security geek, Seth received a BS in philosophy from Millsaps College, where he was twice selected for a Ford Teaching Fellowship. Also, Seth is no stranger to certifications and thus far has achieved credentials which include, but are not limited to, the following: CISSP, GPEN, GWAPT, GSEC, GCIA, GCIH, GCWN, GCFA, and MCSE. Beyond his security consulting practice, Seth is a regular instructor for SANS. He teaches numerous SANS classes, including SEC401: SANS Security Essentials Bootcamp Style, SEC504: Hacker Techniques, Exploits, and Incident Handling, and SEC542: Web App Penetration Testing and Ethical Hacking. Seth also serves as both virtual mentor and technical director for SANS OnDemand, the online course delivery arm of the SANS Institute.

Name: Michael Murr
Title/Role: SANS Certified Instructor
Most Advanced Degree: B.S., Major in Computer Science, Minor in Mathematics, California State University at Channel Islands
Field of Experience: Forensics. See details below.
Discipline: Security, Forensics

Michael has been a forensic analyst with Code-X Technologies for over five years, has conducted numerous investigations and computer forensic examinations, and has performed specialized research and development. Michael has taught SANS Security 504 (Hacker Techniques, Exploits, and Incident Handling), SANS Security 508 (Computer Forensics, Investigation, and Response), and SANS Security 601 (Reverse-Engineering Malware); has led SANS@Home courses; and is a member of the GIAC Advisory Board. Currently, Michael is working on an open-source framework for developing digital forensics applications. Michael holds the GCIH, GCFA, and GREM certifications and has a degree in computer science from California State University at Channel Islands. Michael also blogs about Digital forensics on his Forensic Computing blog.

Name: Hal Pomeranz
Title/Role: SANS Faculty Fellow, Course Lead, Course Author
Most Advanced Degree: BA in Mathematics with Minor in Computer Science from Swarthmore College
Field of Experience: Security, Linux/Unix. See details below.
Discipline: Security

Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than fifteen years managing systems and networks for some of the largest commercial, government, and academic organizations in the country. He is the Technical Editor for SysAdmin Magazine and was the recipient of the 2001 SAGE Outstanding Achievement award for his teaching and leadership in the field of System Administration. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming. Hal also blogs about command line tips on a regular basis.

Name: Mike Poor
Title/Role: SANS Senior Instructor, Course Lead, Course Author
Most Advanced Degree: See qualifications below.
Field of Experience: Intrusion Detection, Response, and Mitigation. See details below.
Discipline: Security

Mike is a founder and Senior Security Analyst for the DC firm InGuardians, Inc. In the past he has worked for Sourcefire as a research engineer and for SANS leading their Intrusion Analysis Team. As a consultant Mike conducts incident response, breach analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds the GCIA certification and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort series of books from Syngress, member of the Honeynet Project and is a Handler for the SANS Internet Storm Center.

Name: Megan Restuccia
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.B.A. Colombia University; B.S. Computer Science, William Paterson University
Field of Experience: Security
Discipline: Security

Megan is currently a certified instructor with the SANS Institute as well as a vice president at Morgan Stanley. She has over 14 years' experience in information technology with an extensive background in networking in Unix/Linux and Windows environments for both small and large implementations. Megan currently holds professional certifications, including RHCE, CCWD, CISSP, GSEC, and GIAC GREM, and a certificate in GGSC. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and desktop encryption.

Name: David Rice
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: M.S., Systems Engineering and Information Warfare, Naval Postgraduate School; and B.S., Physics and General Engineering, U.S. Naval Academy.
Field of Experience: Security. See details below.
Discipline: Security, Audit, Developer

David Rice is an internationally recognized cyber security expert, consulting director for policy reform at the U.S. Cyber Consequences Unit, and author of the critically acclaimed book Geekonomics: The Real Cost of Insecure Software. Mr. Rice is a key figure shaping the discussion of cyber security, and his work impacts both U.S. and European cyber security policy. As director of The Monterey Group, a private consulting firm, Mr. Rice advises a variety of clients on a range of issues, including cyber strategy development and execution, corporate cyber risk management, cyber security metrics, identity management, and secure software development practices.

Name: Marcus Sachs
Title/Role: SANS Senior Instructor
Most Advanced Degree: Masters in Computer Science with a concentration in Information Security from James Madison University, Masters in Science and Technology Commercialization from The University of Texas at Austin, Bachelors in Civil Engineering. He is currently pursuing a Ph.D. in Public Policy with a concentration in Science and Technology.
Field of Experience: Security Essentials, Malware, Management, National Security Policy
Discipline: Security and Management

Marcus Sachs serves as executive director of government affairs for national security and cyber policy at Verizon in Washington, DC. Prior to joining Verizon in August 2007, he was the deputy director of SRI International's Computer Science Laboratory. Marcus has served as the director of the SANS Internet Storm Center since 2003 and is an internationally recognized computer security expert. He brings nearly 30 years of professional experience to SANS, including 20 years of active military service as an officer in the United States Army and two years of national cyberspace security policy development as a Presidential appointee to the National Security Council staff in the George W. Bush administration. Marcus was the first cyber security official assigned to the Department of Homeland Security in 2003 where he developed the initial concept and strategy for the creation of the United States Computer Emergency Readiness Team. He was also a founding member of the Defense Department's Joint Task Force for Computer Network Defense, created in 1998 as the first US military organization designed to fight foreign threats in cyberspace. He is currently the secretary of the Communications Sector Coordinating Council and is a member of the CSIS Commission on Cyber Security for the 44th Presidency. Marcus is a licensed professional engineer in Virginia.

Name: Richard Salgado
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: J.D., Law, Yale Law School
Field of Experience: Legal Issues. See details below.
Discipline: Forensics

Richard P. Salgado is a Senior Counsel with Google for information security and law enforcement matters. Prior to joining Google, Mr. Salgado was with Yahoo!, focusing on international security and compliance work. He also served as Senior Counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code and other technology-driven privacy crimes.

In 2005, Mr. Salgado joined Stanford Law School as a legal lecturer on Computer Crime, and on Internet Business Legal and Policy Issues; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School, and as a faculty member of the National Judicial College. Mr. Salgado regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence and related criminal conduct. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his J.D. from Yale Law School.

Name: Eugene Schultz
Title/Role: SANS Certified Instructor
Most Advanced Degree: Ph.D., Cognitive Sciences, Purdue University
Field of Experience: Information Security & Technology
Discipline: Security and Management

Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of _Computers and Security_ from 2002 - 2007, is currently on the editorial board for this journal, and is an associate editor of _Network Security_. He is also a member of the editorial board for the SANS NewsBites, a weekly information security-related news update, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. He has received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed of the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Name: Raul Siles
Title/Role: SANS Certified Instructor
Most Advanced Degree: Masters, Computer Science from UPM (Spain) and a postgraduate in Security and E-commerce
Field of Experience: Security. See details below.
Discipline: Security

Raul Siles is a founder and senior security analyst with Taddong. His more than 10 years of expertise performing advanced security services and solutions in various worldwide industries include security architecture design and reviews, penetration tests, incident handling, forensic analysis, security assessments, and information security research in new technologies, such as Web applications, wireless, honeynets, virtualization, mobile devices, and VoIP. Raul is one of the few individuals who have earned the GIAC Security Expert (GSE) designation. He is a SANS Institute author and instructor of penetration testing courses, a regular speaker at security conferences, author of security books and articles, and contributes to research and open-source projects. He loves security challenges, is a member of international organizations, such as the Honeynet Project, and is a handler for the Internet Storm Center (ISC). Raul holds a master's degree in computer science from UPM (Spain) and a postgraduate in security and e-commerce. More information can be found at http://www.raulsiles.com.

Name: Stephen Sims
Title/Role: SANS Certified Instructor , Course Lead, Course Author
Most Advanced Degree: M.S. Information Assurance, Norwhich University (anticipated by end of 2010); B.S., Information Technology, University of Phoenix
Field of Experience: Security
Discipline: Security

Stephen Sims is an information security consultant currently working for Wells Fargo in San Francisco, California. He has spent the past eight years in San Francisco working for several large financial institutions on network and systems security, penetration testing, exploitation development, risk assessment and management. Prior to San Francisco, Stephen worked in the Baltimore/DC area as a network security engineer for companies such as General Motors and Sylvan Prometric. He is one of only a handful of individuals who hold the GIAC Security Expert (GSE) Certification and also helps to author and maintain the current version of the exam. He is a SANS certified instructor and the course author of SANS' first and only 700-level course, SEC709: Developing Exploits for Penetration Testers and Security Researchers. Stephen also holds the CISSP, CISA, and Network Offense Professional (NOP) certification, amongst others.

Name: John Strand
Title/Role: SANS Certified Instructor, Course Author
Most Advanced Degree: Master of Applied Science, Computer Information Systems, University of Denver
Field of Experience: Security. See details below.
Discipline: Security

John Strand currently is the owner and senior security researcher with Black Hills Information Security, and a consultant with Argotek, Inc for TS/SCI programs. As a certified SANS instructor he teaches: 504 "Hacker Techniques, Exploits and Incident Handling," 517, "Cutting Edge Hacking Techniques," and 560 "Network Penetration Testing." He is a contributing author of Nagios 3 Enterprise Network Monitoring, and a regular contributor to SearchSecurity's "Ask the Expert" series on the latest information security threats. He also regularly posts videos demonstrating the latest computer attacks and defenses at vimeo.com/album/26207. He started the practice of computer security with Accenture Consulting in the areas of intrusion detection, incident response, and vulnerability assessment/penetration testing. John then moved on to Northrop Grumman specializing in DCID 6/3 PL3-PL5 (multi-level security solutions), security architectures, and program certification and accreditation. He has a master's degree from Denver University and is currently also a professor at Denver University. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.

Name: Chad Tilbury
Title/Role: SANS Certified Instructor
Most Advanced Degree: M.S., Computer Science, Northeastern University; B.S. Computer Science, U.S. Air Force Academy
Field of Experience: Forensics, Incident Handling, Network Security. See details below.
Discipline: Forensics, Security

Chad Tilbury has spent over ten years responding to computer intrusions and conducting forensic investigations. His extensive law enforcement and international experience stems from working with a broad cross-section of Fortune 500 corporations and government agencies around the world. During his service as a Special Agent with the Air Force Office of Special Investigations, he investigated and conducted computer forensics for a variety of crimes, including hacking, abduction, espionage, identity theft, and multi-million dollar fraud cases. He has led international forensic teams and was selected to provide computer forensic support to the United Nations Weapons Inspection Team. Chad has worked as a computer security engineer and forensic lead for a major defense contractor and more recently as the Vice President of Worldwide Internet Enforcement for the Motion Picture Association of America. In that role, he managed Internet anti-piracy operations for the seven major Hollywood studios in over sixty countries. Chad is a graduate of the U.S. Air Force Academy and holds a B.S. and M.S. in Computer Science as well as GCFA, GCIH, and CISSP certifications. He is currently a consultant specializing in incident response, e-Discovery, and computer forensics.

Name: James Tarala
Title/Role: SANS Senior Instructor, Course Author
Most Advanced Degree: Master's Certificate in Information Assurance, University of Maryland
Field of Experience: Security and Audit. See details below.
Discipline: Audit, Security, Management

James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.

Name: Benjamin Wright
Title/Role: SANS Senior Instructor, Course Lead, Course Author
Most Advanced Degree: JD, Law, Georgetown University Law Center
Field of Experience: Legal Issues. See details below.
Discipline: Legal

Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 26 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular blog at http://legal-beagle.typepad.com.

Name: Joshua Wright
Title/Role: SANS Senior Instructor, Course Lead, Course Author
Most Advanced Degree: B.S., Information Science, Johnson and Wales University in Providence, Rhode Island.
Field of Experience: Security. See details below.
Discipline: Security

Joshua Wright is a Senior Security Analyst with InGuardians, LLC and a Senior Instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Prior to joining InGuardians, Josh was the Senior Security Researcher for Aruba Networks, leading a team committed to significantly improving the security of modern networks. In his spare time, Josh looks for any opportunity to void the warranty on wireless electronics. He also blogs about ethical hacking tips.

“SANS provides top instructors; that is what separates SANS from all other learning opportunities.” Todd Greenlaw, Telus

The SANS Technology Institute

Faculty

Version 2.2

FACULTY - SANS Technology Institute

Other Faculty - SANS Technology Institute

“SANS provides top instructors; that is what separates SANS from all other learning opportunities.”
Todd Greenlaw, Telus