Governance: Board of Directors

Governance:

STI Board of Directors
Directors Representation
Bill LockhartChairman
Dennis KirbyVice Chairman
Scott CassityGIAC
Richard HammerSTI Alumni
Thomas JohnsonHigher Education Community
Ronald PhippsHigher Education Community
Dave ShacklefordInformation Security Community
Ed SkoudisInformation Security Community
Lenny ZeltserInformation Security Community
Alan Paller (Non-Voting Member)Ex-Officio Member, STI President

Lockhart, Bill

Bill,
  • Most Advanced Degree
    MBA, Harvard Business School
  • Director of Strategy

Bill Lockhart serves as the Executive Director of the SANS Technology Institute, working with President Paller to oversee strategy and manage all school operations, including student and enrollment management, finance, marketing, technology support, and regulatory affairs. †President Paller claims that Bill joined SANS, following a successful, fifteen year career as a Managing Director and portfolio manager for multi-billion dollar investment firms, so that "he could finally do something useful." †Bill brings a wide variety of industry, management, and functional experiences to SANS, from serving on the Board of a publicly-traded company, advising global firms as a strategy and marketing consultant, to founding and growing his own business as an entrepreneur. †Bill earned his MBA from the Harvard Business School, and his B.A. from Yale University.

Kirby, Dennis

Dennis,
  • Most Advanced Degree
    MBA, Harvard Business School
  • Field of Experience
    See details below.

Dennis Kirby is a director at the SANS Institute where he oversees the Forensics, Pen Testing, Audit, Application Security, and Cyber Defense curricula along with other operational functions in the company. He is a graduate of the United States Military Academy and served with the 101st Airborne Division for over four years including as Company Commander of a UH-60 Blackhawk Assault Helicopter Company of the 101st Aviation Regiment and served with the 101st Airborne Division during Operations Desert Shield and Storm. His awards and decorations include the Bronze Star Medal, the Meritorious Service Medal, the Army Aviator, Parachutist and Air Assault Badges. He went on to earn his MBA from Harvard Business School and after a stint at John Deere and in investment banking, he took on management roles in two private equity firms focused on control investments to rehabilitate distressed and underperforming middle-market companies. He led acquisitions with an aggregate value of over $1 billion and served on the board of directors of several companies.

Cassity, Scott

Scott,
  • Most Advanced Degree
    MBA, Vanderbilt University Owen Graduate School of Management; BBA, University of Kentucky
  • Field of Experience
    See details below.
  • GIAC Representative

Scott Cassity, Managing Director of GIAC, provides executive leadership to the Global Information Assurance Certification (GIAC) organization. In this role, Scott provides general management, strategic direction and leadership for GIAC. He is responsible for all aspects of the GIAC organization including financial, marketing, personnel, and operations support. Scott‚s responsibilities also include internal and external client interaction including the SANS Sales Team, Department of Defense and Enterprise clients.

Scott was previously a principal/partner of a healthcare real estate development and consulting firm. During his tenure with his past company he developed over $70 million of successful real estate projects with his partners and clients. He also initiated or closed real estate transactions in excess of $100 million. His business expertise includes growing new businesses, financial analysis, risk assessment and a genuine interest in new business ventures. Scott has also worked in the securities and healthcare industries.

Scott also serves several non-profit endeavors in his community. He is the current President of ChildHelp of East Tennessee, a children‚s advocacy organization.

Hammer, Richard

Richard,
  • Most Advanced Degree
    M.S., Information Security Engineering, SANS Technology Institute
  • STI Course Advisor
  • Director on the Board of SANS Technology Institute

Richard is currently a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, and GSPA certifications. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE).

Johnson, Thomas

Thomas,
  • Higher Education Community Representative

Dr. Johnson is Associate Vice President and Chief of Strategic Initiatives at Webster University. Dr. Johnson also serves as co-founder and Chairman of the Board of Directors of the California Sciences Institute, a non-profit-public benefit corporation located in Livermore, California and dedicated to research and science education. He received his Bachelor's and Master's degrees from Michigan State University and his Doctorate from the University of California - Berkeley.

Dr. Johnson has published 6 books, 13 referred articles; holds copyright on 4 software programs and has lectured at the Strategic Studies Institute of the U.S. Army War College. In addition to lecturing at the U.S. Army War College, Carlisle Barracks, he has also lectured at the Federal Law Enforcement Training Center, and numerous universities.

Phipps, Ronald

Ronald,
  • Higher Education Community Representative

Ron Phipps is a Senior Associate at the Institute for Higher Education Policy where he manages projects related to financing of higher education, statewide governance and administration, distance learning and technology, and other topics in the field of higher education policy. Dr. Phipps is the author of the definitive study of distance learning in higher education, Quality on the Line, which addressed benchmarks for success in Internet-based distance education. Dr. Phipps has managed several large-scale analysis projects in support of state higher education agencies and educational institutions in Russia and other countries. Dr. Phipps has almost four decades of higher education experience as a higher education administrator, researcher, and analyst. He previously served as Executive Director of the Alaska Commission on Postsecondary Education and as Assistant Secretary of the Maryland Higher Education Commission, where he conducted and supervised policy analysis, planning, and research.

Shackleford, Dave

Dave,
  • Most Advanced Degree
    Masters in Business Administration, Georgia State University
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security:

Protecting Virtualized Environments, as well as the coauthor of Hands-On Information Security from Course Technology. Recently Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Dave knows his stuff and explains the material in an easy-to-understand way. - Jonathan O'Neal, Monster.com

Skoudis, Ed

Ed,
  • Most Advanced Degree
    M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
  • Field of Experience
    Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Faculty Fellow
  • Course Lead
  • STI Faculty Advisor

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case†studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost. †

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology. †He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.

Student Testimonials:
"Getting the war stories from Ed as part of the material helps me understand how things really happen." - Kevin Eveker, IDA

"Ed is a fantastic and charismatic instructor who helps get the key points across to students." - Thomas Rogers, Chevron

"Ed is one of the best instructors I have ever had. It's no secret why he is such a world class pen-tester!" - Patrick McCoy, KEYW

"Ed pulls all of the available knowledge into a very understandable easy to digest format." - Bill Hinds, PMI

Zeltser, Lenny

Lenny,
  • Most Advanced Degree
    M.B.A. from M.I.T.
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor
  • Course Lead
  • STI Committee Member

Aptly called the "Yoda"†of malware analysis by his students, Lenny Zeltser keeps his eye on the big picture and focuses on the sum of events rather than individual occurrences. He lives by that philosophy and brings it to his job and classroom. †"Even those professional moments that seem insignificant by themselves can be an important piece of the progressive journey that, hopefully, takes us toward our career objectives and honors our ideals,"†says Lenny. "And you may not even see the value in those moments until you look back on the path."

A seasoned business and technology leader with extensive information security expertise, Lenny started his professional journey in a variety of technical infosec roles before serving as the national lead of the U.S. security consulting practice at a major cloud services provider. Later in his career he oversaw a portfolio of security services at a Fortune 500 technology company. Today, as VP of Products at Minerva Labs, Lenny designs and builds designs creative anti-malware products. Lenny is also a senior instructor at SANS and the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques, a course he designed as an on-ramp into the malware analysis field. The course helps students expand and systematize their approaches to examining malicious software using a variety of techniques.

"My goal is to make this topic as accessible to people as possible,"†says Lenny. "There is indeed much one needs to know to understand the inner workings of malicious code, but the good news is that people can begin learning how to do this work by building on the technical skills they already have, whether they are grounded in system administration, network security, software development or other aspects of IT."

Like many of his students, Lenny's career path began in an IT role, which lends unique strengths to his information security expertise.

"My first job in IT was Unix system administration, then I moved onto Windows sysadmin, and then I spent a bit of time on software development,"†Lenny explains. "I found myself gravitating toward the information security aspects of these jobs. For me, Infosec exists at the intersection of many disciplines, and working in this field allows me to make use of the skills and interests I've acquired across various aspects of IT."

Along the way, Lenny earned the prestigious GIAC Security Expert professional designation, and he currently serves on the Board of Directors of SANS Technology Institute.†Lenny holds a bachelor's degree in computer science from the University of Pennsylvania and a master's in business administration from MIT Sloan.

A co-author of four books on malware, network security, and digital forensics, Lenny also developed the Linux toolkit REMnux to make it easier to use a variety of freely available malware analysis tools, many of which run well on Linux but can be difficult to find and install. REMnux has grown to become a very popular toolkit and today is used by malware analysts throughout the world. The FOR610 course that Lenny teaches covers many of the tools installed on REMnux.

Lenny gives his students more than technical tools, however, and he says that the most important lesson he teaches his students is: "You can do it."

"It's easy to get discouraged when you run into professional challenges that you're not equipped to handle,"†Lenny explains. "But when you participate in SANS training, you encounter many new tools and concepts that you will be able to attach to the techniques you already know from prior experience in the field. Much of what you learn will occur after you finish the course and begin applying the concepts to your work outside the classroom. I strive to give students the confidence and the core skills they need to keep learning about and curtailing malware threats even after the class ends."

In his free time, Lenny indulges his love of food both as chef and consumer. †"Eating a delicious meal in good company is always time well spent for me,"†he says. Lenny also loves to cook as a way to clear his mind, disconnect from the day-to-day challenges of business and IT, and connect with family and friends. Lenny subscribes to several food and cooking magazines and enjoys experimenting with new recipes, ingredients, and spices. "Not everything I cook turns into a great dish-†sometimes experiments lead towards unfavorable results-†so I keep reminding myself to think about this process as a journey, not as a destination."

Qualifications Summary

  • Senior instructor and member of the Board of Directors at SANS
  • VP of Products & Advisory Board Member at Minerva Labs
  • Recipient of the GIAC Security Expert (GSE) professional designation
  • Co-author of several books on information security, including:†Malware: Fighting Malicious Code, Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems, and†CyberForensics: Understanding Information Security Investigations
  • Developed and maintains the REMnux Linux Distribution, a toolkit of free malware analysis tools that makes it easier to start analyzing malware
  • Has worked in the information security industry for more than two decades

Get to Know Lenny Zeltser

This is what student are saying about Senior Instructor Lenny Zeltser:

  • "Lenny presented a wealth of knowledge, tied it together smoothly, and I am leaving with exponentially more knowledge." -†David Werden, NGIS
  • "Last week, myself and three of my associates attended SANS GREM training. Based on previous recommendations by prior students, we explicitly attended this session given Lenny was the instructor. As someone who has been responsible for development and delivery of training and education services, Lenny is the best instructor I have ever encountered in my professional life. His approachable demeanor, passion for the learning process, and empathy for his students was just as impressive as his mastery of the curriculum. This praise was unanimous among my three associates." -†Colin Sheppard, Vice President of Cyber Security & Fraud, International at First Data Corporation
  • "Lenny is one of the reasons why it's fun to be in the information security community. His extraordinary intellect and talent for research and innovation is matched by his communication and teaching skills. He's a fantastic writer and a wonderful instructor who has mastered the ability to teach complex concepts in a very approachable manner. Lenny is also one of the nicest people you'll ever run into in our field or any other." -†Eric Huber, Cyber Fraud Subject-Matter Expert
  • "Lenny Zeltser is another one of those people you read about in magazines and think "Man, I wish I was that guy."†A true leader in information security and a great guy all around. Lenny once actually paid me a compliment when I was teaching for SANS, along the lines of being inspired at the time by me being one the folks who happily stood up to teach in front of large crowds (we were both new to the game at the time). I found this humorous since I felt only awe at his own amount of knowledge. I still have the copy of Network Perimeter Security, which he personally sent me to get my opinion of it. I recall that I didn't end up providing my feedback since I felt beneath the ability to comment on it at the time!" -†Ed Luck, Principal Consultant, Solutions at Dimension Data
  • "I was part of the group that attended and reviewed Lenny's try-out session as a SANS instructor, and was blown away by the energy, expertise, and focus he displayed. Where others have at times failed to properly handle interruptions, especially from people who were trying to lead them astray and/or force them to stumble, Lenny remained focused, put the interrupter nicely but firmly in his place, and postponed further discussion to the Q&A session at the end of the class. When audience members asked targeted questions, inquiring about their understanding of recent developments in information security, he was able to elaborate on each of the topics and help them improve their grasp on various hot topics. Lenny displays lots of dedication, is very intelligent, has a solid grasp of information security, and is capable of explaining complicated technical concepts in easily understandable terms." -†Roland Grefer, Principal, Global Support Services Group

Paller, Alan

Alan,
  • Most Advanced Degree
    Master of Engineering, Massachusetts Institute of Technology
  • Field of Experience
    Public Policy and Marketing Security in Large Organizations. See details below.
  • President of SANS Technology Institute
  • Advisor on Presentations

Alan Paller is the president for SANS Technology Institute and director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet's early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

He earned his Bachelor's of Science in Engineering at Cornell University and a Master of Engineering from the Massachusetts Institute of Technology.