Governance: Board of Directors

STI Board of Directors 2013
Directors Representation
Mason BrownChairman
Dennis KirbyVice Chairman
Scott CassityGIAC
Richard HammerSTI Alumni
Thomas JohnsonHigher Education Community
Ronald PhippsHigher Education Community
Dave ShacklefordInformation Security Community
Ed SkoudisInformation Security Community
Lenny ZeltserInformation Security Community
Rick Wanner (Non-Voting Member)STI Student, Director-in-Training
Alan Paller (Non-Voting Member)Ex-Officio Member, STI President
*Meet in-person annually, most interim votes done via email, special meetings option
*NEXT ANNUAL MEETING: SANSFIRE 2015, residential institution (June 2015)
*Board Members terms were renewed for 3 years commencing Annual Meeting July 2012

Brown, Mason

  • Most Advanced Degree
    MBA, Harvard Business School
  • Field of Experience
    See details below.
  • SANS Institute Representative

Mason Brown is one of a very small number of people in the information security field who has held a top management position in a Fortune 50 company. After earning his MBA from Harvard Business School, Mason joined Alcoa where he rose quickly to the President position for a $400 million division and then to a very senior executive role in a $5 billion division of Alcoa, with global responsibility. He brings this unique senior management perspective to the task of helping security professionals learn how to make a security program effective inside their organizations. Mason's undergraduate degree was in Business and Operations Management from Susquehanna University and before attending Harvard, he was a software entrepreneur. Since he arrived in 2005, Mason has helped SANS Institute expand from educating 10,000 students per year to more than 20,000 and has been instrumental in expanding SANS Institute's community to more than 15 new countries. Mason led the establishment of the SANS Institute Software Security Institute (SSI) to bring focus and education to the critical issues of secure coding and application layer security. Mason is part of SANS Institute's public policy research and advocacy programs to improve cyber security and was named to the Presidential Cyber Security Commission tasked with providing cyber security strategy and recommendations to the 44th President.

Kirby, Dennis

  • Most Advanced Degree
    MBA, Harvard Business School
  • Field of Experience
    See details below.

Dennis Kirby is a director at the SANS Institute where he oversees the Forensics, Pen Testing, Audit, Application Security, and Cyber Defense curricula along with other operational functions in the company. He is a graduate of the United States Military Academy and served with the 101st Airborne Division for over four years including as Company Commander of a UH-60 Blackhawk Assault Helicopter Company of the 101st Aviation Regiment and served with the 101st Airborne Division during Operations Desert Shield and Storm. His awards and decorations include the Bronze Star Medal, the Meritorious Service Medal, the Army Aviator, Parachutist and Air Assault Badges. He went on to earn his MBA from Harvard Business School and after a stint at John Deere and in investment banking, he took on management roles in two private equity firms focused on control investments to rehabilitate distressed and underperforming middle-market companies. He led acquisitions with an aggregate value of over $1 billion and served on the board of directors of several companies.

Cassity, Scott

  • Most Advanced Degree
    MBA, Vanderbilt University Owen Graduate School of Management; BBA, University of Kentucky
  • Field of Experience
    See details below.
  • GIAC Representative

Scott Cassity, Managing Director of GIAC, provides executive leadership to the Global Information Assurance Certification (GIAC) organization. In this role, Scott provides general management, strategic direction and leadership for GIAC. He is responsible for all aspects of the GIAC organization including financial, marketing, personnel, and operations support. Scottās responsibilities also include internal and external client interaction including the SANS Sales Team, Department of Defense and Enterprise clients.

Scott was previously a principal/partner of a healthcare real estate development and consulting firm. During his tenure with his past company he developed over $70 million of successful real estate projects with his partners and clients. He also initiated or closed real estate transactions in excess of $100 million. His business expertise includes growing new businesses, financial analysis, risk assessment and a genuine interest in new business ventures. Scott has also worked in the securities and healthcare industries.

Scott also serves several non-profit endeavors in his community. He is the current President of ChildHelp of East Tennessee, a childrenās advocacy organization.

Hammer, Richard

  • Most Advanced Degree
    M.S., Information Security Engineering, SANS Technology Institute
  • STI Course Advisor
  • Director on the Board of SANS Technology Institute

Richard is currently a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, and GSPA certifications. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE).

Johnson, Thomas

  • Higher Education Community Representative

Dr. Johnson is Associate Vice President and Chief of Strategic Initiatives at Webster University. Dr. Johnson also serves as co-founder and Chairman of the Board of Directors of the California Sciences Institute, a non-profit-public benefit corporation located in Livermore, California and dedicated to research and science education. He received his Bachelor's and Master's degrees from Michigan State University and his Doctorate from the University of California - Berkeley.

Dr. Johnson has published 6 books, 13 referred articles; holds copyright on 4 software programs and has lectured at the Strategic Studies Institute of the U.S. Army War College. In addition to lecturing at the U.S. Army War College, Carlisle Barracks, he has also lectured at the Federal Law Enforcement Training Center, and numerous universities.

Phipps, Ronald

  • Higher Education Community Representative

Ron Phipps is a Senior Associate at the Institute for Higher Education Policy where he manages projects related to financing of higher education, statewide governance and administration, distance learning and technology, and other topics in the field of higher education policy. Dr. Phipps is the author of the definitive study of distance learning in higher education, Quality on the Line, which addressed benchmarks for success in Internet-based distance education. Dr. Phipps has managed several large-scale analysis projects in support of state higher education agencies and educational institutions in Russia and other countries. Dr. Phipps has almost four decades of higher education experience as a higher education administrator, researcher, and analyst. He previously served as Executive Director of the Alaska Commission on Postsecondary Education and as Assistant Secretary of the Maryland Higher Education Commission, where he conducted and supervised policy analysis, planning, and research.

Shackleford, Dave

  • Most Advanced Degree
    Masters in Business Administration, Georgia State University
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security:

Protecting Virtualized Environments, as well as the coauthor of Hands-On Information Security from Course Technology. Recently Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Dave knows his stuff and explains the material in an easy-to-understand way. - Jonathan O'Neal,

Skoudis, Ed

  • Most Advanced Degree
    M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
  • Field of Experience
    Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Faculty Fellow
  • Course Lead
  • STI Faculty Advisor

Ed Skoudis is the founder of Counter Hack, an innovative organization that designs, builds, and operates popular infosec challenges and simulations including CyberCity, NetWars, Cyber Quests, and Cyber Foundations. As director of the CyberCity project, Ed oversees the development of missions which help train cyber warriors in how to defend the kinetic assets of a physical, miniaturized city. Ed's expertise includes hacker attacks and defenses, incident response, and malware analysis, with over fifteen years of experience in information security. Ed authored and regularly teaches the SANS courses on network penetration testing (Security 560) and incident response (Security 504), helping over three thousand information security professionals each year improve their skills and abilities to defend their networks. He has performed numerous security assessments; conducted exhaustive anti-virus, anti-spyware, Virtual Machine, and IPS research; and responded to computer attacks for clients in government, military, financial, high technology, healthcare, and other industries. Previously, Ed served as a security consultant with InGuardians, International Network Services (INS), Global Integrity, Predictive Systems, SAIC, and Bell Communications Research (Bellcore). Ed also blogs about command line tips and penetration testing.

Ed Skoudis successfully combines expertise, real-world experiences, and even humor to deliver an incredibly effective learning experience... Thank you! - George Huang, Nationwide Insurance

Zeltser, Lenny

  • Most Advanced Degree
    M.B.A. from M.I.T.
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor
  • Course Lead
  • STI Committee Member

Lenny Zeltser is a seasoned business and tech leader with extensive experience in information technology and security. As a product management director at NCR Corp, he heads the software and services group that address customers' data protection needs. Before NCR, Lenny led the enterprise security consulting practice at a major cloud services provider. He also trains professionals in digital forensics and malware combat at SANS Institute. In addition, Lenny is a Board of Directors member at SANS Technology Institute.

Lenny's expertise is strongest at the intersection of business, technology, and information security and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has co-authored books on network security and malicious software. Lenny has an MBA degree from MIT Sloan, a Computer Science degree from the University of Pennsylvania and has earned the prestigious GIAC Security Expert designation from SANS Institute. Visit to learn about his projects and interests.

"Lenny presented a wealth of knowledge, tied it together smoothly, and I am leaving with exponentially more knowledge." - David Werden, NGIS

Wanner, Rick

  • Master's Candidate Director in Training

Rick Wanner is a security manager in Corporate Security at SaskTel responsible for all aspects of policy compliance including policy development, security consulting, risk assessment, compliance assessment and penetration testing. Rick has over 20 years experience in IT, and since 1996 has specialized in Information Security, working in many facets of security, including firewall analyst, security architect, security integration specialist, security consultant and penetration tester. Rick is active with SANS and GIAC and has participated in numerous activities including the Top 20 vulnerabilities project, SSH Step by Step guide, GSEC courseware revisions, courseware development, GIAC Gold advisor, SANS Advisory Board, and was integral in the creation of the GIAC Ethics Council. Rick holds GIAC GCFW, GCIH, GSNA, GCIA, GHTQ, and GREM and is currently completing his MSISE with SANS Technology Institute. Rick is a member of the Canadian Information Processing Society (CIPS), a certified Information Systems Professional (ISP), and member of the CIPS Saskatchewan Professional Conduct Committee. Rick is involved in running a community soccer league, coaching his children, and teaching security in his community.

Paller, Alan

  • Most Advanced Degree
    Master of Engineering, Massachusetts Institute of Technology
  • Field of Experience
    Public Policy and Marketing Security in Large Organizations. See details below.
  • President of SANS Technology Institute
  • Advisor on Presentations

Alan Paller is the president for SANS Technology Institute and director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet's early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

He earned his Bachelor's of Science in Engineering at Cornell University and a Master of Engineering from the Massachusetts Institute of Technology.