The SANS Technology Institute

Faculty

Version 2.1

FACULTY - SANS Technology Institute

Name: Dr. Johannes Ullrich
Title: Dean of Faculty, Chief Research Officer, Faculty, Certified, Staff
Most Advanced Degree: Ph.D. Physics, SUNY Albany
Field of Experience: Information Security Research Expert. See details below.
Courses: SEC 503 Intrusion Detection In-Depth, SEC 504 Hacker Techniques, Exploits and Incident Handling, and other courses.

Dr. Johannes Ullrich is Dean of Faculty, Chief Research Officer and a faculty member of SANS Technology Institute. Johannes also serves on the following SANS Technology Institute committees: Full-time Faculty, Long Range Planning, Academic and Student Affairs. As Chief Research Officer for SANS, Johannes is responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2005, SC Magazine named him one of the 5 most influential IT security thinkers in the networking industry. Johannes teaches SEC 503 Intrusion Detection In-Depth, SEC 504 Hacker Techniques, Exploits and Incident Handling, SEC 615 LAMP Secure Internet Presence, and other courses.

Name: Dr. Eric Cole
Title: Department Chair, Faculty, Fellow
Most Advanced Degree: Ph.D., Computer Science, Pace University
Field of Experience: Information Security Expert. See details below.
Courses: SEC 401 SANS Security Essentials, MGT 524 Security Policy and Awareness, MGT 512 SANS Security Leadership Essentials for Managers, and other courses.

Dr. Eric Cole is the Department Chair of SANS Technology Institute, faculty member, general faculty advisor, and he teaches, maintains and develops courseware. Eric serves on the following SANS Technology committees: Full-time Faculty, Academic and Student Affairs, Long Range Planning. He is an industry recognized security expert, with over 15 years hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker. Dr. Cole also is also a senior scientist with Lockheed Martin Information Technology (LMIT) and Lockheed Martin (LM) fellow.

Name: President Stephen Northcutt
Title: President, Ex-Officio Director on the Board of SANS Technology Institute, Faculty, Fellow, Staff
Most Advanced Degree: Bachelor of Science, Mary Washington College
Courses: MGT 512 SANS Security Leadership Essentials for Managers, MGT 421 Leadership and Management Competencies, MGT 524 Security Policy and Awareness, SEC 401 SANS Security Essentials, and other courses.

Stephen Northcutt founded the GIAC certification and currently serves as president of the SANS Technology Institute, a postgraduate level IT security college. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.

Since 2007 Stephen has conducted over 34 in depth interviews with leaders in the security industry, from CEOs of security product companies to the most well known practitioners in order to research the competencies required to be a successful leader in the security field. He maintains the SANS Leadership Laboratory where research on these competencies is posted. He is the lead author for Execubytes, a monthly newsletter that covers both technical and pragmatic information for security managers. He leads the Management 512 Alumni forum, where hundreds of security managers post questions. He is the lead author/instructor for Management 512 :: SANS Security Leadership Essentials, a prep course for the GSLC certification that meets all levels of requirements for DoD Security Managers per DoD 8570 and he also is the lead author/instructor for Management 421 :: Management and Leadership Competencies.

Name: Ed Skoudis
Title: Director on the Board of SANS Technology Institute, Faculty, Fellow
Most Advanced Degree: M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
Field of Experience: Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
Courses: SEC 504 Hacker Techniques, Exploits and Incident Handling, and other courses.

In addition to his teaching responsibilities, Ed Skoudis performs security assessments and designs information security governance and operations teams for Fortune 500 companies, and provides rapid response to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed is the author of several articles as well as the Prentice Hall best selling book, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. His latest book is titled Malware: Fighting Malicious Code. Ed was also awarded a 2004 Microsoft MVP award for Windows Server Security, and is a member of the Honeynet Project. Ed Skoudis teaches SANS SEC 504 Hacker Techniques, Exploits and Incident Handling course; and also SEC 517 Cutting Edge Hacking Techniques. Ed also serves on the Board of Directors of SANS Technology Institute.

Name: Lenny Zeltser
Title: Director on the Board of SANS Technology Institute, Faculty, Senior
Most Advanced Degree: M.B.A. from M.I.T.
Field of Experience: Security. See details below.
Courses: SEC 504 Hacker Techniques, Exploits and Incident Handling, MGT 512 SANS Security Leadership Essentials for Managers, and other courses.

Lenny Zeltser leads a security consulting team at Savvis. He is also a Board of Directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the SANS Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.

Lenny is one of the few individuals in the world who've earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.

Name: Dave Shackleford
Title: Director on the Board of SANS Technology Institute, Faculty, Certified
Most Advanced Degree: Masters in Business Administration, Georgia State University
Field of Experience: Security. See details below.
Courses: SEC 504 Hacker Techniques, Exploits and Incident Handling, all AUDIT courses, MGT 512 SANS Security Leadership Essentials for Managers, and other courses.

Dave Shackleford is EMC's chief security strategist, as well as the head of the Center for Policy and Compliance, a group focused on developing controls for industry and regulatory compliance initiatives. He is also an instructor and course author for the SANS Institute, where he serves as a GIAC technical director. Previously, Dave worked as chief technical officer for both the Center for Internet Security and a security consulting firm in Atlanta where he became one of the first Visa-certified Qualified Security Assessors while managing the firm's PCI compliance practice. He has managed information security for a major airline and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition, he has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture, and engineering. Dave is the co-author of Hands-On Information Security from Course Technology as well as the "Managing Incident Response" chapter in the Course Technology book Readings and Cases in the Management of Information Security. Recently, Dave co-authored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the Technology Association of Georgia's Information Security Society and the SANS Technology Institute.

Name: Alan Paller
Title: Chair and Director on Board of SANS Technology Institute, Faculty, Staff
Most Advanced Degree: Masters, Engineering, Massachusetts Institute of Technology; and B.S., Engineering, Cornell University.
Field of Experience: Public Policy and Marketing Security in Large Organizations. See details below.

Alan Paller is the director of research for the SANS Institute, responsible for projects ranging from the SANS Internet Storm Center (the Internetís early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

His degrees are from Cornell University and the Massachusetts Institute of Technology.

Name: Marcus Sachs
Title: Faculty, Senior
Most Advanced Degree: Masters in Computer Science with a concentration in Information Security from James Madison University, Masters in Science and Technology Commercialization from The University of Texas at Austin, Bachelors in Civil Engineering. He is currently pursuing a Ph.D. in Public Policy with a concentration in Science and Technology.
Field of Experience: Security Essentials, Malware, Management, National Security Policy
Courses: SEC 401 SANS Security Essentials, MGT 405 Critical Infrastructure Protection, and other courses

Marcus Sachs serves as Executive Director of Government Affairs for National Security Policy at Verizon in Washington, D.C. Prior to joining Verizon in August 2007, he was the deputy director of SRI International's Computer Science Laboratory. Marcus has served as the director of the SANS Internet Storm Center since 2003, and is an internationally recognized computer security expert. He brings over 26 years of professional experience to SANS including 20 years of active military service as an officer in the United States Army and two years of national cyberspace security policy development as a Presidential appointee to the National Security Council staff in the George W. Bush administration. Marcus was the first cyber security official assigned to the Department of Homeland Security in 2003 where he developed the initial concept and strategy for the creation of the United States Computer Emergency Response Team. He was also a founding member of the Defense Department's Joint Task Force for Computer Network Defense, created in 1998 as the first US military organization designed to fight foreign threats in cyberspace. Marcus is a licensed Professional Engineer in Virginia.

Name: Benjamin Wright
Title: Faculty, Senior
Most Advanced Degree: JD, Law, Georgetown University Law Center
Field of Experience: Legal Issues. See details below.
Courses: LEG 523 Legal Issues in Information Technology and Information Technology Security.

Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 24 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security and e-mail discovery and been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. He wrote and presented to the Sri Lankan government a report on technology law, which contributed to the adoption of national e-commerce legislation in 2005. Wright maintains a popular blog at http://legal-beagle.typepad.com.

Name: David Rice
Title: Faculty, Senior
Most Advanced Degree: M.S., Systems Engineering and Information Warfare, Naval Postgraduate School; and B.S., Physics and General Engineering, U.S. Naval Academy.
Field of Experience: Security. See details below.
Courses: SEC 401 SANS Security Essentials, SEC 616 .Net Security, 617, MGT 512 SANS Security Leadership Essentials for Managers.

David Rice is Director of The Monterey Group a results-oriented consultancy fulfilling client objectives in all matters of information security. David is an internationally recognized information security expert and the author of the forthcoming book, Geekonomics: The Real Cost of Software. David has been awarded for significant contributions as part of his work with the Department of Defense and the National Security Agency. David is a SANS Institute author and senior instructor. He has over 10 years of experience in security and large-scale IT infrastructure.

Name: Jason Fossen
Title: Faculty, Fellow
Most Advanced Degree: Masters, Philosophy of Science, University of Texas at Austin
Field of Experience: Security with Microsoft/Windows Emphasis. See details below.
Courses: SEC 505 Securing Windows

Jason Fossen is a principal security consultant at Enclave Consulting LLC, a published author, and a frequent public speaker on Microsoft security issues. He is the sole author of the SANS' week-long Securing Windows course (SEC505), maintains the Windows day of Security Essentials (SEC401.5), and has been involved in numerous other SANS projects since 1998. He was graduated from the University of Virginia, received his Master's degree from the University of Texas at Austin, and holds a number of professional certifications. He currently lives in Dallas, Texas.

Name: Jess Garcia
Title: Faculty, Certified
Most Advanced Degree: M.Sc. in Telecommunications Engineering, Univ. Politecnica de Madrid
Field of Experience: Security. See details below.
Courses: SEC 503 Intrusion Detection In-Depth, 505 Securing Windows, SEC 508 System Forensics, Investigation and Response, and other courses.

Jess Garcia, founder of One eSecurity, is a Senior Security Engineer with over 15 years of experience in Information Security.

During the last 5 years Jess has worked in highly sensitive projects in Europe, USA, Latin America and the Middle East with top global customers in sectors such as financial & insurance, corporate, media, health, communications, law firms or government, in areas such as Incident Response & Computer Forensics, Malware Analysis, Security Architecture Design and Review, etc.

Previously, Jess worked for 10 years as a systems, network and security engineer in the Spanish Space Agency, where he collaborated as a security advisor with the European Space Agency, NASA, and other international organizations.

Jess is a frequent speaker at security events, having been invited to dozens of them around the world during the last few years. Jess has also contributed to several books, articles, SANS courseware, the GIAC program, etc. Jess is an active security researcher in areas such as Incident Response and Computer Forensics or Honeynets.

Jess holds a Masters of Science in Telecommunications Engineering from the Univ. Politecnica de Madrid.

Name: Ron Ritchey
Title: Faculty, Certified
Most Advanced Degree: Ph.D., Information Technology, George Mason University's School of Information Technology and Engineering; Masters, Computer Science, George Mason University
Field of Experience: Security. See details below.
Courses: AUD 507 Auditing Networks, Perimeters & Systems

Mr. Ritchey is an authority in the areas of secure network design and network intrusion and regularly leads penetration testing efforts for Booz Allen Hamilton where he has had the opportunity to learn first-hand the real-world impact of network vulnerabilities. He is also an active researcher in the field with peer-reviewed publications in the area of automated network security analysis and is one of the co-authors of the recently released Inside Network Perimeter Security book published by New Riders in association with the SANS Institute. Mr. Ritchey has authored courses on computer security that have been taught across the country and periodically teaches masters level courses on computer security. Mr. Ritchey holds a Ph.D. in Information Technology from George Mason University's School of Information Technology and Engineering, and a Masters Degree in Computer Science from George Mason University. His doctoral research involved automating network security analysis.

Name: Richard Salgado
Title: Faculty, Senior
Most Advanced Degree: J.D., Law, Yale Law School
Field of Experience: Legal Issues. See details below.
Courses: SEC 508 System Forensics, Investigation, and Response, and other courses

Richard P. Salgado is a Senior Corporate Counsel with Yahoo! Inc., where he focuses on international privacy, security and law enforcement compliance matters. Prior to joining Yahoo!, Mr. Salgado served as Senior Counsel in the Computer Crime and Intellectual Property Section of the United States Department of Justice. As a federal prosecutor, Mr. Salgado specialized in investigating and prosecuting computer network cases, such as computer hacking, illegal computer wiretaps, denial of service attacks, malicious code and other technology-driven privacy crimes. Mr. Salgado also regularly speaks on the legal and policy implications of searching and seizing computers and electronic evidence, emerging surveillance technologies, digital evidence and related criminal conduct. In 2005, Mr. Salgado will join Stanford Law School as a legal lecturer on Computer Crime; he previously served as an adjunct law professor at Georgetown University Law Center and George Mason Law School, and as a faculty member of the National Judicial College. Mr. Salgado graduated magna cum laude from the University of New Mexico and in 1989 received his J.D. from Yale Law School.

Name: Glen Sharlun
Title: Faculty, Certified
Most Advanced Degree: Masters, Information Tech Management, Naval Postgraduate School
Field of Experience: Security
Courses: MGT 512 SANS Security Leadership Essentials for Managers, AUD 411 SANS 17799/27001 Security & Audit Framework, , MGT 414 SANS® +S™ Training Program for the CISSP® Certification Exam

Glen started his career in the literal trenches as a leader of Marines and has since transitioned that ethos to the 'trenches' of enterprise network and security operations. Having experience building a policy, consulting and audit practice, leading the global monitoring, response and forensic team, establishing an active audit (Red Team) capability, Glen finished this career as Commanding Officer (CISO), Network Defense, U.S. Marine Corps. Glen is currently the Vice President of Customer Success at ArcSight, focused on delivering the best-practices in people, process and technologies of ArcSight's network management and security operations solutions, to its customers. Glen is a graduate of the U.S. Naval Academy and the Naval Postgraduate School (MS, Information Systems Management) and has attained & instructed numerous certifications from ISC2, SANS and the National Security Agency.

Name: Raul Siles
Title: Faculty, Certified
Most Advanced Degree: Masters, Computer Science from UPM (Spain) and a postgraduate in Security and E-commerce
Field of Experience: Security. See details below.
Courses: SEC 504 Hacker Techniques, Exploits and Incident Handling, SEC 617 Assessing and Securing Wireless Network Security

Raul Siles is a senior security consultant with Hewlett-Packard. He has implemented numerous security solutions in various industries. Raul's expertise includes security architectures design, penetration tests, incident response, forensic analysis, system and network security assessments and hardening, intrusion detection and information security management. He is one of the few individuals who have earned the GIAC Security Expert (GSE) designation and also holds other SANS/GIAC certifications. Raul is also a SANS course author and instructor. He is a frequent security speaker, has authored a TCP/IP security book and contributed to several security articles, reviews and research projects. He is a member of the Spanish Honeynet Project and loves security challenges. He holds a Masters degree in Computer Science from UPM (Spain) and a postgraduate in Security and E-Commerce.

Name: Andrew Smith
Title: Heads European, Middle East, Africa (EMEA) Division of Faculty, Staff
Most Advanced Degree: M.S. Computer Science, B.S. Engineering

Andrew Smith has fifteen years of industry experience in corporate, operating and commercial roles.

Name: Randy Marchany
Title: Faculty, Certified
Most Advanced Degree: Master of Science MSEE, Computer Engineering, Virginia Polytechnic and State University: B.S., Computer Science, Virginia Polytechnic Institute and State University
Field of Experience: Security. See details below.
Courses: AUD 507 Auditing Networks, Perimeters and Systems, SEC 401 Security Essentials, SEC 504 Hacker Techniques, Exploits and Incident Handling

Randy is the Director of VA Tech's IT Security Laboratory and the University's Assistant IT Security Officer. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.

Name: John Strand
Title: Faculty, Certified, Staff
Most Advanced Degree: Master's Degree, Denver University
Field of Experience: Security. See details below.
Courses: SEC 504 Hacker Techniques, Exploits and Incident Handling

John Strand has been teaching SEC 504 Hacker Techniques, Exploits and Incident Handling for SANS which is related to the GIAC GCIH. He also teaches CISSP classes: SANS R +S TM Training Program for the CISSP R Certification Exam. He is currently certified GIAC Gold in the GCIH, and in the GCFW which is related to SEC 508 System Forensics, Investigation and Response. He is also a holder of the CISSP certification. He started working computer security with Accenture Consulting in the areas of intrusion detection, incident response, and vulnerability assessment/penetration testing. Currently, he is employed with Northrop Grumman specializing in DCID 6/3 PL3-PL5 (multi-level security solutions), security architectures, and program certification and accreditation preparation. He has a Master's degree from Denver University, and is currently a professor at Denver University. In his spare time he writes loud rock music and makes various futile attempts at fly-fishing.

Name: Richard Hammer
Title: Faculty, Course Advisor
Most Advanced Degree: Master of Science in Information Security Engineering, SANS Technology Institute
Field of Experience: See details below.
Courses: Course Advisor

Richard is a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, GSPA certifications, CISSP and Security+ certifications, CEH certification. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE). Richard serves on the Board of Directors of SANS Technology Institute.

Name: Restuccia, Megan
Title: Instructor, Certified
Most Advanced Degree: M.B.A. Colombia University; B.S. Computer Science, William Paterson University
Field of Experience: Security
Courses: SEC 401 SANS Security Essentials, SEC Reverse Engineering Malware; SEC 511 Cutting Edge Hacking Techniques

Megan is currently an Instructor and Mentor with SANS as well as a Solutions Engineer for Morgan Stanley. She has over 11 years experience in Information Technology with an extensive background in Networking, Unix/Linux and Windows environments, in both small and large implementations. Megan currently holds professional certifications including RHCE, CCWD, CISSP, GIAC GSEC and GIAC Certificates in GREM and GGSC. She also holds a BS in Computer Science and an MBA from Columbia University. Megan's most recent focuses were on SOX/HIPAA security regulations and training, intrusion detection and prevention, secure application coding and desktop encryption.

Name: Schultz, Engene
Title: Instructor, Certified
Most Advanced Degree: Ph.D., Cognitive Therapy, Purdue University
Field of Experience: Information Security & Technology
Courses: SEC 401 SANS Security Essentials, MGT 512 SANS Security Leadership Essentials for Managers

Dr. Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books, one on Unix security, another on Internet security, a third on Windows NT/2000 security, a fourth on incident response, and the latest on intrusion detection and prevention. He has also written over 120 published papers. Gene was the Editor-in-Chief of Computers and Security from 2002-2007, is currently on the editorial board for this journal, and is an associate editor of Network Security. He is a member of the editorial board for the SANS NewsBites, a weekly information security-related news update, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has been professor of computer science at several universities and is retired from the University of California at Berkeley. He received the NASA Technical Excellence Award, the Department of Energy Excellence Award, the Information Systems Security Association (ISSA) Professional Achievement and Honor Roll Awards, the ISACA John Kuyers Best Speaker/Best Conference Contributor Award, the Vanguard Conference Top Gun Award (for best presenter) twice, the Vanguard Chairman's Award, and the National Information Systems Security Conference Best Paper Award. Additionally, Gene has been elected to the ISSA Hall of Fame. While at Lawrence Livermore National Laboratory he founded and managed the U.S. Department of Energy's Computer Incident Advisory Capability (CIAC). He is a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.

Name: Lee, Rob
Title: Instructor, Fellow
Most Advanced Degree: M.B.A. Georgetown University, Washington D.C.; B.S. Space Operations Engineering, U.S. Air Force Academy
Field of Experience: Forensics. See details below.
Courses: SEC 508 Computer Forensics, Investigation, and Response.

Rob Lee is a member of ManTech's Computer Forensics & Intrusion Analysis Division that provides advanced computer forensics and intrusion operations support to the national security and intelligence communities. He works for commercial and government clients, providing incident response, forensics, intrusion detection, vulnerability analysis, and specialized R&D. Rob is a graduate of the U.S. Air Force Academy. He served in the U.S. Air Force performing intrusion detection while at the 609th Information Warfare Squadron. As a member of the Air Force Office of Special Investigations he performed network wiretaps, computer forensics, and conducted computer crime intrusion investigations. Rob regularly assists the Honeynet Project and coauthored the bestselling book, Know Your Enemy, 2nd Edition.

INSTRUCTORS - SANS Technology Institute

Name: Tanya Baccam
Title: Instructor, Senior
Most Advanced Degree: B.S. Dordt College, 3 Majors: Management Information Systems, Business Administration, and Accounting. Five years of credits.
Field of Experience: Security Services. See details below.
Courses: SEC 507 Auditing Networks, Perimeters and Systems, SEC 509 Securing Oracle, and other courses

Tanya is a SANS instructor, as well as a SANS courseware author. She also provides many security consulting services for clients such as system audits, vulnerability and risk assessments, database assessments, web application assessments and penetration testing. She has previously worked as the Director of Assurance Services for a security services consulting firm, as well as being the Manager of Infrastructure Security for a healthcare organization. She also served as a Manager at Deloitte & Touche in the Security Services practice. Throughout her career, she's consulted with many clients about their security architecture including areas such as perimeter security, network infrastructure design, system audits, web server security and database security. She has played an integral role in developing multiple business applications and currently holds the CPA, GCFW, GCIH, CISSP, CISM, CISA, CCNA, CCSE, CCSA and Oracle DBA certifications.

Name: George Bakos
Title: Instructor, Certified
Most Advanced Degree: Many credits in Computer Science, Science, and English Science
Field of Experience: Intrusion Detection. See details below.
Courses: SEC 401 Security Essentials, SEC 502 Firewalls, Perimeter Protection, and Virtual Private Networks, SEC 503 Intrusion Detection In-Depth, SEC 504 Hacker Techniques, Exploits and Incident Handling.

George is the senior security expert at Dartmouth College's Institute for Security Technology Studies (ISTS) where he researches cyber-terrorism and infrastructure protection technologies. His current efforts focus primarily on intrusion detection and large-scale early warning systems in support of the National Institute of Justice's Office of Science and Technology. Before coming to ISTS, George was a security engineer at Electronic Warfare Associates. This position involved audits, penetration tests, policy review and security engineering/implementations for government and commercial clients. He developed and taught the U.S Army National Guard's CERT technical curriculum and ran the NGB's Information Operations Training and Development Center research lab for two years, fielding and supporting Computer Emergency Response Teams (CERTs) nationwide. Outside the lab, George enjoys the beauties of his home state, Vermont, through skiing, ice and rock climbing, and mountain biking.

Name: Chris Brenton
Title: Instructor, Fellow
Most Advanced Degree: Electrical Engineering Courses at North Eastern in Boston
Field of Experience: Security, Incident Handling. See details below.
Courses: SEC 502 Firewalls, Perimeter Protection and Virtual Private Networks

Chris is an independent consultant who has authored many books including Mastering Network Security, Mastering Cisco Routers, and Active Defense: A Comprehensive Guide to Network Security. Chris is the lead author for the SANS Firewalls, Perimeter Protection and VPNs course. He also maintains courseware in the advanced Audit course in addition to being a SANS Instructor and a lead incident handler for SANS Internet Storm Center.

Name: Guy Bruneau
Title: Instructor, Certified
Most Advanced Degree: B.A. in Information Technology, University of Quebec
Field of Experience: Security. See details below.
Courses: SEC 503 Intrusion Detection In-Depth

Guy is a Senior Security Consultant with IPSS Inc. in Ottawa, Ontario. He works within IPSS Inc. security practice assisting clients with their Managed Security Services, Computer Intrusion Detection Operations and Deployment, Network Security Auditing, and Incident Response and Reporting. Guy has a B.A. (IT) from University of Quebec and holds the GIAC GSEC, GCIA, GCIH, GCUX certifications and is a Sun Certified System Administrator. He has been a SANS instructor, Mentor and now a Stay Sharp instructor. He is the author of the OS hardened Shadow/Snort IDS platform based on NSWCs Shadow version 1.8 where the ISO is freely available at: http://www.whitehats.ca. In his spare time, he has worked as a Technical Reviewer for New Rider, QUE Certification and SANS.

Name: Jeff Frisk
Title: Instructor, Certified, Staff
Most Advanced Degree: BS, Engineering, Rochester Institute of Technology
Field of Experience: Engineering, Project Management.
Courses:MGT 525 Project Management and Effective Communications for Security Professionals and Managers

Jeff serves as the Director of GIAC. He has worked on many projects for SANS including the On Demand product, courseware updates and GIAC exam development. Jeff has an engineering degree from RIT, The Rochester Institute of Technology. Jeff has held various positions including electronic systems and computer engineering, product development and operations management. He has many years of experience working with high-tech companies developing computer hardware and software products. Jeff has been involved with computer systems support and security for over 10 years.

Name: Galbraith, Bryce
Title: Instructor, Certified
Most Advanced Degree: Computer Science Courses
Field of Experience: Securityh
Courses: SEC 504 Hacker Techniques, Exploits, and Incident Handling, SEC 401 SANS Security Essentials

Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem Ð he never looked back. As a contributing author of the internationally bestselling book, Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies as well as being a Senior Consultant on FoundstoneÕs world renowned attack and penetration team. Bryce also served as Senior Instructor and co-author of FoundstoneÕs, ÒUltimate Hacking: Hands-OnÓ series. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a "who's who" of top companies, financial institutions, and government agencies around the globe. Bryce teaches SANS SEC 504 Hacker Techniques, Exploits and Incident Handling and SANS Security 401, Security Essentials Boot Camp for SANS Institute. Bryce is an active member of several security-related professional organizations, he speaks at a variety of conferences and holds a number of certifications: CISSP, GIAC GIAC GCIH, GSEC, CEH, CHFI, Security+. Bryce is currently Lead Consultant and co-founder of Layered Security, Inc.

Name: Jonathan Ham
Title: Instructor, Certified
Most Advanced Degree: B.A., Anthropology, University of Nebraska-Lincoln. (M.S. in progress, CIS-Information Systems Security, University of Denver. Est. Graduation: May 2008)
Field of Experience: Packet Analysis, Incident Response, Large-Scale Enterprise and Program Management
Courses: SEC 503 Intrusion Detection In-Depth, SEC 401 Security Essentials, MGT 414 SANS® +S™ Training Program for the CISSP® Certification Exam, and other courses

Jonathan is an independent consultant who specializes in large-scale enterprise security issues, from policy and procedure, through staffing and training, to scalable prevention, detection, and response technology and techniques. With a keen understanding of ROI and TCO (and an emphasis on process over products), he has helped his clients achieve greater success for over 12 years, advising in both the public and private sectors, from small upstarts to the Fortune 500. He's been commissioned to teach NCIS investigators how to use Snort, performed packet analysis from a facility more than 2000 feet underground, and chartered and trained the CIRT for one of the largest U.S. civilian Federal agencies. He currently holds the CISSP, GSEC, GCIA, and GCIH certifications, and is a member of the GIAC Advisory Board. A former combat medic, Jonathan still spends some of his time practicing a different kind of emergency response, volunteering and teaching for both the National Ski Patrol and the American Red Cross.

Name: Jim Herbeck
Title: Instructor, Certified
Most Advanced Degree: B.A., Major in Computer Science and Minor in Business Administration, University of Iowa
Field of Experience: Computer Science. See details below.
Courses: AUD 411 SANS 17799 Security and Audit Framework, AUD 507 Auditing Networks, Perimeters, and Systems, MGT 414 Training for the CISSP, SEC 401 Security Essentials, SEC 506 Securing Unix/Linux

Jim is a managing partner and principal consultant at NOUVEL Strategies, an information risk and security management company based in Geneva, Switzerland. He has spent over 20 years working with information systems in commercial, government, academic and research environments, both in the US and Europe. He received a computer science degree from the University of Iowa and has been an adjunct professor for the Computer Science Department at the University of New Mexico. Jim holds the CISSP and GCUX certifications.

Name: David Hoelzer
Title: Instructor, Fellow
Most Advanced Degree: B.S. in Information Technology, Summa Cum Laude.
Field of Experience: Intrusion Detection and Auditing. See details below.
Courses: SEC 503 Intrusion Detection In-Depth, SSEC 504 Hacker Techniques, Exploits and Incident Handling, AUD 507 Auditing Networks, Perimeters and Systems, Audit 410 IT Security Audit and Control Essentials, MGT 411 SANS 17799 Security and Audit Framework, and other courses.

David Hoelzer, Director of Consulting for Cyber-Defense (http://www.cyber-defense.org), is a high scoring SANS instructor and expert in the fields of intrusion detection, firewalls, incident handling, information security auditing, and secure infrastructure management. While he is currently serving as the adjunct Director of Site Security for SANS, he has in the past served as the Director of the GIAC Certification program for SANS, bringing the GIAC Security Expert certification to life; he continues to serve as the primary exam author for several of SANS' most challenging certifications. David is a Research Fellow in the Center for Cybermedia Research; and also a Research Fellow for ITFF/ROC (Identity Theft and Financial Fraud Research Operations Center. David is an adjunct research associate of the UNLV Cybermedia Research Lab and a Research Fellow with the Internet Forensics Lab. David holds a BS in IT, Summa Cum Laude.

Name: Mark Hofman
Title: Instructor, Certified
Most Advanced Degree: B.S., Major in Computing, Minor in Management, Northern Territory University.
Field of Experience: Security. See details below.
Courses: AUD 507 Auditing Networks, Perimeters and Systems, MGT 411 SANS 17799 Security and Audit Framework, SEC 401 SANS Security Essentials

Mark started in security in the early 90's. He has worked for state and federal government as well as the private sector and is currently working as a security consultant for Shearwater Solutions. He has been involved in many aspects of security ranging from the development of security plans and policies to AS/NZS 7799 work to designing and implementing security solutions. He has been teaching summer and winter school at a Sydney University and is currently working on a number of projects. He holds professional certifications including CISSP and GCFW.

Name:Fred Kerby
Title: Instructor, Senior
Most Advanced Degree: B.S., Mechanical Engineering, West Virginia Institute of Technology
Field of Experience: Security. See details below.
Courses: SEC 309 Introduction to Information Security

Fred is an engineer, manager, and security practitioner whose experience spans several generations of networking. He is the information assurance manager at the Naval Surface Warfare Center, Dahlgren Division and has vast experience with the political side of security incident handling. His team is one of the recipients of the SANS Security Technology Leadership Award as well as the Government Technology Leadership Award. Fred received the Navy Meritorious Civilian Service Award in recognition of his technical and management leadership in computer and network security. A frequent speaker at SANS, Fred's presentations reflect his opinions and are not the opinions of the Department of the Navy.

Name: Michael Murr
Title: Instructor, Certified
Most Advanced Degree: B.S., Major in Computer Science, Minor in Mathematics, California State University at Channel Islands
Field of Experience: Forensics. See details below.
Courses: SEC 508 Systems Forensics, Investigation and Response, SEC 504 Hacker Techniques, Exploits and Incident Handling

Michael has been a forensic analyst with Code-X Technologies for over 4 years, and has conducted numerous investigations and computer forensic examinations. Michael has Mentored SANS SEC 504 Hacker Techniques, Exploits and Incident Handling, SANS Security 508 (System Forensics, Investigation, and Response), has led SANS@Home courses and is a member of the GIAC Advisory Board. Currently, Michael holds the GCIH, GCFA, and GREM certifications and is pursuing degrees in Computer Science and Mathematics at California State University at Channel Islands.

Name: Becky Pinkard
Title: Instructor, Certified
Most Advanced Degree: B.A., Psychology, Texas A & M University
Field of Experience: See details below
Courses: SEC 401 SANS Security Essentials

Becky has worked in the information technology industry for over 10 years. She is currently a senior security manager with a Fortune 20 company where she is lucky enough to work with security technology on a daily basis. She has written and edited course, test, and lab material for SANS. Becky is a SANS Certified Instructor and has taught for the SANS Institute since 2001. She has participated as a GIAC GCIA advisory board member and on the Strategic Advisory Council for the Center for Internet Security (http://www.cisecurity.org/). She is a co-author of the Syngress book, Intrusion Prevention and Active Response, Deploying Network and Host IPS. Additionally, Becky has setup enterprise intrusion detection systems, designed patch, vulnerability and firewall strategies, performed security audits and assessments, worked forensics cases, and developed security awareness training in small and large environments. This background is rolled into her teaching style and helps give students that unique SANS experience and advantage

Name: Mike Poor, Intrusion Detection
Title: Instructor, Senior
Most Advanced Degree: Undergraduate Diploma, Combat Journalism, Brazilian Military War College.
Field of Experience: Intrusion Detection, Response, and Mitigation. See details below.
Courses: SEC 503 Intrusion Detection In-Depth, SEC 504 Hacker Techniques, Exploits and Incident Handling.

Mike is a founder and Senior Security Analyst for the DC firm Intelguardians LLC. In his recent past life he has worked for Sourcefire, as a research engineer, and for SANS leading their Intrusion Analysis Team. As a consultant, Mike conducts forensic analysis, penetration tests, vulnerability assessments, security audits and architecture reviews. His primary job focus however is in intrusion detection, response, and mitigation. Mike currently holds both GSEC and GCIA certifications and is an expert in network engineering and systems, network and web administration. Mike is an author of the international best selling Snort 2.1 book from Syngress, and is a Handler for the SANS Internet Storm Center.

Name: Stephen Sims
Title: Instructor, Certified
Most Advanced Degree: B.S., Information Technology, University of Phoenix; two years Criminal Justice, Catonsville Community College in Maryland; some MBA classes, Regis University
Field of Experience: Security
Courses: SEC 401 SANS Security Essentials

Stephen Sims is an Information Security Consultant currently working for Wells Fargo in San Francisco, CA. He has spent the past seven years in the Bay Area working for several large financial institutions on Network and Systems Security, Reverse-Engineering Malware, Risk Assessment and Management. Prior to San Francisco, Stephen worked in the Baltimore/DC area as a Network Security Engineer for companies such as General Motors and Sylvan Prometric. He is one of only a handful of individuals who holds the GIAC Security Expert (GSE) Certification and is currently working with GIAC and White Wolf Security to administer this year's exam in Las Vegas. He is a SANS certified instructor and holds several other certifications such as the CISSP and CISA and is currently co-authoring a book on exploit techniques.

Name: James Tarala
Title: Instructor, Senior
Most Advanced Degree: B.S., Linguistics, Philadelphia Biblical University. He is currently enrolled at University of Maryland in Computer Science Management focusing on Information Assurance. He earned his master's certificate and expects to complete the full degree in 2008.
Field of Experience: Security and Audit. See details below.
Courses: SEC 401 Security Essentials, All AUDIT, SEC 617 Assessing and Securing Wireless Network Security.

James Tarala is a principal consultant with Enclave Hosting, LLC and is based out of Venice, FL. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many of their auditing and security courses. As a consultant he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft based, directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues and often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.

Name: Joshua Wright
Title: Instructor, Senior
Most Advanced Degree: B.S., Information Science, Johnson and Wales University in Providence, Rhode Island.
Field of Experience: Security. See details below.
Courses: SEC 617 Assesing and Securing Wireless Networks

Joshua is the author of several papers on wireless security and intrusion analysis, and the co-author of Securing Cisco Routers: Step-by-Step, a book published by SANS. In a consulting role, he has worked with Fortune 500 companies, federal agencies, and educational institutions addressing issues related to wireless security, vulnerability assessment, and secure network design. He currently serves as the senior security researcher for Aruba Wireless Networks and is an instructor for SANS.

“SANS provides top instructors; that is what separates SANS from all other learning opportunities.” Todd Greenlaw, Telus

The SANS Technology Institute

Faculty

Version 2.1

FACULTY - SANS Technology Institute

INSTRUCTORS - SANS Technology Institute

“SANS provides top instructors; that is what separates SANS from all other learning opportunities.”
Todd Greenlaw, Telus