Governance: Board of Directors


STI Board of Directors
Directors Representation
Bill LockhartChairman
Dennis KirbyVice Chairman
Scott CassityGIAC
Richard HammerSTI Alumni
Thomas JohnsonHigher Education Community
Ronald PhippsHigher Education Community
Dave ShacklefordInformation Security Community
Ed SkoudisInformation Security Community
Lenny ZeltserInformation Security Community
Alan Paller (Non-Voting Member)Ex-Officio Member, STI President
*Meet in-person annually, most interim votes done via email, special meetings option
*NEXT ANNUAL MEETING: SANSFIRE 2015, residential institution (June 2015)
*Board Members terms were renewed for 3 years commencing Annual Meeting July 2012

Lockhart, Bill

  • Most Advanced Degree
    MBA, Harvard Business School
  • Director of Strategy

Bill Lockhart serves as the Executive Director of the SANS Technology Institute, working with President Paller to oversee strategy and manage all school operations, including student and enrollment management, finance, marketing, technology support, and regulatory affairs.  President Paller claims that Bill joined SANS, following a successful, fifteen year career as a Managing Director and portfolio manager for multi-billion dollar investment firms, so that "he could finally do something useful."  Bill brings a wide variety of industry, management, and functional experiences to SANS, from serving on the Board of a publicly-traded company, advising global firms as a strategy and marketing consultant, to founding and growing his own business as an entrepreneur.  Bill earned his MBA from the Harvard Business School, and his B.A. from Yale University.

Kirby, Dennis

  • Most Advanced Degree
    MBA, Harvard Business School
  • Field of Experience
    See details below.

Dennis Kirby is a director at the SANS Institute where he oversees the Forensics, Pen Testing, Audit, Application Security, and Cyber Defense curricula along with other operational functions in the company. He is a graduate of the United States Military Academy and served with the 101st Airborne Division for over four years including as Company Commander of a UH-60 Blackhawk Assault Helicopter Company of the 101st Aviation Regiment and served with the 101st Airborne Division during Operations Desert Shield and Storm. His awards and decorations include the Bronze Star Medal, the Meritorious Service Medal, the Army Aviator, Parachutist and Air Assault Badges. He went on to earn his MBA from Harvard Business School and after a stint at John Deere and in investment banking, he took on management roles in two private equity firms focused on control investments to rehabilitate distressed and underperforming middle-market companies. He led acquisitions with an aggregate value of over $1 billion and served on the board of directors of several companies.

Cassity, Scott

  • Most Advanced Degree
    MBA, Vanderbilt University Owen Graduate School of Management; BBA, University of Kentucky
  • Field of Experience
    See details below.
  • GIAC Representative

Scott Cassity, Managing Director of GIAC, provides executive leadership to the Global Information Assurance Certification (GIAC) organization. In this role, Scott provides general management, strategic direction and leadership for GIAC. He is responsible for all aspects of the GIAC organization including financial, marketing, personnel, and operations support. Scottās responsibilities also include internal and external client interaction including the SANS Sales Team, Department of Defense and Enterprise clients.

Scott was previously a principal/partner of a healthcare real estate development and consulting firm. During his tenure with his past company he developed over $70 million of successful real estate projects with his partners and clients. He also initiated or closed real estate transactions in excess of $100 million. His business expertise includes growing new businesses, financial analysis, risk assessment and a genuine interest in new business ventures. Scott has also worked in the securities and healthcare industries.

Scott also serves several non-profit endeavors in his community. He is the current President of ChildHelp of East Tennessee, a childrenās advocacy organization.

Hammer, Richard

  • Most Advanced Degree
    M.S., Information Security Engineering, SANS Technology Institute
  • STI Course Advisor
  • Director on the Board of SANS Technology Institute

Richard is currently a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, and GSPA certifications. He is a former Chair/Vice Chair of the GCFW advisory board and was the first graduate of the SANS Technology Institute (MSISE).

Johnson, Thomas

  • Higher Education Community Representative

Dr. Johnson is Associate Vice President and Chief of Strategic Initiatives at Webster University. Dr. Johnson also serves as co-founder and Chairman of the Board of Directors of the California Sciences Institute, a non-profit-public benefit corporation located in Livermore, California and dedicated to research and science education. He received his Bachelor's and Master's degrees from Michigan State University and his Doctorate from the University of California - Berkeley.

Dr. Johnson has published 6 books, 13 referred articles; holds copyright on 4 software programs and has lectured at the Strategic Studies Institute of the U.S. Army War College. In addition to lecturing at the U.S. Army War College, Carlisle Barracks, he has also lectured at the Federal Law Enforcement Training Center, and numerous universities.

Phipps, Ronald

  • Higher Education Community Representative

Ron Phipps is a Senior Associate at the Institute for Higher Education Policy where he manages projects related to financing of higher education, statewide governance and administration, distance learning and technology, and other topics in the field of higher education policy. Dr. Phipps is the author of the definitive study of distance learning in higher education, Quality on the Line, which addressed benchmarks for success in Internet-based distance education. Dr. Phipps has managed several large-scale analysis projects in support of state higher education agencies and educational institutions in Russia and other countries. Dr. Phipps has almost four decades of higher education experience as a higher education administrator, researcher, and analyst. He previously served as Executive Director of the Alaska Commission on Postsecondary Education and as Assistant Secretary of the Maryland Higher Education Commission, where he conducted and supervised policy analysis, planning, and research.

Shackleford, Dave

  • Most Advanced Degree
    Masters in Business Administration, Georgia State University
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security:

Protecting Virtualized Environments, as well as the coauthor of Hands-On Information Security from Course Technology. Recently Dave coauthored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Dave knows his stuff and explains the material in an easy-to-understand way. - Jonathan O'Neal,

Skoudis, Ed

  • Most Advanced Degree
    M.S., Information Networking, Carnegie Mellon University; and B.S. Electrical Engineering, University of Michigan, Summa Cum Laude.
  • Field of Experience
    Incident Handling, Expertise in Hacker Attacks and Defenses, Information Security Industry, and Computer Privacy Issues. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Faculty Fellow
  • Course Lead
  • STI Faculty Advisor

Ed Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals. He is a SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. His courses distill the essence of real-world, front-line case studies he accumulates because he is consistently one of the first experts brought in to provide after-attack analysis on major breaches where credit card and other sensitive financial data is lost.  

Ed led the team that built NetWars, the low-cost, widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. His team also built CyberCity, the fully authentic urban cyber warfare simulator that was featured on the front page of the Washington Post. He was also the expert called in by the White House to test the security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and lead the team that first publicly demonstrated significant security flaws in virtual machine technology.  He has a rare capability of translating advanced technical knowledge into easy-to-master guidance as the popularity of his step-by-step Counter Hack books testifies.

Student Testimonials:
"Getting the war stories from Ed as part of the material helps me understand how things really happen." - Kevin Eveker, IDA

"Ed is a fantastic and charismatic instructor who helps get the key points across to students." - Thomas Rogers, Chevron

"Ed is one of the best instructors I have ever had. It's no secret why he is such a world class pen-tester!" - Patrick McCoy, KEYW

"Ed pulls all of the available knowledge into a very understandable easy to digest format." - Bill Hinds, PMI

Zeltser, Lenny

  • Most Advanced Degree
    M.B.A. from M.I.T.
  • Field of Experience
    Security. See details below.
  • Director on the Board of SANS Technology Institute
  • SANS Senior Instructor
  • Course Lead
  • STI Committee Member

Lenny Zeltser is a seasoned business and tech leader with extensive information security expertise. As a product portfolio owner at NCR, he delivers the financial success and expansion of the company's security services and SaaS products. Beforehand, as the national lead of the security consulting practice at Savvis (acquired by CenturyLink), he managed the US team of service professionals, aligning their expertise to the firm's cloud solutions.

Lenny helped shape global infosec practices by teaching incident response and malware defenses at SANS Institute and by sharing knowledge through writing, public speaking and community projects. Lenny has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit used by malware analysts throughout the world. His approaches to business and technology are built upon work experience, independent research, a Computer Science degree from the University of Pennsylvania and an MBA degree from MIT Sloan.

Lenny's expertise is strongest at the intersection of business, technology and information security and spans incident response, infosec cloud services and business strategy. To get a sense for his thought process and knowledge areas, take a look at his blog at

"Lenny presented a wealth of knowledge, tied it together smoothly, and I am leaving with exponentially more knowledge." - David Werden, NGIS

Paller, Alan

  • Most Advanced Degree
    Master of Engineering, Massachusetts Institute of Technology
  • Field of Experience
    Public Policy and Marketing Security in Large Organizations. See details below.
  • President of SANS Technology Institute
  • Advisor on Presentations

Alan Paller is the president for SANS Technology Institute and director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet's early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

He earned his Bachelor's of Science in Engineering at Cornell University and a Master of Engineering from the Massachusetts Institute of Technology.