Tim Medin

After watching the movie Sneakers, Tim Medin knew the career path he wanted to pursue. "I saw the movie and wanted to break into places and hack thinks," he says. Infosec was the perfect fit. "I love hacking, and I can get paid to do it!"

Tim began his security career in 2008 with a role at AgStar Financial Services (now Compeer Financial), and since then has worked for FishNet Security (now Optiv) and Counter Hack. Today, he's the founder and principal consultant at Red Siege where he manages the company and hacks things, his favorite role so far because he gets to lead a team of smart hackers and run a business.

A SANS instructor since 2012, Tim is currently the program director for the SANS Master of Science in Information Security Engineering (MSISE) curriculum, as well as a principal instructor and course author. In the classroom, you'll find him teaching SEC560: Network Penetration Testing and Ethical Hacking and SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking.

Through the course of his career, Tim's had the opportunity to hack some of the best and biggest companies on earth and get a sneak peek inside cutting-edge technology before it's publicly released. He has performed penetration tests on a wide range of organizations and technologies in industries including control systems, higher education, financial services, and manufacturing, and brings years of practical experience and stories from himself and his team to his SANS students.

Tim says an eagerness to learn, and an openness to see things differently are keys for success in his classroom. "I really enjoy seeing students break through their current way of thinking and see technology and data differently," he says.

And those lessons can have a lasting impact. "Years ago I had a high school student in a one-day class who came up to me years later and showed me he was doing penetration testing at a major company," says Tim. "It was amazing to see him develop himself and see his transformation."

Tim is an experienced international speaker and the creator of Kerberoasting, a widely-used technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. He has an MBA from the University of Texas, holds the GWAPT, GPEN, GMOB, GCED, and GCIH certifications, and previously held the CCNA certification.

In his free time, you'll find Tim watching sports, appreciating a good beer, and running.

Summary of Credentials

Qualifications Summary

Get to Know Tim Medin




Student Quotes

  • "Tim is a great instructor, I really enjoyed the live demos and the style of his teaching. He really keeps you engaged." - Drew Davis, Rook Security


  • GPEN (GIAC Certified Penetration Tester)
  • GWAPT (GIAC Web Application Penetration Tester)
  • GCED (GIAC Certified Enterprise Defender)
  • GMOB (GIAC Mobile Device Security Analyst)
  • GCIH (GIAC Certified Incident Handler)