Brian Olson has worn a lot of different hats over the years. He has been the “hacker” as well as the defender. He has over 20 years’ experience as a technical leader with deep understanding of defending enterprises from cyber-attacks. On the offensive he has successfully compromised Fortune 500 companies in hours and on the defensive side, he has worked both host and network angles and has been a front-line responder as well. He also has diverse background in US military, contracting, consulting and industry environments from offensive and defense positions which has given him creative skills to solve challenging situations.
Brian started his career in 1998 working in desktop support after earning his first certification from CompTIA and working his way into system administration. He enjoyed breaking systems down and learning the inner workings of tech, building systems, and troubleshooting issues. After a four-year hiatus from tech to serve in the U.S. Navy as an avionics technician (AT2), Brian returned to tech in an information security role. Since 2007, he has filled a variety of different roles in information security, including network and host forensic analyst, red team member, security engineer, and incident responder. Brian particularly liked fighting the good fight as an incident responder.
Brian currently works at Meta (formerly Facebook) and supports a team responsible for detecting malicious or unexpected activity on all network environments across the organization.
“As a manager, I have been most proud to help the individual contributors on my team to better focus on what matters, where we can make the biggest difference, and how we can become hugely impactful contributors to the team and the company,” he explains. “In this field we tend to be generalists who can do nearly anything, and we often get asked to help on all kinds of projects. But like so many things in life, just because we can doesn’t mean we should. In many ways, we can make the biggest difference when we focus our energy on the areas that most require our unique abilities.”
As a SANS Instructor, Brian currently teaches FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response, which focuses on key concepts such as how to know what data is available and where it can be found to help fill in gaps in the story and solve investigations. “In class we talk about these challenges in terms of balancing business needs, technical capabilities, and overall efficiencies,” Brian said. “I’ve worked in a large variety of environments, corporate cultures, and roles, so I can engage any student and have a thoughtful conversation about any topic.”
Network forensics has so much potential, and Brian especially loves to share what he has learned over the years on this topic. His main goal as a teacher is to help his students understand the core concepts.
“I share some of the creative solutions I’ve applied in various situations as a seed to grow additional creative solutions. But I don’t have a crystal ball for every situation in every environment. You know your environment better than anyone else. Get creative and think of the ways that you can achieve your goals with whatever you have in your toolbox or learn how to put more tools in that same toolbox.”
In the classroom, Brian enjoys when students have that “ah-ha” moment that shows they are getting it.
“Whether it’s related to gaining visibility to better understand their environment or new ways to identify malicious activity using the data they already have available, I can see their wheels turning!’
Brian recalls an investigation he once worked on in which where an insider was discovered snooping on customer data. “Through the evidence we had available we were able to identify a small number of victims, but there were some data integrity concerns identified that left us uncertain that we had the complete set,” Brian recalled. “We had a small window of opportunity to physically visit a data center to collect additional evidence, which we did, and that led to the discovery of 10x more victims.” Brian notes that in that case, knowing the potential sources of evidence and the many ways to access that evidence gave him and his team more certainty that they could scope the incident accurately, exhausting all options, and notify the complete set of victims.
“We could have settled with what we had, and it would have been a nice win, and our findings wouldn’t have been wrong. But it wasn’t the right thing to do. My teams always go that extra mile to do the absolute best we can.”
Brian has a master’s degree in Information Security from the University of Maryland Global Campus (UMGC) along with many industry certifications, including the GIAC Network Forensics Analyst (GNFA), the GIAC Certified Forensic Examiner, and the Certified Information Systems Security Professional (CISSP). He previously taught the Cybersecurity Operations course at Capitol Technology University.
As both a manager and a teacher, Brian takes particular pride in guiding people towards a rewarding career. But he also sees value in what he can continuously learn from others. “I usually say to my students, ‘I’ve been there and done that, so let me share my knowledge and experiences with you so you can do it better, faster, and more effectively.’ But then I want them to share back with me so I can learn from their unique experiences too!”
Outside of work Brian enjoys all-things tech, traveling, and finding local spots with good food and drinks.
- Over 20 years’ experience as a technical leader with deep understanding of defending enterprises from cyber-attacks
- Diverse background in US military, contracting, consulting and industry environments from offensive and defense positions which has given him creative skills to solve challenging investigation situations
- Brian currently works at Meta (formerly Facebook) and supports a team responsible for detecting malicious or unexpected activity on all network environments across the organization
- Instructor for the FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response course
Get to Know Brian Olson
- Brian has a master’s degree in Information Security from the University of Maryland Global Campus (UMGC)
- Brian holds the GIAC Network Forensics Analyst (GNFA), the GIAC Certified Forensic Examiner, and the Certified Information Systems Security Professional (CISSP).
- He previously taught the Cybersecurity Operations course at Capitol Technology University.
Hear Brian talk about Live Response with Ansible: