Eric Capuano

Eric Capuano injects his passion for forensics into every facet of his life. "There is nothing dull or boring about studying advanced adversarial tactics in an effort to become a highly effective defender," he says, comparing this work to a never-ending game of chess where the impacts are real, the stakes are high, and a passion for the game makes it worthwhile to play.

Eric's career in information security has centered around defending critical networks, often tied to national security or similarly important missions, starting as an information security tactics developer for the United States Air Force. Later, he specialized in intrusion detection signature development, and since departing active duty he has lead cybersecurity operations in both private and government entities.

More About Eric


Today Eric serves as founder and CTO of Recon Infosec, a provider of managed security services and network defense range simulations. Previously, Eric managed the Security Operations Center for the Texas Department of Public Safety, where he singlehandedly built the agency's first CSIRT, and is an instructor for SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting, a role he's proud to fill.

"I firmly believe there is no higher quality training program, in this field or many others for that matter, than SANS," says Eric. "The seamless combination of world-class expert instructors and highly relevant, in-depth course material is unparalleled in any other program I have encountered."

In addition to these roles, Eric continues to serve part-time in the Texas Air National Guard as a Cyber Warfare Operator. He also leads the team that develops and runs, a DFIR CTF, at the Blue Team Village at DEF CON each year. Even in his spare time, Eric enjoys tinkering in Python, analyzing malware, authoring threat signatures/IOCs, and developing/maintaining honeypots and deception systems.

Eric routinely leverages Windows forensics skills in support of defensive and incident response operations as well as providing support to law enforcement. This experience enables Eric to provide real-world forensics experience not only for LE/investigative purposes, but also for identifying attack methods and infection timelines of compromised systems. He has a passion for detailed threat analysis and uses those skills to bolster defensive postures by leveraging defense-in-depth methodologies.

Eric's raw passion for forensics shines through in the classroom as well, giving him a connection with students from a wide variety of backgrounds. Eric utilizes a range of methods to ensure each of his students has an "ah-ha" moment with the material he's teaching, along with conveying the importance of attention to detail and uncompromised integrity with investigations. "My goal as an instructor is to teach not only the technical skills required to perform the job, but also the core principles and processes that must be followed to preserve accuracy and fidelity in your investigations," he says.

A mentor and teacher at heart, Eric's greatest career highlight is centered around his role as an instructor. "While I sincerely love the technical, hands-on aspect of the job, I feel my most significant accomplishment is the time spent working with analysts that I have had the distinctive honor to train over the years," he says. "By sharing my passion, knowledge, and lessons learned, I hope that I have boosted their careers and helped them quickly identify the areas of this field that they will enjoy the most."

In one memorable situation, a young undergrad was participating in an incident response simulation that Eric was operating at a local security conference. "This young lady had no prior experience in this field but through sheer dedication and drive took first place over 42 other participants in the event," he says. "I found out a few weeks later that the employer of a few other participants in that challenge had offered her a job shortly after her accomplishment that day." Seeing the ripple effect of his efforts was incredibly rewarding and humbling experience for Eric.

Eric is GIAC GCFE, GIAC GCFA, Certified Ethical Hacker, Security+, Linux+, LPIC-1, PCNSE, and A+ certified. He shares opinions and techniques centered around information security on his blog at, and supports and contributes to open source projects in his spare time. "I enjoy leveraging Python to automate security operations to make life easier for analysts and to enhance effectiveness of security teams," he says.

An avid adventure motorcycle rider, Eric's ideal weekend is loading up his motorcycle and heading to the mountains for camping and adventure.


DEF CON 25 Packet Hacking Village - Eric Capuano - Go Beyond Tabletop Scenarios

Ops track 01/30/19 - Effective threat Hunting with Open Source Tools