Justin Henderson

Justin is the co-founder of H&A Security Solutions, LLC, a company that deploys, maintains, and tunes SIEM, NSM, and other solutions for organizations. Justin also maintains one of the largest security onion deployments in the world with over 1200 network sensors. He is a passionate security architect and researcher who’s experience in cybersecurity started at the age of thirteen when he began providing professional services to organizations. Justin was the 13th GSE to become both a red and blue SANS Cyber Guardian and holds over 60 industry certifications. As the author of SEC555 and co-author of SEC530, he’s able to bring his encyclopedia of IT knowledge into the classroom.

More About Justin


Justin began his path in cybersecurity at the age of thirteen. Initially, he’d deploy domain controllers, patch systems, and asset management. Then services evolved to deploying globally scaling, enterprise network security monitoring, SIEM, PKI, Windows security, and much more. He also had the privilege of training upcoming computer network defense (CND) analysts within the military.

He’s also experienced working with commercial vendors in evolving their products into better solutions. He’s worked with the Elastic Stack to incorporate more log enrichment techniques and to encourage them to develop the Elastic Common Schema. Justin believes that "as Iron sharpens iron, so one man sharpens another" (Proverbs 27:17); and the security community is a living breathing thing and the more we invest in one another the more we all benefit. As a result, he loves working with people and providing as much value possible to his students and online community.

Justin fell in love with the constant challenge that security poses. Yes, there are basic principals but technology, and processes are constantly shifting and changing. Security challenges you to keep up your game and learn constantly. He also believes this career field suffers from issues in supply and demand. Companies are demanding more information security professionals yet the supply of experienced professionals is low. Because of this, infosec professionals are often pushed into roles that they are not properly equipped to handle. To offset this, Justin continuously release courses, blogs, and webcasts to guide students to a jump start methodology of performing their job duties. Actionable content is hard to acquire so he tries to be a source of such information.

Justin continues to see and hear successes from two sources: prior students and upcoming instructors teaching his courseware. Being able to mentor and coach individuals and see the range of experience in the field is eye-opening. One of his students went from being a truck driver into an information security career. Some students come to class feeling deflated, in the wrong role, and that keeping up with the everchanging technology is impossible. Justin’s passionate about building them up and giving them the tools to succeed. He’s seen those same students given large promotions or move into leadership roles with a major shift in confidence.

With 60+ certifications (GSE # 108, Cyber Guardian Blue and Red, CISSP, ITIL Expert, MCSE, and many more), Justin has been through a lot of training and says that SANS instructors are the best he’d had the privilege to learn from. Becoming a SANS instructor became a personal challenge to see if he had what it takes to join the ranks of those before him.

Currently, Justin holds a bachelors of science in Network Design and Administration from Western Governors University and has over 60 certifications some of which are below: Networking - Cisco Certified Network Associate Virtualization - VMware Certified Professional 5 and VMware Certified Professional 5: Desktop Database - MySQL 5 Database Administrator Governance/Service/Project Management - Project Management Professional, ITIL Continual Service Improvement, Certified in Risk and Information Systems Control, Certified Information Security Manager Microsoft - Microsoft Certified Information Technology Professional: Enterprise Administrator and Microsoft Certified Security Engineer 2003: Security Security - GIAC Penetration Tester, GIAC Windows Security Administrator Certification, Licensed Penetration Tester, Certified Ethical Hacker v5, Computer Hacking Forensics Investigator, EC-Council Certified Security Analyst, Tenable Certified Nessus Auditor, Certified Sonicwall Security Administrator, Certified Information Systems Security Professional, Security+ Justin has also taught Network Security at Lake Land College and is a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Some of his other achievements include mentoring individuals in the Information Technology field as well as developing the virtual dojo, a fully automated Cloud Computing solution showcase environment.

Justin has two hobbies: spending time with his family and maintaining a hobby farm. He’s a Christian led man who firmly believes in the value of family and friends. He spends his free time with his kids and wife at their hobby farm. He has the standard horses, goats, chickens, geese, rabbits, dogs, and cats. But the farm also includes miniature horses, miniature cows, and miniature donkeys. He has the hobby farm for his own personal enjoyment but also works with youth ministry to share the farm experiences with children. Interacting with animals and having a safe environment opens the hearts of young and old alike. It allows life-altering moments and healing, and he’s proud and humbled to be able to share those experiences with others.

Some of his other achievements include mentoring individuals in the Information Technology field as well as developing the virtual dojo, a fully automated Cloud Computing solution showcase environment.

Here is a SANS Summit presentation by Justin Henderson


-- Building an Enterprise Grade Home Lab, May 2020
-- Cloud Logging and Security, February 2020
-- Beyond detection: An Exploration of Key Pillars of the Next-gen SIEM, November 2019
-- Untapped Potential: Getting the most out of your SIEM, October 2019
-- SIEMtervention, October 2018
-- Social Engineering Your Way to Success
-- How to Build and Maintain an Open Source SIEM


Please visit https://github.com/HASecuritySolutions