Profile
Michael Hennick has always found computers fascinating and spent much of his time in high school programming or building/fixing computers for the school labs. While pursuing his bachelor's degree, he worked for a company that had a contract with the USPS to assist companies in building web applications that could interface with the backend USPS systems to calculate shipping rates, track packages, print shipping labels, etc - the origins of "e-commerce". While working this job, he reviewed the source code for many companies and provided tweaks or fixes to enable them to successfully connect with the USPS systems. While doing so, he witnessed how easy it was to break web applications and/or back end systems.
Michael began wanting to know more about how to break systems and started learning more about hacking. The internet was still young, so he used BBS and UseNet newsgroups to attempt to learn what he could. One evening, he accessed a malicious message via newgroup, which killed his computer. Rather than deterring him, this simply made Michael more curious. Once he rebuilt his computer, he set out to not just understand the attack that happened but figure out how to prevent it. He then came across Richard Bejtlich's Tao of Network Security Monitoring, and it changed his outlook on "computer security" to refocus on "network security" and thus began his love of packets and network monitoring.
One could say, Michael didn't choose the field, the field chose him. When he initially started his career, cybersecurity wasn't a field and his perspective on it was that it was simply something all system and network administrators needed to adopt and understand to better protect their systems. While finishing up a physical move of a company, he was inventorying network cables and ensuring all servers were properly plugged in (using the correct color cable to follow the standards we attempted to establish). When reviewing the servers that were deemed "security" systems, he noticed they didn't appear to be properly plugged in or working. When he discussed this with his boss, it led to him being tasked being in charge of them, at which point his primary focus became establishing proper cybersecurity capabilities for the company.
Michael now has over 20 years of experience building IT infrastructure and securing it. Throughout his career, he’s approached the task at hand with an eye for security, whether that included development, system administration, or network architecture and design. That's lead to his current role overseeing all aspects of what we've deemed "Cyber Operations", to include proper design and architecture for defense, proactive threat hunting and offensive assessments against what's been built, and performing incident response as necessary, all while applying the proper governance, risk, and compliance requirements.
Michael values every time he hears from a former student who is able to take what they’d discussed in a class and make use of it to better themselves. And the highlight of his career in cybersecurity continues to be the fact that every day, there's something new to either handle, or learn, and it keeps his days interesting.
Michael has always advocated for taking SANS classes due to their immediate value and relevance as well as believing in their mission and brand. SANS has always been a world-class organization and Michael says it’s a privilege to join SANS as an instructor. Michael teaches SEC511: Continuous Monitoring and Security Operations, and SEC455: SIEM Design and Implementation.
His teaching philosophy has developed based on his own experiences as a student. As an instructor, he gladly discusses the course material, but prefers interaction from the student and going beyond the basic course material. Dialogue always leads to additional perspectives, which everyone can learn from and enrich the learning of the material itself. He enjoys learning from students as much as he enjoys teaching them.
Michael loves all things cybersecurity, and often finds it difficult to pick a favorite focus area. While he enjoys offensive strategies and red teaming, he favors blue team operations because, in his opinion, it's more fun. The SANS Blue team curriculum focuses on strategic and innovative solutions that really help any defender up their game and give the red team a run for their money.
With over 20 years of experience in the IT industry, Michael has held roles and gained first-hand experience in positions ranging from software development, technical support, system, database, and network administration, network design and architecture, penetration testing, and incident response.
Michael has a Masters of Professional Studies in Cybersecurity from the University of Maryland, Baltimore County (UMBC). He maintains the GIAC GMON, GDSA, GCDA, GDAT, GWAPT, GMOB, GAWN, GNFA, GASF, and GREM certifications as well as numerous other vendor and industry certifications including CISSP, and PMP. He is also a member of the Baltimore chapters of FBIs Infragard, NCMS, and the Information Systems Security Association (ISSA).