Phill Moore

Whether providing evidence to prosecute an offender, stopping an attacker, or saving a business, Phill says that the impact his DFIR work has on people's lives makes it all feel worthwhile. He has extended his footprint through his research and his work as a SANS as FOR500: Windows Forensic Analysis and FOR528: Ransomware and Cyber Extortion course instructor.

"On a number of occasions, I've had people reach out to me to say that something I've shared or research I've done has helped them with a conviction, and that's really rewarding," Phill explains.

Throughout his career, Phill has analyzed digital evidence on thousands of devices - assisting in criminal and civil investigations, as well as all things threat hunting and incident response. Phill specialized in business email compromise and ransomware investigations and now works at Microsoft as a Principal Security Researcher.

Phill has also maintained the essential community and award-winning resource, This Week in 4n6, for over a decade; "I try to keep as close to the people pushing the industry forward as I can," he says. "We can all get better by encouraging our peers to document the research they're doing and share it to help the community validate and improve our understanding."

He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.