After retiring from active duty, Steve worked at Electronic Arts before founding Logically Secure in 2006 to provide specialist security advice to government departments, defense contractors, the online video gaming industry, and music and film labels worldwide. In his role at the company, Steve directs developers of the company’s incident response platform, CyberCPR, on the needs of incident response teams, coordinates penetration testing and consultants throughout the world, supports staff development, and delivers in-house training on the latest technologies, security attacks, and detection/response methods.
And while Steve provides penetration testing and incident response services for some of the biggest names in gaming and music media, he also works to support small and medium enterprises. “We give away our IR Management platform (CyberCPR) for free for three users,” he says. “This allows many small teams to use an enterprise supported product at no cost to them.”
In 2006, Steve became a SANS instructor as another way of helping others, giving back to the community, and “seeing that magical look on peoples faces when they get an earth shattering concept for the first time.” Today, you’ll find him teaching SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling.
In the classroom, Steve enjoys seeing students make connections, recalling a particularly memorable experience in his SEC617 course. “I explained a DDOS attack vector in the classroom and a student shouted "dang it" and rushed out to make a call,” Steve remembers. “He explained later that I had just identified the problem they had been trying to track down for months. With the mitigation I outlined they fixed the problem before the end of the course.”
As an instructor, Steve brings years of experience working in a variety of situations, and a good dose of fun, to the classroom. “I've dealt with incidents at scale and for always-on organizations. I have worked on small incidents one of two systems to huge APT incursions with 1500+ systems compromised. I've worked with small organizations with limited tools and almost zero budget and still helped them improve visibility and response times,” he says. Steve also takes his curriculum beyond tools, teaching his students how to brief executives in a way understandable to them and how to brief staff in a way that enables them to work faster and more efficiently.
A frequent speaker at 44con, Steelcon, and DefCon (Group DC441452), Steve holds GPEN, GCIH, GCFA, and CISSP certifications. He has appeared on national television and radio discussing cyber security, is regularly quoted in the press, and maintains an active blog.
When he’s not working and teaching, you’ll find Steve playing TitanFall2 or Battlefield to let off steam, building 3D-printed gadgets for raspberry PIs, developing collaborative DFIR tools, and flying drones.
- 25+ year information security veteran
- Certified instructor for SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- Frequent speaker at 44con, Steelcon, and DefCon (Group DC441452)
- Formerly led the UK Royal Air Force’s penetration and TEMPEST testing teams
- Founder of Logically Secure
- GPEN (GIAC Penetration Tester)
- GCIH (GIAC Certified Incident Handler)
- GCFA (GIAC Certified Forensic Analyst)
- CISSP (Certified Information Systems Security Professional)
ADDITIONAL CONTRIBUTIONS BY STEVE ARMSTRONG: