After retiring from active RAF duty, Steve founded Logically Secure in 2006 to provide specialist security advice to government departments, defence contractors, the online video gaming industry, and music and film labels worldwide. Steve directed the development of the company’s own internally developed incident response platform, CyberCPR, while also coordinating the delivery of penetration testing and consultant services throughout the world.
In 2004, Steve started to teach for SANS, starting with Community instruction of SEC504.He saw this as a way of helping others, and giving back to the community as he loved “seeing that magical look on people’s faces when they get an earth shattering concept for the first time.”
Having supported them for over 7 years as a contractor, Steve sold his company in 2018 and took a full time position at Electronic Arts (EA Games) where he was the Director of Incident Response.There he led the more complex incidents relating to FIFA, Apex Legends, SIMS4, Need for Speed and the Battlefield franchises.He recalls the professional challenges as the Incident Commander during the publicly reported 2021 compromise and data leak. Working with various Law Enforcement departments they managed to identify the culprits and secure arrests.Finally, as a diligent investigator Steve worked as part of a multi-disciplined team including Game Studio and Platform security staff that identified Apex game lead sources and successfully shut them down.
In mid 2022 Steve left EA and moved into the Finance Sector as he sought new challenges and hands on understanding of technical risk management in a highly regulated industry.
As an instructor, Steve brings years of experience working in a variety of situations, and a good dose of fun, to the classroom. “I've dealt with incidents at scale and for always-on organizations. I have worked on various sized incidents ranging in size from small incidents with one of two systems to huge, advanced incursions with around 1500 systems compromised. I've also helped small organizations with limited tools and almost zero budget to improve visibility and response times,” he says. He loves teaching the technical aspects of IR on the SEC504 and the management aspects of dealing with major incidents in MGT553; the latter being built upon his many years in the field leading incident teams dealing with major and critical level breaches and attacks.
Steve can be found teaching either SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and his own course MGT553:Cyber Incident Management that was launched in 2022.
A frequent speaker at Steelcon, and DefCon (Group DC441452), Steve holds GCIH, GPEN, GCFA, GCDA, GYPC and CISSP certifications. He has appeared on national television and radio discussing cyber security, is regularly quoted in the press.
When he’s not working and teaching, you’ll find Steve playing Apex Legends or TitanFall2, tinkering with home automation or tending to his beehives.
- 25+ year information security veteran
- Author of the new MGT553: Cyber Incident Management course
- Principal instructor for SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- Frequent speaker at Steelcon, and a co-founder of the DefCon Group DC441452.
- Formerly led the UK Royal Air Force’s penetration and TEMPEST testing teams
- Co-Founder of AG Cyber
- Holds a US Patent for Incident Response platforms.
- GCIH (GIAC Certified Incident Handler)
- GCFA (GIAC Certified Forensic Analyst)
- GCDA (GIAC Certified Detection Analyst)
- GPEN (GIAC Penetration Tester)
- GPYC (GIAC Python Coder)
- Former CISSP (Certified Information Systems Security Professional)
ADDITIONAL CONTRIBUTIONS BY Steve Armstrong-Godwin:
A small blog at https://www.incidentmgt.com