Like many in security, Tarot (Taz) started off in the military working in various Intelligence roles covering from SIGINT / Electronic Warfare (EW) and HUMINT activities in an offensive role to running Counterintelligence (CI) tasks protecting national assets. As the threat of Internet-delivered attacks increased, this became a greater area of focus of his as he realized how dangerous these were, not just to Governments, but to everyone.
“We live in an age where pretty much everything people do is connected in one way or another, which opens the doors for malicious activity. When I left the Army, I formed my own company in 2010, successfully helping organizations defend against a variety of attacks and I've never looked back!”
He spent two years running the Cyber Security Incident Response Team (CSIRT) for a top 10 FTSE100, multinational dealing with everything from commodity malware to advanced threats. As a consultant, he built SOCs, IR, and threat hunting teams at a range of organizations from large financial services providers, retail organizations, manufacturing, and IT Services.
These days Taz is a Director, at Halkyn Consulting, Ltd., where he provides incident response, risk management, security compliance assessments, and awareness training. At SANS he is the author of the FOR577: LINUX Incident Response & Threat Hunting course and he also teaches the FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics course.
“SANS offers the best training in the world. It combines relevant & well-designed courses with world-leading instructors who are active practitioners. I wanted to become a SANS instructor to give back to an awesome community I've been part of for so long; to share my own knowledge & experience (often painfully learned); and to help improve the overall standard of security across every business sector”
Taz believes that learning should be enjoyable and rewarding. “We should never stop learning, so we need to become passionate about the topic. The threats we defend against are constantly improving, so as incident responders, forensic investigators, and threat hunters we need to constantly improve.” That is one of the passions he wishes to pass along to students, to encourage them, nurture them, and push them to achieve more and help improve the collective references we have against advanced adversaries.
“Threat Hunting and Incident Response is foundational to all security” he says. “Being able to find advanced attackers who think they have hidden their tracks is an amazing feeling. Pulling on strings to find hidden details becomes addictive and unravelling complex attacks is one of the most rewarding activities in security”. As an instructor for FOR508, Taz brings a background of intelligence investigations combined with offensive and defensive experience. This means he can help give insights into the attacker’s mind, why they might do things, and help people level up their threat hunting.
“Like all SANS courses, FOR508 covers a wide range of topics in a very short space of time. There is a lot of information to take in and if they are new to Enterprise Incident Response, it can feel overwhelming. However, the FOR508 topics are explained in detail. Students are given real-world examples to help cement the concepts and provide tips, tricks, and techniques they can use immediately. “There are plenty of opportunity for Q&A,” he says, and the course discussions give students the opportunity to make sure they understand concepts in the context of their day-to-day job.”
Taz experience have taught him an important lesson, every successful incident resolution is a highlight as it means someone, or some organization, is better, more secure, and able to return to normal life. However what has made him the proudest during his career, has been to watch a fellow professional he has mentored, successfully delivering evidence in court; using standard threat hunting techniques to discover a long term attacker stealing intellectual property which had been missed by multiple security tools. Seen these individuals fighting the good fight every day and catching an attack in-flight and respond quickly enough to get ahead of their exploitation to defend the environment, has been in his opining his greatest achievement throughout the years.
As an incident responder at heart, spare time is rare but when Taz has some time he spends it gardening and caring for his small collection of animals. Currently, he has two pigs, four goats, two donkeys, a Shetland pony, a Cleveland Bay horse, six chickens and five cats. In addition, he spends time on Hack the Box, where he is a community moderator and regularly provides assistance and guidance to help people improve their DFIR skills.
Get to know Tarot (Taz) Wake:
- Author of FOR577: LINUX Incident Response & Threat Hunting course
- FOR508: Advanced Incident Response, Threat Hunting & Digital Forensics course instructor
- Board-certified Security Professional (Information and Physical Security) with over 20 years’ experience providing in-depth security risk management advice to government and private sector organizations.
- Experienced in assessing risks, and producing mitigation plans, worldwide in both peaceful areas and war zones.
- Direct experience carrying out investigations into security breaches, producing evidential standard reports and conducting detailed interviews to ascertain the details of the incident.
- Community moderator for Hack the Box where he regularly guides, aids, and nudges people to help improve their DFIR skills.
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Incident Handler (GCIH)
GIAC Certified UNIX Security Administrator (GCUX)
GIAC Continuous Monitoring Certification (GMON)
GIAC Defending Advanced Threats (GDAT)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
GIAC Python Coder (GPYC)
ASIS Certified Protection Professional (CPP)
ISC2 Certified Information Systems Security Professional (CISSP)
ISACA Certified in Risk & Information Systems Control (CRISC)
ISACA Certified Information Security Manager (CISM)
EC-Council Certified Chief Information Security Officer (C|CISO)
EC-Council Certified Ethical Hacker (CEH)