Last Day to Save $200 on Cyber Security Training at SANS San Francisco Summer!

Mentor: Bios

Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

Mark is currently a penetration tester. He is also a part-time adjunct professor where he teaches Computer Science and Information Security, and courses such as PenTest+, Sec+, and Net+, and owns his own consulting company. Mark holds a Master's in Cyber Security (with High Distinction) from Liberty University . He also holds a B.S. (summa cum laude) in Information Technology from Bellevue University, and a B.S. (cum laude) in International Business from Liberty. Prior to pen testing, he was a Sr. Linux Engineer and network engineer. He is also an active member at SecKC, a security focused group in Kansas City, where he developed the mentor program and has given several talks. He has also spoken at many different†cons, including BSides KC and the inaugural Kernelcon. When he's not shredding web applications and hacking networks, he enjoys spending time with his family, practicing BJJ and Krav Maga,† and rebuilding his red '66 Mustang.

Brad is a consultant with SecureWorks doing full time web application penetration testing. He has a masters degree in Information Assurance from Dakota State University. Certifications include GWAPT, GPEN, GCIH, GCED, and CISSP. He is an active member of the local information security community. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.

David Bernal Michelena holds a bachelor's degree in Computer Engineering from the National Autonomous University of Mexico (UNAM). Since June 2015 he serves as a cyber security researcher in Cyber Security Group in Scitum, a large consultant company in Mexico and Latin America. David's main activities are malware analysis, cyber threat intelligence, digital forensics and writing yara and snort rules to detect those threats and protect customers. David also performs ethical offensive activities and writes custom tools that are used in controlled environments to verify that security products do what they claim to do.†
From July 2013 to June 2015 David was a member of Security Events team at Alstom, a large company in energy and transport solutions protecting the endpoint environment of about 90,000 hosts distributed worldwide. In his time in Alstom his main activities were incident response, malware analysis and remediation, forensic analysis, IPS/IDS and SIEM management.
Formerly he served as a Senior Computer Forensic Analyst at Scitum from July 2011 to July 2013. His main activities there were evidence acquisition, analysis, preservation, incident response, log analysis and results reporting to Scitum's customers. In Scitum he had the opportunity to work in challenging projects for Mexican private and public institutions, including large Banks and other large government clients.
From August 2009 to July 2011 he worked as a forensic analyst and incident handler in UNAM Computer Emergency Response Team, which is the first CERT to be created in Mexico. David is GXPN, GASF, GREM, GCFA, GCFE and Access Data certified. He likes programming in several languages and is a command line lover in LINUX and Windows as well.
On his free time, he likes to swim and play the piano.

Mr. Bluml has been performing computer related investigations for over twenty years. His investigations have ranged from simple data theft to more sophisticated hacking efforts involving multiple computers, to intellectual property theft with attempts to hide the activity or manipulate the data via date and time changes to the computer. He has also been involved in employee fraud cases involving expense report falsifications, credit card fraud, and identity theft. He has spoken at numerous national and international trade conferences on the subject of computer forensics and related investigations. Love sharing knowledge and teaching people that are really interested in the material.

After earning a degree in Electrical Engineering at Stevens Institute of Technology, Craig Bowser started in IT as an officer in the US Air Force where he managed, optimized and performed troubleshooting on networks at Air Force bases around the world. In 2000, when he was stationed in the Washington DC area, he took over as Chief of Network Security for the Defense Information Systems Agency (DISA) intranet. While there he obtained his GSEC from SANS in 2001. After separating from the military, Craig worked for several government contractors in a variety of information security roles including accreditation, security engineer, incident response, security analyst, and security manager. In 2006, he obtained his CISSP and in 2011, Craig attended SEC501 and earned his GCED. Soon after, Craig was invited to a new infosec user group starting to meet in Virginia called NOVA Hackers (NOVAH). The requirement for membership in NOVAH was simple: each member needed to give a 10-15 minute talk on a regular basis. So Craig started giving talks. Even though he was an experienced briefer from his time in the military, giving technical talks to an audience with varied technical experience taught him to be prepared in new ways. First, he needed to be prepared to know answers he didnt think he needed and second, the importance of learning from the audience. This actually taught him something else: Always have a notepad to take notes when speaking! Participation in NOVAH inspired him to learn python. This helped him to deal with his frustration regarding the alerts he received at the job he had at the time by automating much of the manual review. Participating in NOVAH also led to opportunities to attend local conferences such as Shmoocon and BsidesDC. The firehose of information was overwhelming at first, but with the help of his growing friendships in the community, Craig was able to absorb more and more of the knowledge and apply that knowledge at work. As Craig grew in his skills and knowledge, he found himself increasingly helping others at work, teaching them and leading the way in implementing new methodologies. Soon, during conversations at security conferences and at NOVAH, Craig found himself answering as many questions as he asked. Thats when he realized he needed to give back to the community that helped him by sharing the knowledge, skill, and methods he had gained over the years. And so, in 2015, he researched and crafted his first talk and submitted it to several conferences for consideration. That year he was accepted and spoke at three conferences, BsidesCharm, SANS SOC Summit, and SANS Cyber Defense Summit. Since then, Craig has given talks at every SANS SOC Summit, DerbyCon, Shmoocon Epilogue, and the SANS SIEM Summit in addition to keeping his membership active in NOVAH by speaking regularly and he volunteers on staff at BsidesCharm and BsidesDC. Since 2012, Craig has been the senior security engineer responsible for building and maintaining multiple SIEMs for a government agency. Being responsible for multiple SIEMs brought multiple disciplines from his career into one job. Security Engineering was required for him to architect the system so that it could manage the amount of logs being sent and to design how the logs would be captured and archived. Security Analysis was required so that he could design searches, alerts, reports and dashboards that identified anomalies in the enterprise and use the latest threat intelligence to find attacks. Incident Response was required so that when an alert was raised, he would know what to look for, in which logs to look, how to confirm or deny that a security event had taken place, and if so, how to track on-going activity to ensure that all everything malicious is identified and removed. Security Management was required to understand how the SIEM supported current policies and procedures or create opportunities to develop new ones. While he doesnt use other disciplines as often, there are times where an understanding of security law, application security, certification and accreditation and others have been important to ensuring that the SIEM succeeds in the organization. Managing the SIEM has caused Craig to mature as an infosec professional and expanded his areas of knowledge and skills. Craig is looking to find new ways to grow in his career, help others and give back to the communities that helped him.

He maintains a website at where he maintains a blog and also posts slides from some of his past presentations.

He is stoked to have an opportunity to teach others while learning from students and fellow instructors. And have fun all the while!

Marcelo has been working with information security and carrying out computer forensics investigations for over 20 years. He worked with incident response / computer emergency response, was responsible for conducting investigations, responding to networking intrusion attempts, investigated and handled privacy-related incidents and consumer complaint in liaison with Legal and Human Resources departments, analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place, including offering remediation strategies, investigated and immediately worked to stop leaks and inadvertent disclosures of confidential information and developed policies and security awareness programs, working with highly sensitive information in a team environment.

He analyzed and documented information security incidents as well as the analysis of the circumstances enabling or permitting these same incidents to take place. Audited, verified network security and gave recommendations to improve network security. Executed wireless evaluations and security auditings. Advised organizations with current information about information security technologies and issues and researched and recommended solutions. Wrote user manuals on security software and computer, email and Internet use policy. Developed and implemented user security awareness programs, with seminars, conferences, folders, newsletters and helpful suggestions. Designed and reviewed Windows and Linux security architecture.

Marcelo has assisted task forces in lawsuits as a technical assistant, acting as an expert witness in civil and criminal trials. He assisted in computer crimes (cybercrime) investigations and was responsible for establishing many procedures at the Federal Prosecution Service, such as evidence's†chain of custody. He performed customer data analysis of data requested from banks and telecommunication companies, as requested by Brazilian Attorneys. He wrote, compiled and edited reports of security activities.†He has also worked as an associate professor at some universities and lectured at the most important Information Security conferences in Brazil. He maintains a webpage dedicated to Digital Forensics and Incident Response (in Portuguese):

Finally, he holds a Masters degree in Computer Science, a Master in Bussiness Administration (Public Administration) and a Bachelor degree in Information Systems. He also has some certifications, which illustrates his passion to learn: GIAC Certified Forensics Analyst (GCFA), GIAC Certified Incident Handler (GCIH), CISSP (Certified Information Systems Security Professional), CHFI (Computer Hacking Forensic Investigator) and EnCase Certified Examiner (EnCE).

Ismail has over 15 years of Information Security experience and holds multiple SANS certifications. He has a passion for teaching and presenting complex topics. His classes are engaging, interactive and dynamic.

Michael A. Curtis (Mike) has over 20 years of experience in the security field.

He has held several key leadership positions at Rollins, Virtual IT Experts, and

Additionally, Mike is active in the security community having served as a past member of the Symantec Customer Advisory Board, and is an officer in the Atlanta (ISC)2 Chapter.

Mike holds a BSEE, cum laude, from Northeastern University, an MBA from Bentley College and a CISSP.

Dustyn Dodge has over 12 years of experience in the cyber security industry. Dustyn has served in a wide range of positions to include technology development lead, incident responder, security operations center (SOC) commander and senior cyber instructor for the U.S. Air Force. After getting his MS in Computer Engineering at the Air Force Institute of Technology (AFIT), he served as a System Design Lead for the Air Force Research Laboratory (AFRL) developing advanced cyber defense technologies. During this time, he designed advanced computer architectures and cyber tactics, techniques, and procedures (TTPs) to counter emerging threats and meet critical Department of Defense requirements. He then served 10 years as a mission commander, conducting cyber vulnerability assessments, threat hunting and incident response missions. Dustyn was responsible for over 180 cyber operators to actively defend against adversary exploitation and attacks. Currently, he serves as a civilian technical advisor and senior instructor for the U.S. Air Forces cyber formal training unit (FTU) as well as a threat hunting team mission commander for the Air National Guard (ANG). He holds certifications in GSEC, GCIH, GCFA, GNFA, GMON, CISSP, MCITP and MCTS. His true passion is to conduct cyber security operations in the field and then bring that experience to the classroom to train future cyber defense personnel.

Mel Drews has been on both attack and defense sides of security throughout the public and private sector for more than 15 years. He's covered numerous roles in organizations large and small, including solutions engineer, analyst, auditor, penetration tester†and consultant. His current role is in a global 50 financial services firm assuring software security.

When not coding projects or studying for the next big thing, Mel is combing the forest floor for fungus in West Michigan or playing racquetball.

He holds the GWEB, GCFE, and GCCC certifications, as well as CISSP, CISA, and CISM.

Craig Galley is an Information Technology Professional with accomplished work experience in the Security industry since 2001. †He earned a Bachelor of Science degree in Information Science from the University of North Florida. †Early in his career, he was responsible for deployment and management of network prevention controls for a private sector organization.

Craig's†career focus shifted exclusively to application development with a desire to lead secure coding best practices while chaired on Information Security Steering committees and managing large development projects and teams. †

Craig's certifications include GSEC, GISP, CISSP and CSSLP. †In his current role as an Information Security Officer, Craig manages and directs an Information Security Program in the public sector. †He is also active in Information Security groups, with volunteer experience as a Vice President.

Leron is a 10-year active duty US Navy military member with 4 years in an information security position. With a passion for Python, he loves automating tedious daily routine tasks for efficiency and considers himself to always be in a position to learn more. He enjoys competing in as many CTFs as possible, and also often performs as a nerdcore rapper.

He currently holds the GPEN, GCFE, and GPYC certifications. He also maintains a blog at

Stanley got his start with computing and security at an early age. Having received a computer at age four, his curiosity with all things technology was cultivated by his parents. By age 13 he was trolling IRC channels and Usenet forums, running a small dialup BBS, and teaching himself computer networking, scripting, brute forcing, and password cracking. For his college career at Georgia Institute of Technology, he switched gears to pursue knowledge of electrical and computer engineering as he felt a degree in computer science would not be challenging enough. Through his education he discovered the microcosm of transistors and bits, gaining deep insight into how computers operate at the chip level. He used that knowledge as an intern at Texas Instruments to develop firmware for their DSP line of microprocessors in one summer session and to optimize testing routines on production semiconductor wafer batches in a second session. Another pivot led Stanley to a research position while pursuing a Masters degree at University of South Florida under the tutelage of Dr. Rich Gitlin of Bell Labs fame. There he developed software defined radio test platforms using FPGA systems in VHDL to assist PhD candidates to obtain data on novel wireless modulation schemes for use in medical applications such as in-vivo wireless networks. Ultimately, he chose a career in information security, which has revealed itself to be his true calling. He is extremely passionate in the field and his greatest motivators are the pursuit of knowledge, uncovering truth, and solving complex problems. Stanley is currently employed by Deloitte in its Managed Threat Services division, a MSSP SOC offering continuous monitoring service to commercial and public sector entities. His role is a multifaceted combination of senior security analyst, security engineer, and analyst manager. He has significant experience using all the major SIEM technologies in the pursuit of evil by running digital investigations to identify malware, insider threats, weak configuration, and other anomalies that reside on enterprise level networks. He has also been actively performing engineering development, correlation content, and maintenance of several SIEM deployments. He frequently gets called in to assist with incident investigations as a technical asset providing analysis on log activity, network capture data, and an occasional forensic image. His repertoire of GIAC certifications by SANS are in the areas of incident handling (GCIH), digital forensics (GCFA), and network forensics (GCNA).
Rick is a Security Engineer for G2, Inc and has over 15 years of experience in the IT field, with 5 years specifically in InfoSec. Rick started his career as far from InfoSec as possible: as an Aircraft Armament Systems Specialist in the USAF. Mr. Hidalgo had the opportunity to cross-train into a field that allowed him to perform client support and Information Assurance duties, which then allowed him to take a position with the Department of Defense (DoD). While with the DoD, Mr. Hidalgo performed network and endpoint analysis, performed adversary emulation and conducted cyber operations as an interactive operator as part of a Red Team. Mr. Hidalgo has had the privilege of experiencing a broad range of technical fields, including network analysis, intrusion detection, penetration testing, malware analysis, reverse engineering, and digital forensics. Mr. Hidalgo is passionate about educating and mentoring future InfoSec professionals. Rick has volunteered as a Red Team member for the CyberPatriot National Finals for the past 3 years, and recently joined the Mid-Atlantic Collegiate Cyber Defense Competition (MACCDC) Red Team. Rick was also an adjunct professor for a local community college, where he helped coached a cyber competition team and taught computer science courses. Rick is still active in cyber competitions, and takes the opportunity mentor and help other students grow in the field. He also performs independant consulting services and is a security researcher with the SynAck Red Team. Mr. Hidalgo holds his Bachelors in Cybersecurity from UMUC, and is currently pursuing his Masters in Cybersecurity from Excelsior College. He also holds a number of professional certifications, including GCIH, GAWN, GCFE, GCFA, GCIA, GPEN, and CISSP.

Dale Hobbs is a veteran of IT with over 18 years of experience in network security, security policy development, training, adoption and direction setting in accordance with regulatory compliance and industry standards as well as server and network administration.† He currently serves as the Security Manager for a large retail company and holds several Information Security certifications including GSEC, GCIH, GPEN, and GCCC.

Dale is passionate about technology, specifically network security and utilizing his commitment and expertise in the industry, enthusiastically shares his knowledge and experiences with the next generation to enhance their understanding and reach their goals.† Dale has specialized in Network Forensics, Incident Response and Penetration Testing over the last few years.†

James currently works as a Cyber Operation Technician for the Maryland National Guard.† His main function is to work with local defenders to make their networks more secure.† James has served in the Military for 21 years.† He has served in various positions with in a Windows environment, with his last assignment being a Systems Administrator for a small organization.† He also had additional duties of being the alternate Information Assurance Manager and Network Administrator.† James enjoys scripting and PowerShell so much that he became the admin that created the automation tools for the Sysadmin team.

James has a bachelor's degree in Management in Information Systems and is currently in the process of completing his MBA with an emphasis in Information Technology Management.† He is a graduate of the Army's 255-S school and hold the CISSP, 7 SANs Certifications (GSNA, GPEN, GCIA, GCWN, GCIH, GCFA, GSEC) and C|EH.

James enjoys giving back to the community by volunteering at schools and presenting the ISC2 Safe and Secure Online presentation to school aged children.

Ryan Irving has over 10 years of Information Technology experience working in the public sector. Ryan currently works for Hillsborough County Board of County Commissioners as the Information and Cyber Security Manager performing vulnerability management, forensics and incident response and other security operations. Ryan earned his Bachelor's degree from St. Petersburg College in Technology Management, with the focus in Information Security Assurance. Ryan then earned his Masters of Science in Digital Forensics from the University of Central Florida. Ryan has earned CompTIA's A+, Security+, ISC2 CISSP, and GIAC's GCIH, GNFA, GCFA, and GPEN. Ryan is excited to be your mentor for this course, and excited to share his experiences, and learn from others experiences during the course.
Perry is an accomplished, well-rounded results driven Cybersecurity leader holding numerous certifications (SANS GSEC-GOLD, CISSP , CCSP, PMP, LSS-BB) and experience in enterprise security management, support, sales, consulting, project management and product development. His passion after retiring from the Air Force is bringing a cybersecurity focus to enterprise and government organizations driving the best possible cyber protections through leveraging the latest technologies and providing Defense in Depth (DiD) via information centric and vector control methodologies. He thrives in high visibility roles rapidly analyzing issues, translating the needs into strategic business objectives then effectively communicate innovative technical solutions. Perry has delivered edge protection, internal segregation, IdAM, VPN, and endpoint security systems for small business to Fortune 500 enterprises with 40,000+ users as well as state, federal and local governmental and education organizations. Passionate about business outcomes and he has a strong track record of leading projects that meet and exceed expense and revenue objectives. Routinely presents at conferences, i.e. ISSA Hawaii and Oregon Association of Government IT Managers, and driving new business and increased margins. ‚Experienced communicator comfortable presenting to audiences of one C-Level or 1K engineers ‚Expert in translating internal/external customer needs and pain points into solutions ‚Security Architecture and Design ‚Palo Alto Endpoint Associate, Accredited Configuration Engineer (ACE), Sales Executive (ASE) ‚Sophos Central and Endpoint Sales Engineer ‚Led teams of IT engineers, security/IAM software product development ‚Endpoint Protection Development and Management

Jonathan Karchmer has over 15 years of experience in managing digital forensics and investigations. His background includes network administration, information security and electronic discovery project management. Jonathan frequently works on matters concerning trade secret theft. Jonathan has offered sworn testimony at deposition, hearing, and trial. Jonathan currently holds GCFA, GCFE, and GCIH certifications. He is excited about the opportunity to mentor FOR500 and share his enthusiasm for digital forensics with others.

Bill has a Bachelor's of Science in Criminal Justice from the University of Alabama Birmingham and a Master's of Science in Technical Management from Embry Riddle Aeronautical University.† Currently he is working on his Masters of Science in Information Security Engineering through SANS Technical Institute and has numerous certifications through SANS.† Bill began his career in computer technology in the early 1990's while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills.

After a brief stint with professional baseball, Bill moved back to computers and started working for a DoD Contractor.† During the last 20 years, he has worked in various departments; Desktop Support, R&D, Client Engineering, IT Systems Engineering and Cyber Security.† The last ten years, Bill has worked within Information Security managing projects and working with various programs across multiple areas of Information Security.† He started working with SANS Instruction in 2012.†

Bryan Koch first became involved in cybersecurity as a member of the cyber defense team at the United States Coast Guard Academy. After four years of participating in the annual NSA Inter-service Academy Cyber Defense Exercise, Bryan attended his first SANS course, SEC 401. After 2 years of sea duty, Bryan entered into the Electronics and IT support field in the Coast Guard. At this assignment, Bryan served as the project officer for the Coast Guards IT Seabag Project, which was programmatic attempt to implement hardware authorization and management across the entire Coast Guard. He also returned to help cadets with the CDX and attended four more SANS courses at various venues. Bryan completed an MBA in 2015, focusing in Operations and Supply Chain Management. Shortly after, Bryan was temporarily assigned to Coast Guard Cyber Command to assist with the DoD Cybersecurity Implementation Plan following the OPM Data Breach. Bryan helped implement Coast Guard wide system health audits and was able to establish a 30-member Cyber Analytics team to augment traditional FISMA Audit efforts. Bryan graduated from Northeastern University in 2017 with an MS in Cybersecurity. At Northeastern, Bryan was President of the ISSA Student Chapter. Bryans thesis is currently being reviewed for publishing for the 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). His paper and presentation on Detection and Mitigation of Malicious Modifications on the Minnowboard Turbot won the 2017 Northeastern Research, Innovation, and Scholarship Expo (RISE) for Computer Science graduate level. Bryan is currently assigned as the Enterprise Operations Center Manager at Coast Guard Cyber Command and oversees a 75 member workforce maintaining Service Operations and Defense Cyberspace Operations for the U.S. Coast Guard.

Tim Larkin is a Senior Cyber Security Engineer at Spinvi Consulting, LLC supporting US Navy projects.† In 2013, as the US Army was working to create its Cyber Workforce, Tim graduated first in his class at the pilot course of Fort Gordon's 25D Cyber Network Defender program becoming the first National Guard Cyber Network Defender in the world. In 2018, he mobilized with his unit to support US CYBERCOM and the NSA.† He holds an MBA from Webster University†and is projected to graduate from the SANS Technology Institute's MSISE program in 2020. Tim holds the following industry certifications: GIAC GSE #216, GXPN, GSEC, GMOB, GCCC, GSNA, GCED, GCFE, GCIH, GCIA, GMON, GCPM, CISSP-ISSEP, CRISC, CompTIA Security, CompTIA Network†and CompTIA A.† Tim lives in Charleston with his wife, Janet, stepson, Justin and their dog, Rey.

Fredric Lauzier has been†in the IT business since 2000. He was an IT consultant for two years and then enrolled in the Canadian Armed Forces as a Signals officer. He is still serving after 17 years and manages IT, Cyber, Radios, Satcom, among others, both in a deployed field environment and in a static strategic one. Over the year†he acquired the ITIL Expert certification. He has also earned a Masters in IT from Universit de Sherbrooke and a Masters in Defence Studies from the Royal Military College of Canada.

He attended his first SANS course in Fall of 2018 and since always wanted to share his knowledge to other SANS learners.

For the past 16 years, Kevin has led high-performance teams of technical professionals at large-scale internet companies, with deepest experience in Network Security. Kevins 25+ year career in technology started when he was a CS student at UC San Diego, and has encompassed unix systems administration, secure software development, network security, and web site and SaaS performance and scalability. Kevin holds the CISSP, GCFA and GNFA certifications. Kevin is active in internet operational security efforts, and advises and invests in early stage technology companies.

Kevin is an extreme tcpdump enthusiast.

Bryan McAninch is an information security professional with over twenty years experience in various disciplines including digital forensics, penetration testing, and security architecture. He holds a Bachelor of Science in Business Administration from the University of Texas at Dallas and a Master of Science in Information Assurance from the University of Dallas. Bryan is passionate about information security and giving back to the community. He is an organizer of the North Texas Cyber Security Group and owner of Prevade Cybersecurity.

Chris is Principal Consultant at Utopia Consulting and an ASD certified IRAP Assessor based in Canberra. After starting his career on a help desk, Chris pivoted through system administration into security around the turn of the millennium. Working with the Fortune 100, retail, non-profit and the government sectors, Chris is focused on ensuring that technical and security measures are user focused,† risk aware and understood by all stakeholders. This has included work in security architecture, assessment, auditing, engineering and response.†
Check out his Soundcloud, Instagram (et al) @chrismewett.†

William has been passionate about computers and their security since being introduced to them as a young teen. Early on he knew that he wanted to be working in information security. He began his education as network engineer at a vocational technology school while still in high school. After graduation he started an Information Assurance and Forensics Bachelor's degree at an NSA Center of Academic Excellence.

William has a decade and a half of experience within the field of information security. He has supported a fortune 5 company as a security engineer, supported many government and commercial customers in various roles within a Security Operations Center (including Incident Response analyst, DMA Lead and SOC Manager) and now is a Principal Security Researcher in a malware analysis role. He has taken the initiative to mentor and train new team members and has led many community events within the companies he has worked for. These events include quarterly mini conferences, Capture The Flag (CTF), LAN Parties, and other events to build the community and share knowledge. He is a frequent conference attendee and has participated in and won a number of IoT Village CTFs, including winning a Black Badge at BSidesDC for placing First in the competition. While the majority of his career has been supporting the blue team, he's always had a passion for the red team and has been honing his skills in penetration testing and exploit development. William currently holds the GCIH, GPEN, GREM, GCTI, and GXPN GIAC certifications. In addition to those GIAC certifications, he holds the OSCP and CISSP.†

Outside of information security, William is a general class Amateur Radio operator (KE5HDY), 3D printing enthusiast, and is working to become a member of the 501st legion (a Star Wars costuming organization that participates in costumed charity and volunteer work). His blog can be found at

Jake Miller is an information security professional, primarily focused in offensive security. Jake is currently a penetration tester, but also has previous experience as a security controls assessor, SOC analyst, and system administrator.

Jake is a lifelong student, holding a variety of IT and cyber related certifications including GXPN, GCFA, GCIA, CISSP, and AWS Solutions Architect Associate, among others.

He blogs about security and coding at, and is passionate about sharing knowledge in the community.

Jason Ostrom has helped over 220 organizations mature their Cyber Security programs by identifying business risks and improving their readiness for security incidents.† In his current role as Director of Technical Services for Zyston (, Jason leads the Offensive security practice and† provides support for client security incidents in potential data breaches.† Jason is also the courseware author and instructor for Zyston?s ?Top Gun? offensive security class modules.

Jason has used his extensive experience to help clients solve a variety of security problems impacting their respective businesses.† He helped a solution manufacturer raise their DoD STIG metrics to above 95% for all assessed products, including development of Python hardening scripts that protected federal assets.† He coded a Python vulnerability management program that automatically provided remediation timeliness and metrics for closing security issues.† In a client-authorized penetration test, he found a 0-day vulnerability (CVE-2016-2783) in a networking platform that was ethically disclosed to the vendor.† He is the author of the ?VoIP Hopper? network infrastructure pen testing tool, which is included in the popular Kali Linux distribution.† Jason has extensive experience distilling security issues and presenting them to target audiences, including C-Suite and board, and has been quoted in media outlets such as Network World and Wired Magazine.† Jason has spoken at many high-profile security events such as DefCon and ShmooCon.† He has been invited by federal agencies, SANS Institute (Pentest Summit) and Forrester Research to speak on application security.† Jason currently holds the CCIE Security certification (including CCNA, CCDA, CCNP, CCSP) and GCIH, GCFA, GPEN, GWAPT certifications.† He earned an M.S. in Information Security from James Madison University, and his B.A. from the University of Michigan.

Mike Peterson has more than 15 years of experience in the information technology field, over five of which dedicated to information security. He previously served in the United States Army Signal Corps and later in various positions including Information Security Officer at an institution within the University System of Georgia. Peterson is currently employed at Embry-Riddle Aeronautical University where he focuses on offensive roles. He holds multiple GIAC certifications including GCIH, GPEN, GXPN, GWAPT, and GCFE, is a member of the GIAC Advisory Board, and is working towards his Master of Science in Cybersecurity Engineering. Peterson also runs the blog and is a frequent contributor to the 13Cubed digital forensics YouTube Channel.

Bryan Rude enlisted in the Army in 1996 and spent most of his 20-year career combating bits and bytes from the tactical to the enterprise.† He participated in the development and operational deployment of critical enterprise automation systems such as System Center Configuration Manager (SCCM) as well as Host Based Security System (HBSS) and Application Whitelisting.†He retired from the Army as a Chief Warrant (CW) Officer 4 with the Military Occupational Specialty (MOS) of 255S.††

Bryan joined the MITRE team shortly after retirement from the Army as a Lead Cybersecurity Engineer.† †He has worked to operationalize the ATT&CK Framework for several government organizations.††

Bryan specializes in endpoint security and the systems that support it.

He has spent most of his life as a student and continues to search for a life.† Over the years he has earned a Bachelors degree in Biblical Studies and a Master?s degree in Information Systems.††

Bryan achieved and continues to maintain multiple professional certifications.

Andrew Skatoff has been securing and protecting critical infrastructure networks for the last 16 years.†
Raised by a Topgun Marine fighter pilot and a middle school special education teacher, he has always been driven to find meaningful work, solve interesting problems and help others do the same in an effort to make the world a† better and safer place.
Andrew's love for computers started in college and after spending several years providing technical support in the energy and financial sectors, he achieved his MCSE certification. This led to his first info security job supporting a migration to active directory.† Andrew went onto champion, design and implement an automated compliance and vulnerability management program. He has been developing and leading incident response teams, a malware analysis function and digital forensics services for the past 12 years in critical infrastructure financial organizations.†
SANS FOR508 is one of Andrew's favorite classes! It combines incident response and triage analysis with full disk forensics in a way that† balances accuracy and efficiency in our increasingly demanding role as cyber defenders.††
Andrew currently holds GREM, GCFA, and CISSP certifications and is an Incident Response Manager at a large financial organization.

Check out Andrew's blog at:†https:

Mr. Stashis has over ten years of professional experience in penetration testing, information security, and technology. He began as a child hacker; dissembling his first electric toy cars then moving on to build his first desktop out of spare parts as a young teen. As an educator and mentor, Mr. Stashis works with students across the globe in Cyber Security and maintains a leadership standing within the local Atlanta Security community. He enjoys working as a fulltime Penetration Tester and is passionate about educating Pen Testing to individuals willing to learn. Certified in OSCP, GPEN, GCIH, and GSLC.

Joe Sullivan has 20 years of experience in information security. Joe is the principal security strategist for Crossroads Information Security, the Chief Information Security Officer for a bank, and the owner and lead investigator of 1 to1 Risk Control & Investigations.

Joe got his start in information security in 1999 working for a web hosting company during the .com boom. In 2001, Joe started one of the first outsourced technical support companies for web hosting server support specializing in administration of LAMP servers and incident response.

After selling his company he went to work as the network security manager for a consumer electronics distributor and remained there for nearly 10 years. In 2014, Joe was recruited by Oklahoma based RCB Bank to guide their network security program. At RCB Joe is the Chief Information Security Officer.

Joe and his wife, Cathy, also operate Crossroads Information Security, which provides services to businesses that do not have the expertise or resources for network security. These services include penetration testing, gap analysis, policy, procedures, and training.

Joe holds the following information security related certifications:

GIAC Strategic Planning, Policy, and Leadership (GSTRT)
GIAC Certified Forensic Examiner (GCFE)
GIAC Certified Incident Handler (GCIH)
Certified Information Systems Security Professional (CISSP)
CNSSI 4012 Senior Systems Manager
CNSSI 4013 System Administration in Information Systems Security
CNSSI 4014 Information System Security Officer
NSTISSI 4011 Information Systems Security Professional
NSTISSI 4015 Systems Certifier

Joe is active in the Oklahoma City information security community and is the chapter leader of the Oklahoma City Open Web Application Security Project (OWASP) chapter, is an†instructor for the SANS Institute and teaches the following classes:

SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
MGT514: Security Strategic Planning, Policy, and Leadership

You can find Joe Sullivan's blogs online at:†

Sean Thomas has over 20 years of Information Technology experience, with more than eight years in cybersecurity/information security. He has been involved in many aspects of IT throughout his career including desktop support and academic systems administration, networking, and Windows & Unix/Linux server administration before finding his way to cybersecurity.†

Sean has been an instrumental part of the formation and evolution of the IT Security Services program at Embry-Riddle Aeronautical University. He currently serves as the Senior Information Security Analyst on the team, with over six years of experience working Incident Response, Digital Forensics, and Policy Management. In addition to his duties with the team, he is regularly asked to guest lecture on cybersecurity topics at the University, primarily for many first-year student classes.

Sean performs several functions with SANS Online Training as part of the OnDemand QC team to improve content delivery for dozens of courses, assisting with course review, and as a virtual TA for Simulcast.† Sean holds a Bachelor of Business Administration in E-Business Technology from Stetson University and holds multiple GIAC certifications, including GCED, GCFA, GCIH, GMON, GCWN, and GCDA.

With more than 20 years in the industry, Kendrick has served in many areas of the IT industry including networking (LAN/WAN troubleshooting, engineering and structured wiring), Web design, EndPoint administration, System administration, Programming and now Information Security. Kendrick currently serves as a member of his companys Information Security team and president of InfraGards Birmingham chapter which works with the FBI, Homeland Security and the U.S. Attourneys office to protect the 16 U.S. critical infrastructures from terrorist attacks. At night he manages 2 successful YouTube channels and his company which works directly with gaming companies around the world and has its own professional eSports team.

Tom Webb has over 15 years of experience in a dedicated security role. Tom has worked for state law enforcement and in the education sector.† He is currently employed by the University of South Carolina as the director of security operations. His current role includes leading a team that performs: incident response and forensics investigations. Tom's previous roles included: network security engineer, security architect, incident response, and penetration testing.

Tom has a B.S. in Information Management from the University of South Carolina. He holds various certifications including, CISSP, GXPN, and GSE. Tom also volunteers for the SANS Internet Storm Center. You can follow him on twitter @twsecblog, or

Michael Weeks is currently working as the SOC and Incident Response Lead at Fair Isaac Corporation. He leads a highly technical team of Analyst, Developers, and Incident Handlers in the daily monitoring of cyber security events for FICO. A graduate of the SANS Technology Institute Master of Science in Information Security Engineering Program and certified GIAC Security Expert, as well as a host of other SANS Certifications and the CISSP from ISC2. Michael is also a Chief Master Sergeant with the United States Air Force Reserve working in the 960th Cyber Operations Group as a Cyber Warfare Operator. The greatest privilege is the ability to mentor the future cyber warfare operators in hopes that they can help solve the many problems in cyber security.

Jeremiah L. Williams, Sr was born in Baltimore, Maryland, in 1976. He is currently a doctoral student in the Department of Business Administration at Northcentral University where he has successfully completed all core and specialization requirements. Both his specialization and professional career has been Information Technology (IT) for over 22 years. Jeremiah has been enrolled in this program since 2013 completing courses part-time while attending to his family and professional career. Education He received the B.S. degree in Information Technology Engineering Security from Charter College, Anchorage AK in 2012. The path to completing his B.S. degree took 17 years consistently earning credits every year from different institutions despite constant work travel. He attended Frederick Community College and Morgan State University in Maryland, Virginia Commonwealth University in Virginia, and Drexel University in Pennsylvania before finally completing his B.S. in Anchorage Alaska. He immediately continued school and obtained his M.S. degree in Information Technology Security Assurance from American Intercontinental University, Schaumburg, IL in 2013. Currently hes a graduate student pursuing his PhD in Information Technology Business Administration at Northcentral University in San Diego, CA. Career From 2004 to 2010, Jeremiah Williams served honorable as Instructor Airborne Battle Manager onboard the Airborne Early Warning Control System (AWACS) E-3 Sentry for the United States Air Force. During his military service, he earned Airmen of the Quarter and several distinguished military volunteer service awards including a check for $1000 for winning an Air Force wide essay competition. Then from 2010 to 2015, he served as a Network Engineer, Software Developer, and Senior IT Instructor with Northrop Grumman, Caterpillar Inc., and Charter College respectively. As network engineer, he successfully maintained the military tactical network links between Elmendorf AFB, Alaska and Eielson AFB, Alaska enabling Alaskan airborne situational awareness to national decision makers. His work with Caterpillar Inc, enabled advanced software testing and auditing via his customized automation solutions ensuring successful deployment of enterprise software to over 5000 clients systems worldwide. His 6 years as IT Instructor and Microsoft SME (subject matter expert) eventually lead to his promotion to Senior IT Instructor providing curriculum development and accreditation assurance. Finally, he began work for the federal government as an Information Technology Specialist where he currently works as a Web Services Architect today. Volunteer Jeremiah has received several awards for his volunteer service. He received Air Force awards for his volunteer services on behalf of the Elmendorf AFB military chapel. The University of Alaska Anchorage awarded Jeremiah with the Martin Luther King Jr volunteer award for his volunteer work providing computer lab setup and administration for their students. Currently, he volunteers his time as director and mentor over a non-profit IT trades and training organization in Anchorage Alaska called Integrity IT Internship. He started the 501(c)3 organization where he also mentors 5 junior IT professionals. Jeremiah also spends his volunteer time as a community services leader helping the homeless and fellow Alaskans fine shelter, stability, jobs, and rehabilitation. Entrepreneur Mr. Williams began his entrepreneur career in 2000 when he started Integrity Computer Systems, LLC (ICS). ICS was a debt free information technology (IT) sales, services, and consulting firm which began in Frederick Maryland. It eventually moved to Kingsport Tennessee and now operates in Anchorage Alaska as an IT training and consulting center. Jeremiahs passion for operating debt free has kept the company in good reputation. He employed up to 3 personnel during the peak business operations. Next, he started and franchised a Daycare in 2012 called AEIOU Childcare employing 5 personnel. Then, internationally, he worked with a leading staffing agency in the Dominican Republic called Soluciones Humanas to develop and program a software business solution for unifying front end, back end, and client data services into a single comprehensive platform independent solution. The program was bi-lingual but functioned in Spanish mode primarily. Lastly, Jeremiah began a non-profit 501(c)3 organization called Integrity IT Internship in Anchorage Alaska which functions to provide advanced hands-on technology training to its members. The organization provides free computers to the general public and donation based IT services for non-profit organizations endeavoring to provide hands on training experiences for its members. Memberships and Websites Mr. Williams is a member of the IEEE, Anchorage Area Toast Masters, and Project Management Institute of Alaska. My web portfolio can be found at

Since 2011, Terrence Williams has embraced the United States Marine Corps saying, "Grow Where You Are Planted."†As an active duty Marine, Terrence was placed into the cybersecurity world to satisfy "The needs of the Marine Corps."†Turns out, being planted in the cybersecurity role is the best place for Terrence to grow his passion for Digital Forensics & Incident Response (DFIR). Currently Terrence Williams works in a Defensive Cyber Operations billet that requires him to conduct various duties in the DFIR realm. His young career has led him to operating on multiple enterprise networks supporting military operations that expand across the world.

Terrence's thirst for knowledge is the primary fuel for his passion for the various DFIR avenues. Terrence's background in DFIR covers smartphone and Windows forensics, including, vulnerability discovery and analysis, threat hunting, reverse engineering malware, network security monitoring, and Python coding. Terrence has participated in building multiple standard operating procedures for the up and coming Marines that will be in various cyber operation roles.

Terrence alternative passion is to share his knowledge with the world. At an early age, Terrence found that people around the world crave knowledge and need the opportunity to gain it. He has begun building his social platform to drive his passion by being a guest blogger on The guest blog appearance has inspired Terrence to build his own website Life is a Game of Choices†( to further expand his brand. Terrence is excited to fulfill his passion for sharing knowledge as a SANS Mentor to further reach people that want to feed their passion for knowledge.

Outside of work, Terrence finds his passion in sports, dog training, reading, and being a connoisseur of the world's food and spirits.