Last Day to Save $400 on Cyber Security Training at SANS New York City Summer 2018!

Mentor: Bios


Mentors are highly qualified, experienced professionals who make themselves available in your local area to help you learn the course material and get certified. Each Mentor is hand-selected from students that have completed their relevant GIAC certification with scores of 85% or higher.

James Arndt is a Cybersecurity Engineer for American Transmission Company in Milwaukee, Wisconsin. He focuses on dissecting whatever malicious email, documents, URLs, and executables come across his way. Besides incident response, he has his hands in endpoint security, vulnerability management, and access management.

James has spoken at various local and national conferences on topics such as incident response and reverse engineering. He has sucessfully taught SEC401 Security Essentials and SEC504 Hacker Tools, Techniques, Exploits, and Incident Handling. You might also find James running after his four kids, playing guitar, or tinkering around in his basement lab.

Mohammed Asfar serves as a Senior Cybersecurity Consultant at Cyber division of Leidos. Asfar's background includes electronic discovery, forensic investigation, incident response, vulnerability assessment and penetration testing across multiple industries. Asfar holds M.S. degree in Forensic Science from Marshall University, as well as CISSP, GCFA, GCIH, GCIA, GMON, GREM, GPEN and ENCE certifications. Asfar live in Houston, Texas with his wife and two-year old daughter.

Greg has been in the industry for over 17 years, and has been working with computers since he was a kid (remember the Commodore 64?). He has worn a dozen different hats in the IT world, from sysadmin to help desk, and from development to upper management. For the last ten years, he has focused exclusively on information security. First, as a consultant performing penetration testing, web application assessments and more strategic engagements with various consulting firms, before moving to the client-side, where he has worked with global financial institutions, as well as media startups to help secure their processes and technologies.

Greg has a passion for technology, as well as mentorship, and believes it is imperative to pass this on to others.

Brad is a consultant with SecureWorks doing full time web application penetration testing. He has a masters degree in Information Assurance from Dakota State University. Certifications include GWAPT, GPEN, GCIH, GCED, and CISSP. He is an active member of the local information security community. When not on a computer, Brad is usually tormenting his wife, playing with his two kids, or playing guitar.
Mr. Bluml has been performing computer related investigations for over twenty years. His investigations have ranged from simple data theft to more sophisticated hacking efforts involving multiple computers, to intellectual property theft with attempts to hide the activity or manipulate the data via date and time changes to the computer. He has also been involved in employee fraud cases involving expense report falsifications, credit card fraud, and identity theft. He has spoken at numerous national and international trade conferences on the subject of computer forensics and related investigations. www.computerforensicsconsultingllc.com Love sharing knowledge and teaching people that are really interested in the material.
Bryan is the co-host of the Brakeing Down Security podcast. Bryan's a Navy veteran, with 20 years of experience in IT and infosec. In addition to the GCIH, he also holds the GWAPT, and a CISSP in good standing. Bryan sees incident response as something vital to any business, and he is eager to share knowledge and experience with you. You can learn more on his podcast "Brakeing Down Security" by visiting http://www.brakeingsecurity.com
Murat is a Security Operation Center Manager located in Turkey. He holds a Bachelor of Science in Mathematics. He has over 20 years experience in offensive, defensive security roles. He has designed and integrated security architecture solutions. He has managed various integration projects, has been in regional and global IT management roles at companies such as Siemens, Nokia and Comodo. He holds the prestigious GIAC Security Expert (GSE) certification as well as the GCIA, GCIH(Gold), GCTI, GPEN, GSEC, and GWAPT certifications. His non-GIAC certifications include CISSP, PMP, OSCP, CPTE (Trainer), CEH, VTSP, MCP, CCNA.

Jeremy works as a security penetration tester, application security consultant, and defect remediation expert for UPS. Jeremy is also the owner of Ellipsis Information Security and teaches courses for SANS Institute.

As a Director of Education for the Kentucky ISSA chapter, Jeremy presents on application security, penetration testing and defense along with operating the "webpwnized" YouTube video channel.

Additionally, Jeremy develops the open-source OWASP Mutillidae II training environment. Jeremy has a Bachelors in Computer Science from Indiana University, a Graduate Certificate in Cybersecurity and Masters in Computer Science from the University of Louisville and is a GIAC-certified Web Application, Mobile and Network Security Penetration Tester.

Family, Gadgets, games, aerial photography, great food and craft beer are some of Paul Dumbleton's passions. Hailing from the the United Kingdom via California and now Michigan, Paul completed his Bachelors in Information Technology from the University of Phoenix in 2004 while working for Herman Miller in Zeeland, Michigan. After a recent transition to Perrigo, Inc, he now manages and oversees Global Security Operations and Engineering. Paul's passion for Information Security and Technolgoy has spanned more than 25 years. He continues to be motivated by setting goals that challenge his experience and knowledge, and admits that he continues to learn something new everyday. This translates directly into his success protecting Perrigo from evil (according to his boss) and helping the great people he works with use information resources securely.

Craig Galley is an Information Technology Professional with accomplished work experience in the Security industry since 2001.  He earned a Bachelor of Science degree in Information Science from the University of North Florida.  Early in his career, he was responsible for deployment and management of network prevention controls for a private sector organization.

Craig's career focus shifted exclusively to application development with a desire to lead secure coding best practices while chaired on Information Security Steering committees and managing large development projects and teams.  

Craig's certifications include GSEC, GISP, CISSP and CSSLP.  In his current role as an Information Security Officer, Craig manages and directs an Information Security Program in the public sector.  He is also active in Information Security groups, with volunteer experience as a Vice President.

Kevin Garvey has worked in IT for 8 years and has been devoted to cyber security since 2013. Since becoming an analyst, he has worked at New York Power Authority, JP Morgan and is currently employed at Time Warner as a manager of Threats and Incident Response. Kevin has always has had a passion to hunt down the adversary has loved the challenges his current role has thrown at him. Kevin is incredibly excited to share this knowledge with everyone taking the course!
Matt Helin has over 10 years experience in the IT and data communications field. He is a former network and systems engineer who has shifted his primary focus to all things information security for the past few years. He holds the CISSP and GCIH certifications and currently works in the information security department for a high profile e-commerce company. Matt is excited to mentor SEC 504 because it is generally a person's first exposure to common hacking tools. Witnessing first hand how systems are breached can be amazing, alarming, and eye opening.
Michael Hennick is currently CISO and Senior Network Security Architect for Solipsys Corporation, a wholly owned subsidiary of the Raytheon Company, where he is responsible for overseeing cyber operations for the company, including secure network architecture and design, incident response and forensics, vulnerability management, proactive threat assessments and penetration testing. He also teaches as an adjunct faculty for the University of Maryland, Baltimore County (UMBC) Cybersecurity Masters Program, and for the network security Associates Degree program at Howard Community College (HCC). Additionally he independently consults with small businesses to assist in their cybersecurity needs. With over 20 years of experience in the IT industry, Michael has held roles and gained first hand experience in positions ranging from software development, technical support, system, database, and network administration, network design and architecture, penetration testing, and incident response. Michael has a Masters of Professional Studies in Cybersecurity from the University of Maryland, Baltimore County (UMBC). He also maintains numerous industry certifications including CISSP, CASP, CEH, CHFI, as well as multiple GIAC certifications, and vendor specific certifications. He is also a member of the Baltimore chapters of FBIs Infragard, NCMS, and the Information Systems Security Association (ISSA).
From his work in rural non-profits to a billion dollar fintech company, Benjamin's has spent his career making technology meet people where they are at rather than the other way around. In addition to blowing circuit breakers on three continents, he graduated from Grinnell College with a B.A. in Mathematics and Economics and is a GCIH. You can follow his latest security tinkering at https://benjamin-hering.com
Bob is the CIO for a Software as a Service provider that provides services to foundations and financial institutions. He began his career as a Network Engineer in the United States Air Force where was also a Systems Administrator and Lead Information Technology Instructor. Upon leaving the Air Force he developed and instructed technical courses and has been working in Technical and Security Operations for the past 15 years. Bob holds professional certifications, including CISSP, GIAC GSEC, and GIAC GCIH.
Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team and an Infrastructure Security Team (Blue Team) at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HPs internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed. Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications. Derek also served in the US Army, mastering jump school and being promoted to sergeant (E-5) in less than 2 years, working in power generation and equipment repair. Derek is a very technically savvy engineer with heavy focus on security, integration and service delivery. His education and experience bring an understanding of how technology can affect the business, both positively and negatively. He is an excellent leader and problem solver and prides himself on being able to help the business achieve their goals with the assistance of technology. In his current role, Derek works with about 30 different internal customers as well as senior management to ensure service offerings and deliverables align with the corporate mission and risk tolerance. Security is a very dynamic and fast-moving field. He stays current on new threats, trends and technologies through networking, research, training classes and conferences. Derek is an active member of ISSA and OWASP security organizations. Maintaining awareness and skill level allows him to better plan and prioritize future work inside a company. Derek is very driven and goal oriented and brings a wealth of experience, knowledge and interpersonal skills to a new opportunity.

Dale Hobbs is a veteran of IT with over 16 years of experience starting out as a Junior Systems Administrator to his current role, Security Manager.

His background includes server and network administration, network architecture, network security, security policy development and adoption and direction setting in accordance with regulatory compliance and industry standards.

Dale is excited about all areas of technology but most specifically network security. He hopes to use his experience and training to help others achieve their IT related educational goals. He currently holds the certifications of GSEC, GCIH, GPEN and currently pursuing certification for CISSP.

Dale is very passionate about 4 main things in his life, his family, hockey, fishing and his passion for the IT industry. He enjoys mentoring and teaching others but embraces the opportunity to continuously learn and develop in his own career path. He is very proud to have the opportunity to be a SANS Mentor and be a part of the SANS family.

James currently works as a Cyber Operation Technician for the Maryland National Guard.  His main function is to work with local defenders to make their networks more secure.  James has served in the Military for 21 years.  He has served in various positions with in a Windows environment, with his last assignment being a Systems Administrator for a small organization.  He also had additional duties of being the alternate Information Assurance Manager and Network Administrator.  James enjoys scripting and PowerShell so much that he became the admin that created the automation tools for the Sysadmin team.

James has a bachelor's degree in Management in Information Systems and is currently in the process of completing his MBA with an emphasis in Information Technology Management.  He is a graduate of the Army's 255-S school and hold the CISSP, 7 SANs Certifications (GSNA, GPEN, GCIA, GCWN, GCIH, GCFA, GSEC) and C|EH.

James enjoys giving back to the community by volunteering at schools and presenting the ISC2 Safe and Secure Online presentation to school aged children.

Now a recovering CISO with over 20+ years direct Information Security experience, Christopher Hudel's experiences demonstrate success (and reveals his most inner excitement) within the domains of application and product security, incident & crisis management, penetration testing ("red teaming"), security roadmap and strategy, security operations, evangelism and leadership. Christopher's career path careened both the very technical (developing penetration testing teams & methodologies, working incident response for both malicious internal threats and nation state advanced persistent ones) and the very strategic (as a CISO for industries ranging from retail through industrial manufacturing). Comfortable in front of either board (key- or -directors), Christopher brings a sense of "extreme common sense" to communicating and understanding risk related to highly technical topics. Christopher is an accomplished speaker, most recently served as an adjunct professor teaching information security graduate and undergraduate courses for the University of North Carolina in Charlotte, NC.

Jason Kinder has over 20+ years of experience in the IT and InfoSec industry working in the private sector as a network administrator, network engineer, and then moving to manage a distributed IT group before making the jump over to InfoSec.  The jump over to InfoSec has put him in a position to manage InfoSec Operations for a multi-billion dollar defense contractor battling some of today's shared adversaries.

Through the course of his career his has gained the MCSE and CNE certs back in the day and worked hard to achieve the CISSP certification and more recently his GCIH & GMON.  Backed by a breadth of technical skill and knowledge, it also takes some keen business sense and acumen to properly navigate today's corporate environment.  While working in IT, Jason earned a Bachelor's of Science Degree from Wright State University in Dayton, OH in 2001 followed by an MBA with a concentration in Management, Change and Innovation also at Wright State University in 2009.  The technical and business skills he has amassed over his career are key to being successful and properly understanding today's security landscape and how it impacts the business.

Jason is very excited about the opportunity to Mentor SEC504 as a way to give back to the community, broaden people's minds, and train the InfoSec staff of tomorrow.  The challenge is here and now with adversaries evolving and regularly knocking on our doors.  Jason will help students be better prepared to identify and deal with these challenges on a regular basis.

Bill has a Bachelor?s of Science in Criminal Justice from the University of Alabama Birmingham and a Master's of Science in Technical Management from Embry Riddle Aeronautical University.  Currently he is working on his Masters of Science in Information Security Engineering through SANS Technical Institute and has numerous certifications through SANS.  Bill began his career in computer technology in the early 1990's while working at the University of Alabama Birmingham. There, he learned many of the widespread platforms and operating systems, employing computer troubleshooting and virus removal skills. He has been employed with Northrop Grumman for 17 years, during which he has performed several roles including desktop support, client engineering, systems engineering, and most recently information security.

Bryan Koch first became involved in cybersecurity as a member of the cyber defense team at the United States Coast Guard Academy. After four years of participating in the annual NSA Inter-service Academy Cyber Defense Exercise, Bryan attended his first SANS course, SEC 401. After 2 years of sea duty, Bryan entered into the Electronics and IT support field in the Coast Guard. At this assignment, Bryan served as the project officer for the Coast Guards IT Seabag Project, which was programmatic attempt to implement hardware authorization and management across the entire Coast Guard. He also returned to help cadets with the CDX and attended four more SANS courses at various venues. Bryan completed an MBA in 2015, focusing in Operations and Supply Chain Management. Shortly after, Bryan was temporarily assigned to Coast Guard Cyber Command to assist with the DoD Cybersecurity Implementation Plan following the OPM Data Breach. Bryan helped implement Coast Guard wide system health audits and was able to establish a 30-member Cyber Analytics team to augment traditional FISMA Audit efforts. Bryan graduated from Northeastern University in 2017 with an MS in Cybersecurity. At Northeastern, Bryan was President of the ISSA Student Chapter. Bryans thesis is currently being reviewed for publishing for the 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). His paper and presentation on Detection and Mitigation of Malicious Modifications on the Minnowboard Turbot won the 2017 Northeastern Research, Innovation, and Scholarship Expo (RISE) for Computer Science graduate level. Bryan is currently assigned as the Enterprise Operations Center Manager at Coast Guard Cyber Command and oversees a 75 member workforce maintaining Service Operations and Defense Cyberspace Operations for the U.S. Coast Guard.
Christopher Linton has been working in IT for almost 20 years. He has a Bachelor of Science in Computer Science from the University of Colorado Boulder. Christopher began working as a developer for marketing & fulfillment companies in Denver before going to work for Jeffco Public School's IT. There he developed custom web applications and SQL databases. A series of incidents with "David Lightman"-like students eventually led Christopher to the Information Security team. Christopher has presented at CSIS, SplunkLive, and other educational events. He is a big fan coffee, the Denver Broncos, Colorado Rockies, and climbing Colorado mountains. He also likes anagrams like "SETEC Astronomy" and has a binary clock on his desk at work.

Jake Miller is an information security professional, primarily focused in offensive security. Jake is currently a penetration tester, but also has previous experience as a security controls assessor, SOC analyst, and system administrator.

Jake is a lifelong student, holding a variety of IT and cyber related certifications including GXPN, GCFA, GCIA, CISSP, and AWS Solutions Architect Associate, among others.

He blogs about security and coding at laconicwolf.com, and is passionate about sharing knowledge in the community.

Christian is a motivated individual who first made his debut via the inaugural CyberAces cohort. After studying under Ed Skoudis for a year, Christian applied his self taught skills from previous jobs and hobbies, as well as the new skills learned while mentoring under Ed, to progress through the ranks at KPMG. Christian started as an associate in the cyber practice, and within two years of joining KPMG, was the service line lead and one of the core content developers for the KPMG Pentesting and Threat Intelligence service lines. After leaving KPMG, Christian joined Foundstone in order to help build the practice back up and establish himself in a more technical consulting role again. Christian has presented and been a participant at Blackhat, Defcon, MPOWER, and was offered a position to keynote at RFUN a threat intelligence conference run by Recorded Future. Christian has also presented on behalf of himself and KPMG at a variety of schools and charity events to help promote cybersecurity and protect against cyberbullying. Currently Christian holds 5 GIAC certifications with the goal of earning his GSE in the next year. He is also an active member of the SANS community assisting in question writing and course audits for the SANS OnDemand courses for the last few years. Christian is excited to become a mentor as it will help him to achieve his goal of becoming a SANS instructor and course author, as well as give back to the community and help to raise a new generation of cyber warriors.

Mathias Puggaard Noehr has worked with IT for the past 15 years, and the last 7 years specialized in security, with a primary focus on forensic and incident response. He has been leading large scale intrusion cases for the past years, ranging from simple ransomware to APT style intrusions. He is currently working in CSIS Security Group, a leading threat intelligence provider, heading the 24/7 Security Analytics Centre and the incident response team. When not helping companies with intrusions, he assistance them with everything from cyber risk bases on CSC20, to proactive security and preparing the company for the next incident.

Mathias wants to improve the knowledge about incident response in the general IT security area, and therefore have a specific focus on getting students to master the material FOR508, as it will lead to a more secure system environment for the business. Mathias mentors his analyst team on a continues basis in usage of forensic and incident tools used in the FOR508 course.

The beauty of the SANS course is that you will get introduced to both free and paid tools, meaning you can go back and give an immediate benefit to your company. Mathias currently holds GSEC, GCIH, GCFE, GCFA. 

Lisa Peterson CISA, CRISC, CISSP has worked in Information Security for 20 years, and is a Security Analyst for Progressive Insurance. Her current focus is in governance, risk and compliance. She is a part-time instructor at Cleveland State University and also speaks on security topics. She serves on the board for the Information Security Summit, the Northeast Ohio chapter of ISACA, and the Northeast Ohio chapter of CSA.

Brandon C. Poole is SOC analyst for an electric & gas utility company in the southeastern US. He brings with him 10 years of IT experience in system administration, network administration, disaster recovery, and information security. During this time Brandon has helped various employers setup & run vulnerability assessment/management, business continuity, security assessments, and change management programs across nonprofit, government & private sector organizations.
In addition to the above experience he also maintains numerous professional creditable such as GSEC, GCWN, GCIH, GCCC, CEH, CompTIA Security +, CompTIA Network + and IBM QRadar SIEM Analyst as well as being a member of ISSA, InfraGard, and the GIAC Advisory Board. 
When Brandon isn't at work he can be found further sharpening his skills in his homelab, writing Python or PowerShell scripts to automate security workflows, tweeting on Twitter (@bcpoole_sc), working on his new blog bitsbybrandon.com, or mentoring others in their IT and/or Infosec career.

Shyaam is currently a Chief Architect in the MDR space with years of experience in cyber security, information security and intelligence studies. He has worked on multiple technical and leadership roles including Director, SOC Manager, Principal/Senior Consultant, Researcher, Information Assurance Engineer, and Analyst/Engineer.

Shyaam graduated from Master of Science (MS) degree in Computer Science, majoring in Information Security at the George Washington University. He also holds Master?s Certificate in Computer Security and Information Assurance from GWU, Graduate certificate in Computer Security from Stanford, Data Science from MIT, Leading with Finance, Disruptive Strategy and Negotiations from Harvard. He continues to hold professional memberships at InfraGard, ACM, ACFE, ISACA, IACSP, HTCN, ATAB and various other associations, where he has been actively participating in the cyber security community. He has held professional certs such as, GCIH, GCIA, GREM, GCFA, GPCI, GCDS, GLDR, SSP-CNSA, SSP-MPA, SSP-GHD, GHTQ, GWAS, CISA, CEH and GIPS. He was a board member at IARIA research group where he has participated as TPC, Chair and Co-Chair of IEEE conferences related to Security and has been an advisor for several small and mid-sized organizations.

Don Reilly is a Senior Cyber Threat Developer at ERCOT, the controller of the Texas power grid. Starting initially in the Financial sector as first a Systems Administrator, and then a developer, he transitioned to the Energy Sector three years ago to perform Dev Ops and Cyber Security roles. At GridSecCon 2017 he won the inaugural ICS NetWars tournament, and continues to strive for excellence all he does. He is excited to mentor this course, because he is extremely enthusiastic about the value this course has for all organizations.
In the early 2000's Andrew Rozema worked as a systems and network administrator for a major media company whose claim to fame was getting Lincoln elected, but that happened a long while before he started working there. After a couple of virus outbreaks including Sasser and CodeRed the company decided somebody should know something about information security, and sent him to his first SANS GSEC class. After which he immediately went back to the office and changed ALL the passwords. That class sparked a passion for information security that's been with him ever since. Since then in addition to roles in that media company involving IT administration, management and security; he worked his way through both a baccalaureate degree and Masters degree in information security and discovered a passion for not only learning about information security, but teaching it as well. After teaching a couple of night classes at the local community college, he was hooked, and when a full-time faculty position opened up, he made the switch. Now Prof. Rozema is the head of the department of Computer Information Systems at Grand Rapids Community College, as well as an Assistant Professor, still responsible for teaching information security as well as classes in Linux, shell scripting, JavaScript, Secure Mobile Application Development and some very exciting classes in penetration testing. As department head his focus is now to bring the program in line with both the CNSS and NICE framework for national accreditation. Prof. Rozema still accepts select consulting engagements and advanced teaching opportunities to make sure he stays on the cutting edge in technology and grounded in what IT looks like in the real world.

John Sicklick has over 30 years of experience in the aerospace industry as a software developer, systems administrator, systems integrator, and systems security engineer. John is a retired U.S. Navy Commander where he served as an Information Corps Warfare Qualified officer. John currently serves as an adjunct faculty member at a local community college, teaching courses in ethical hacking, Linux operating system, and computer forensics. A graduate of New York Maritime College, he holds a BS in computer science and an MS in applied computer science and technical programming. He holds the GSLC, GXPN, GWAPT, GCIH, GCFE, GPEN, and CISSP certifications and the Penetration Testing & Ethical Hacking certificate from the SANS Technology Institute. John is excited and honored to help others further their careers in cyber security. www.sicklick.com

Bob Simpson is the creator of GhostSentry, an access control and compliance firewall and CIO for Finley & Cook, PLLC, a private accounting firm where he has served for 11 years. Before that, he was Security Architect for the Oklahoma Department of Human Services.  Mr. Simpson holds the CISSP, GCIH, GCIA, and GPEN, as well as MCSE and CCNA Security certifications. He is a member of the SANS Advisory board and InfraGard.

Bob is passionate about spreading the knowledge and skills necessary to face today's security landscape with confidence. Bob has spoken at DEF CON Wall of Sheep, BSides, the Oklahoma Cyber Terrorism Summit, several times at Information Warfare Summit, and at dozens of regional events. He has background in large complex infrastructure such as telecom service providers, but has dedicated the past fifteen years to information security. 

Adam has been an Information Security professional in the financial services industry since 2009. He has taken on various roles in his career with experience in incident response, controls auditing, malware analysis, digital forensics, identity and access management, password management, security event monitoring, web vulnerability scanning, security awareness training, and penetration testing. Adam received his GSEC certification in 2009 and has completed classes with SANS in malware analysis and digital forensics. Additionally, Adam received the OSCP certification from Offensive Security in 2016 and has taken on a more focused role in penetration testing over the past year. Adam is excited to be a mentor to provide a solid foundation of training to new professionals in the Information Security field.

Joe Sullivan got his start in information security in 1999 working for a web hosting company during the .com boom.  In 2001 Joe started one of the first outsourced technical support companies for web hosting server support.  After selling his company he went to work as the network security manager for a consumer electronics distributor and remained there for nearly 10 years. 

In 2014, Joe was recruited by Oklahoma based RCB Bank to guide their network security program. At RCB Joe is responsible for firewall administration, email filtering, incident response, and other areas of information security. Joe also owns 1 to 1 Risk Control & Investigations, a private investigation agency in Edmond, Oklahoma. 

Currently, Joe and his wife, Cathy, are collaborating on an IINFOSEC company, Crossroads Information Security, with plans to start providing several services to small local businesses (5-10 employees) that do not have the expertise or resources for network security. 

Check out Joe's Blogs at: 
www.1to1riskcontrol.com/news/ 
www.crossroadsinfosec.com/blog/ 

Eric is an accomplished governance, risk and compliance specialist and author set to publish his first book titled: Building a HIPAA Compliant Cybersecurity Program in late 2017 or early 2018.

In his GRC role as the Director of Compliance at Blue Health Intelligence (BHI), Eric leads efforts to increase cyber security maturity in several domains including governance, policy and controls, risk management, cyber security strategy and business alignment. He established the risk management function which includes assessment, analysis and treatment of risks, threat and vulnerability management strategy and due diligence requirements for assessing third-party risk.  Eric also assesses cybersecurity technology capabilities recommending enhancements to current solutions and new capabilities required to meet risk reduction requirements.  

Prior to BHI, Eric spent seven years at Ernst & Young (EY) in the Advisory practice where he specialized in helping healthcare organizations (providers, payers and business associates) solve problems related to information security, risk management and compliance.  Eric lead HITRUST Common Security Framework (CSF), cybersecurity program management and third-party risk management assessments. 

Jay has been passionate about FOSS and information security throughout his career. His background includes healthcare IT, ecommerce, telecommunications, corrections, and more recently extremely large-scale Linux engineering, which has given him exposure to various compliance and security circumstances. He is active in the Dallas infosec community and attends as many meetups and conferences as possible to stay abreast of developments in the field.

Nick Wiebelhaus has a diverse background in both offense and defense in the security industry. Nick currently works as a security professional with a diverse business at an enterprise level that engages in loan origination, loan servicing, payment processor, internet service provider, collaboration spaces, software development, and banking. Nick is a subject matter expert in the areas of penetration testing, incident response management, system administration, and security operations center (SOC) management. He has developed enterprise penetration testing methodologies, SOC processes, and incident response processes.

Nick is an active member of the information security community in and around the Denver Colorado area. He teaches information security at the Community College of Aurora and frequently attends conferences and other community events. Nick earned his BS in Information Security from Colorado Technical University and currently holds several certifications including GPEN, GWAPT, GCIH, and Security +.

Asmerom Yakob has over 10 years of experience in Information Technology as well as Information Security and He is member of Incident Response team in his current role . He earned his MSc of Computer Science with concentration in Information Security and Assurance from George Mason University , Fairfax ,VA and holds GCFA , GCIA and CISSP. He is passionate what SANS training has to offer to students to sharpen skills in order to cope with modern cyber threats and decided to join mentor program to share the knowledge and experience in cyber security. Asmerom is an active member of the infosec community and looks for every opportunity to both learn and encourage others to gain a deeper understanding of the challenging field of Cyber Space.