Instructors

Instructors

ICS Instructors


Justin Searle

Justin Searle

Justin Searle is a Managing Partner of UtiliSec, specializing in Smart Grid security architecture design and penetration testing. Justin led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played key roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG). He currently leads the testing group at the National Electric Sector Cybersecurity Organization Resources (NESCOR). Justin has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. Mr. Searle is currently a Senior instructor for the SANS Institute. In addition to electric power industry conferences, Justin frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT. Justin co-leads prominent open source projects including the Samurai Web Testing Framework (SamuraiWTF), the Samurai Security Testing Framework for Utilities (SamuraiSTFU), Middler, Yokoso!, and Laudanum. Justin has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), and Web Application Penetration Tester (GWAPT).

View Upcoming Training for Justin Searle

Robert M. Lee

Robert M. Lee

Robert M. Lee is the CEO and Founder of Dragos Security LLC, a critical infrastructure cybersecurity company, where he pursues his passion for control system traffic analysis, incident response, and threat intelligence research.

Rob is a SANS Certified Instructor, the course author of SANS ICS515 - "Active Defense and Incident Response," and the co-author of SANS FOR578 - "Cyber Threat Intelligence."  He is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cybersecurity of critical infrastructure, and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers and awarded EnergySec's 2015 Cyber Security Professional of the Year. Rob was also named to the 2016 class of Forbes "30 Under 30" for Enterprise Technology as one of "the brightest entrepreneurs, breakout talents, and change agents" in the sector.

Robert obtained his start in cybersecurity serving as a Cyber Warfare Operations Officer in the U.S. Air Force. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles in publications such as Control Engineering and the Christian Science Monitor's Passcode and speaks at conferences around the world. Lastly, Robert, is author of the book "SCADA and Me" and the weekly web-comic Little Bobby.

"Real-world practical insight and the technical skills and tools to create meaningful change."- Billy Glen, Pacific Gas & Electric

"Great teaching style - humor - keeps the atmosphere light."- Tim Sanguinett, NCPA

"Good pace, kept things moving, stayed enthusiastic the entire day."- Michael Nowatkowsk, Army Cyber Institute

View Upcoming Training for Robert M. Lee

Dr. Eric Cole

Dr. Eric Cole

Dr. Cole is an industry-recognized security expert with over 20 years of hands-on experience. Dr. Cole has experience in information technology with a focus on helping customers focus on the right areas of security by building out a dynamic defense. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. He served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is the author of several books, including Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible 2nd Edition, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is the founder and an executive leader at Secure Anchor Consulting where he provides leading-edge cyber security consulting services, expert witness work, and leads research and development initiatives to advance the state-of-the-art in information systems security. Dr. Cole was the lone inductee into the InfoSec European Hall of Fame in 2014. Dr. Cole is actively involved with the SANS Technology Institute (STI) and is a SANS faculty Fellow and course author who works with students, teaches, and develops and maintains courseware.

View Upcoming Training for Dr. Eric Cole

Graham Speake

Graham Speake

Graham Speake is Vice President and Chief Product Architect at NexDefense. Previously to NexDefense, he was Principal Systems Architect for Yokogawa Electric Corporation, ISCI Marketing Chair, and an IEC62443 editor. Graham is an engineer with over 30 years' experience, the last 16 of which have been in the industrial cyber security arena for both end user companies and vendors. Graham has spent 10 years in BP looking at control systems security in both upstream and downstream business areas. Additionally, he has 5 years' experience in designing safety systems at Industrial Control Services.

Graham is the author of a number of books and frequent contributor to magazine articles.

View Upcoming Training for Graham Speake

Eric Cornelius

Eric Cornelius

Eric Cornelius is the Director of Critical Infrastructure and Industrial Control Systems (ICS) at Cylance, Inc. where he is responsible for thought leadership, architecture, and consulting implementations. Eric brings a wealth of ICS knowledge and his leadership keeps organizations safe, secure, and resilient against advanced attackers. 
 
Previously, Eric served as the Deputy Director and Chief Technical Analyst for the Control Systems Security Program at the US Department of Homeland Security. 
 
Eric earned a bachelor's degree from the New Mexico Institute of Mining and Technology where he was the recipient of many scholarships and awards including the National Science Foundation's Scholarship for Service. 
 
Eric went on to work at the Army Research Laboratory's Survivability/Lethality Analysis Directorate where he worked to secure field-deployable combat technologies. It was at ARL that Cornelius became interested in non-traditional computing systems, an interest which ultimately led him to the Idaho National Laboratory where he participated in deep-dive vulnerability assessments of a wide range of ICS systems. 
 
Eric is the co-author of "Recommended Practice: Creating Cyber Forensics Plans for Control Systems" as part of the DHS National Cyber Security Division, Control Systems Security Program, 2008 and is also a frequent speaker and instructor at ICS events across the globe.

View Upcoming Training for Eric Cornelius

Matthew Luallen

Matthew Luallen

Matthew E. Luallen is a well-respected information professional, researcher, instructor, and author. Mr. Luallen serves as the president and co-founder of CYBATI, a strategic and practical educational and consulting company. CYBATI provides critical infrastructure and control system cybersecurity consulting, education, and awareness. Prior to incorporating CYBATI, Mr. Luallen served as a co-founder of Encari and provided strategic guidance for Argonne National Laboratory, U.S. Department of Energy, within the Information Architecture and Cyber Security Program Office. In an effort to promote education and collaboration in information security, Mr. Luallen is an instructor and faculty member at several institutions. Mr. Luallen is adjunct faculty for DePaul University, teaching the Computer Information and Network Security Masters degree capstone course. He is also a certified instructor and CCIE for Cisco Systems, covering security technologies, such as firewalls, intrusion prevention, and virtual private networks, and general secure information architecture. As a certified instructor for the SANS Institute, Mr. Luallen teaches infrastructure architecture, wireless security, web application security, regulatory and standards compliance, and security essentials. Mr. Luallen is a graduate of National Technological University with a master's degree in computer science, and he also holds a bachelor of science degree in industrial engineering from the University of Illinois, Urbana.

View Upcoming Training for Matthew Luallen

Tim Conway

Tim Conway

Technical Director - ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

View Upcoming Training for Tim Conway

Mark Bristow

Mark Bristow

Mark Bristow was born to work in information security as he found his first bug in an ICS system at the age of 10. As a teen he had a passion for technology and spent a lot of time exploring the possibilities on his computer. Once he realized he could make a career out of this passion, he jumped at the opportunity and earned a Computer Engineering degree from Penn State.

Mark loves the ever-changing landscape of security and views it as a puzzle that must be solved. He especially loves the challenges in ICS security as defending the systems where cyber meets physical means there is no greater success than a safe and effective process.

Currently Mark is the Chief of ICS-CERT Incident Response at the Department of Homeland Security where he leverages his expertise in incident response, industrial control systems, network monitoring and defense to support national security interests. In Mark's twelve- year security career he has also worked for SRA and Securicon where he supported a variety of private and public sector clients.

Mark's experience has led him to the path of sharing his knowledge and helping others learn to protect critical infrastructure. He loves teaching not only to help others, but because he learns something from his students in every class. Mark shares his real-world experiences with students so they can relate the information to scenarios in the field.

When Mark isn't defending ICS systems, he enjoys spending time with his family and scuba diving as much as possible.

View Upcoming Training for Mark Bristow

Kai Thomsen

Kai Thomsen

Kai has been working in various IT Security roles for more than 15 years. Currently he is the DFIR lead at the premium automaker AUDI AG. Kai also designs and runs Red Team exercises at Audi that integrate IT, business, and physical aspects.

Before Audi he worked for more than 12 years at the engineering company SMS Group where he designed and implemented defensible LANs as well as running DFIR in traditional IT and ICS environments.

Kai holds an MA in Computer Science and English and American Literature.

View Upcoming Training for Kai Thomsen

Billy Rios

Billy Rios

Billy is an accomplished author and speaker. Billy is recognized as one of the world's most respected experts on emerging threats related to Industrial Control Systems (ICS), Critical Infrastructure (CI), and medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. He has been publically credited by the Department of Homeland Security (DHS) over 50 times for his support to the DHS ICS Cyber Emergency Response Team (ICS-CERT).  

Billy is the Founder of WhiteScope LLC which is known as a leading provider of deep security research, world class advisory services, and innovative security solutions.  Prior to venturing into entrepreneurship, Billy served in a number of roles that demonstrated increasing responsibility and security expertise. 

As the Director of Vulnerability Research and Threat Intelligence with Qualys, Billy led the development of product offerings for vulnerability research, threat intelligence, ICS/SCADA, and embedded security. Before Qualys, Billy led the Google front-line response for externally reported security issues and incidents.  Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft).  During his time at Microsoft, Billy led the company's response for several high-profile incidents, including the response for Operation Aurora. Before Microsoft, Billy worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Billy currently holds an MBA from Texas A&M University-Commerce and a Master of Science in Information Systems from Hawaii Pacific University.  He was a contributing author for several publications including: Hacking, the Next Generation (O'Reilly), Inside Cyber Warfare (O'Reilly), and The Virtual Battle Field (IOS Press).

View Upcoming Training for Billy Rios

Paul A. Henry

Paul A. Henry

Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 30 years of experience covering all 10 domains of network security. Paul began his career in critical infrastructure / process control supporting power generation and currently manages security initiatives and incident response for Global 2000 enterprises and government organizations worldwide.

Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security and as a retained security expert for multiple financial and healthcare firms.

Throughout his career, Paul has played a key strategic role in launching new network security initiatives to meet our ever-changing threat landscape. Paul also advises and consults on some of the world's most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, the Reserve Bank of Australia, the Department of Defense's Satellite Data Project (USA), and both government as well as telecommunications projects throughout Southeast Asia.

Paul is frequently cited by major and trade print publications as an expert in perimeter security, incident response / computer forensics and general security trends and serves as an expert commentator for network broadcast outlets, such as FOX, NBC, CNN, and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications, such as the Information Security Management Handbook, where he is a consistent contributor. Paul serves as a featured and keynote speaker at seminars and conferences worldwide, delivering presentations on diverse topics including anti-forensics, network access control, cyber crime, DDoS attack risk mitigation, perimeter security, and incident response.

Listen to Paul discuss "Incident Response and Forensics in the Cloud" in this SANS webcast that every DFIR professional should listen to.

View Upcoming Training for Paul A. Henry

Thomas Brandstetter

Thomas Brandstetter

Thomas Brandstetter is CEO and co-founder of Limes Security, a company specializing in industrial cyber security and secure software development, based in Austria. Besides his work as a CEO, he is an associate professor at the University of Applied Sciences St. Poelten, Austria, where he loves to teach his students subjects like industrial cyber security, incident response, botnets and honeypots and penetration testing. He gathered a decade of experience in the industry when he joined Siemens in order to build up the topic of IT security in products. After spending years in pen-testing significant amounts of industrial products, he became Program Manager of the "Hack-Proof-Products Program" that he had co-founded. He held this position until in 2010 the Stuxnet malware hit. He was assigned the official incident manager role for this unique threat, and still loves to look back on what he learnt back then technically and about handling security in large organizations. Out of the remnants of the Stuxnet-activities, Thomas founded the Siemens ProductCERT, which is still one of the most effective industrial incident and vulnerability response teams worldwide today. He was heading the Siemens ProductCERT for another two years before he left for his own company and academia. Thomas was on stage at security conferences like Blackhat and SANS SCADA, and spoke at conferences like Meridian, IFIP WG11.10 CIIP and CIRED. Besides speaker engagements, he also likes to actively contribute to security-conferences. His last activities included helping to establish the ICS village at DEFCON and BruCON and he also is a conference chair for the industrial control system cyber security research (ICS-CSR) academic conference series. He is a GICSP, CISSP and holds a diploma degree in IT security from the University of Applied Sciences Hagenberg, Austria and a master?s degree in business administration from the Universities of Augsburg and Pittsburgh.

View Upcoming Training for Thomas Brandstetter

Jason Dely

Jason Dely

Jason Dely is an Industrial Control Systems (ICS) security consultant for Cylance Inc. with over 15 years of professional experience in ICS and Critical Infrastructure security initiatives and solutions spanning multiple industry verticals.  Jason is a leader and contributor in the management, consultation, assessment, planning, designing and implementation of a variety of ICS security and infrastructure projects across industries that include Water Utilities, Oil and Gas, Steel and Chemical.  Before joining Cylance, Jason worked for one of the world's largest ICS vendors where he contributed to clients his security knowledge and integration experiences across ICS and IT technologies.  Jason is frequently a speaker at various industry events and leverages his integration knowledge of securing ICS systems and their vulnerabilities to provide services and guidance to Cylance clients.  Dely is an Electronics Engineering Technologist and is a CISSP, CISM and SANS GIAC certified Exploit Researcher and Advanced Penetration Tester (GXPN).

View Upcoming Training for Jason Dely

Jason Christopher

Jason Christopher

Jason D. Christopher is the Chief Technology Officer for Axio. His responsibilities include providing technical leadership on security and resilience issues relevant to Axio, its partners, and clients, and the development of all Axio technology platforms for security metrics and benchmarking.

Prior to Axio, Jason led the research for cybersecurity metrics and information assurance at the Electric Power Research Institute. Previously, he was the technical lead for cybersecurity capability and risk management at the US Department of Energy, where he managed the Cybersecurity for Energy Delivery Systems Operations program, which included the Cybersecurity Capability Maturity Model and other collaborative efforts. Jason also served as the program lead for both Critical Infrastructure Protection Standards and Smart Grid Security at the Federal Energy Regulatory Commission.

Mr. Christopher has worked on a variety of infrastructure projects, particularly in the field of industrial control systems design and implementation. He has also researched and designed technology systems across multiple industries, including energy, water, transportation, and communications. He has been a representative on the Federal Smart Grid Task Force, the Critical Infrastructure Protection Committee (CIPC), and other technical committees.

Independent of his work at Axio, Jason is a member on the Institute of Electrical and Electronics Engineers (IEEE-USA) Energy Policy, Communications Policy, and Research & Development Policy Committees. Over the past decade, Jason has focused on the development of cybersecurity standards and practices for the nation's critical infrastructure.

Outside of the workplace, Jason focuses on Science, Technology, Engineering, and Mathematics (STEM) education issues. He has lectured at several universities across the country and developed cross-disciplinary courses focusing on resilience, sustainable energy, and community design.

Mr. Christopher holds a Bachelor of Science and Master of Engineering from the State University of New York at Binghamton, and Master's of Engineering degree in electrical engineering from Cornell University.

View Upcoming Training for Jason Christopher