Our Advisory Board
To ensure our security awareness training always has the greatest impact possible, we depend on an Advisory Board of SANS' Senior Instructors, selected Clients and Industry Leaders to help with the development of our training content. We know that no single person can have all the skills or experience needed to create really effective content, that is why we depend on our Advisory Board. The Advisory Board reviews our entire training curriculum based on the 20 Critical Controls Framework, then identifies a need for any new modules, changes to existing modules, or the removal of outdated modules. The Advisory Board reviews each module in detail, identifying any changes required for that module's learning objectives. To ensure our training is the most current and effective possible, we go through this entire review and updating process at least twice a year. You can learn more about our latest security awareness curriculum and each of our modules through our online demo.
Dr. Eric Cole, SANS Faculty Fellow
Dr. Cole is an industry-recognized security expert with over 20 years of hands-on experience. Dr. Cole currently performs leading-edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has experience in information technology with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a master's degree in computer science from NYIT and a doctorate from Pace University with a concentration in information security. Dr. Cole is the author of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. He is the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commission on Cyber Security for the 44th President and several executive advisory boards. Dr. Cole is founder of Secure Anchor Consulting in which he provides state of the art security services and expert witness work. He also served as CTO of McAfee and Chief Scientist for Lockheed Martin. Dr. Cole is actively involved with the SANS Technology Institute (STI) and SANS working with students, teaching, and maintaining and developing courseware. He is a SANS faculty Fellow and course author.
Pieter Danhieux, SANS Certified Instructor
Pieter Danhieux is a certified instructor for the SANS Institute, teaching military, government, and private organizations offensive techniques on how to target and assess organizations, systems, and individuals for security weaknesses. He is also one of the founders of the security and hacking conference BRUCON in Belgium, where he has designed and run cyber-intrusion exercises (The Hex Factor) across Europe since 2009 together with a group of talented people. Pieter has more than 10 years of experience in the cyber security space. He was one of the youngest persons ever in Belgium to obtain the Certified Information Systems Security Professional (CISSP) certification. He then obtained the Certified Information Systems Auditor (CISA) and the GIAC Certified Forensics Analyst program (GCFA) and is currently one of the select few people worldwide to hold the GIAC Security Expert (GSE) certification. He currently works at BAE Systems stratsec, Australia's strongest and most awarded information security team, delivering critical cyber security projects in both the public and private sectors in Australia and South-East Asia. Before that, Pieter worked for seven years at Ernst & Young in Europe and Oceania as one of their information security experts running a team of attack and penetration resources operating in the financial industry and telecommunication space.
Tony DelaGrange, Senior Security Analyst - Secure Ideas
Tony DeLaGrange is a Senior Security Analyst with Secure Ideas, bringing over twenty-five years of information technology experience in the healthcare and financial services industries. For over the past decade, Tony has focused on information security within a leading Fortune 50 financial institution, providing the design of security reference architecture, development of information security policies, standards, and baselines, as well as the assessment and testing of emerging technologies. His experience includes managing large networking and messaging environments, assessing controls and establishing security requirements for large technology project implementations, driving change through leading an information security center of excellence, and influencing key technology and business stakeholders at all levels. Most recently, Tony led a penetration team that augmented the IT Audit program, providing a threat-based perspective to the standard general controls audit review process. For many years, Tony has had a keen interest in mobile security, specifically with mobile devices within a corporate environment, and is currently focused on the development of open source mobile testing tools. Tony is one of the co-authors of SEC571 and is the project lead for the MobiSec Live Environment.
Brian Honan, Principal Consultant - BH Consulting
Brian Honan is an independent security consultant based in Dublin, Ireland, and is recognised as an industry expert on information security. Brian has worked closely with the European Network and Information Security Agency (ENISA) in developing a number of reports in the area of security awareness raising and was the global organiser for Global Security Week, a world wide security awareness campaign. He is also COO of the Common Assurance Maturity Model and founder and head or IRISSCERT which is Ireland's first CERT. Brian lectures on Information Security in University College Dublin, sits on the Technical Advisory Board for a number of innovative information security companies and is on the board of the UK and Irish Chapter of the Cloud Security Alliance. He has addressed a number of major conferences relating to the management and securing of information technology such as RSA Europe, BruCON, Source Barcelona and numerous others. Brian is author of the book "ISO 27001 in a Windows Environment" and co-author of "The Cloud Security Rules", is regularly published in a number of industry recognised publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites, a semi-weekly electronic newsletter.
Kevin Johnson, SANS Senior Instructor
Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso! and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.
Randy Marchany, SANS Certified Instructor & CISO at VA Tech
Randy is the Chief Information Security Officer of Virginia Tech and the Director of Virginia Tech's IT Security Laboratory. He is a co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step guides. He is a member of the Center for Internet Security development team that produced and tested the CIS Solaris, HPUX, AIX, Linux and Windows2000/XP security benchmarks and scoring tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.
Ashley Sudderth, Information Compliance Officer for Michigan Tech University
Ashley Sudderth is the Information Compliance Officer for Michigan Technological University. As a Certified Information Systems Auditor (CISA), Ashley has extensive experience with assessing and testing IT controls in support of financial audit and regulatory compliance engagements within the automotive, manufacturing, higher education, healthcare, financial institution, and government industries. In addition, to privacy audits (GLBA, HIPAA/HITECH, FERPA) and compliance reviews (Sarbanes-Oxley, PCI-DSS), Ashley has a wide range of experience in IT risk assessments, application security controls, business continuity management, and implementation of security best practices and guidelines.
James Tarala, SANS Senior Instructor
James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.
Arrigo Triulzi, SANS Certified Instructor
Arrigo Triulzi, trained in Pure Mathematics, holds an MSc in Mathematical Computation from Queen Mary, University of London, and is working towards a PhD in Algebraic Computation. He is co-founder and Chief Security Officer of K2 Defender Limited, a bespoke high-end IDS solutions provider. Arrigo is also a free-lance consultant in IT Security with particular expertise in secure network design, network security analysis, and incident handling. He is also the administrator of the IDS Europe mailing list. Having worked with both popular and less common flavours of Unix he is comfortable working in any heterogeneous networking environment and his knowledge also includes esoteric operating systems such as Guardian/NSK. Arrigo is co-inventor in an EU patent for a high-performance distributed IDS design, and has written on a variety of security topics. Recent work includes web research into IDS deployment on IPv6, firewall verification using IDS, and distributed concept virii.
Benjamin Wright, SANS Senior Instructor
Benjamin Wright is the author of several technology law books, including Business Law and Computer Security, published by the SANS Institute. With 26 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security, and e-mail discovery and has been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. Mr. Wright is known for spotting and evaluating trends, such as the rise of whistleblowers wielding small video cameras. In 2010, Russian banking authorities tapped him for experience and advice on the law of cyber investigations and electronic payments. Wright maintains a popular blog at http://legal-beagle.typepad.com.
Joshua Wright, SANS Senior Instructor
Joshua Wright is an independent information security analyst and senior instructor with the SANS Institute. A widely recognized expert in the wireless security field, Josh has worked with private and government organizations to evaluate the threat surrounding wireless technology and evolving threats. As an open-source enthusiast, Josh has developed a variety of tools that can be leveraged for penetration testing and security analysis. Josh publishes his tools, papers and techniques for effective security analysis on his website at http://www.willhackforsushi.com.