About Our Advisory Board

About Our Advisory Board

At SANS Securing the Human our goal is to have the most effective, high-impact training possible. To ensure we maintain that goal every training product has its own, dedicated Advisory Board made up of SANS instructors, industry leaders, customers and community members. Each Advisory Board continually reviews and and provides feedback on our to training to ensure it is the most current and effective training possible. We would like to recognize the leaders and key members of these advisory boards.

Advisory Board Leads

Dr. Lisa Murray-Johnson and Lance Spitzner
Frank Kim and Eric Johnson
Mike Assante and Tim Conway
Mike Assante and Tim Conway
James Tarala and Kelli Tarala

Our Advisors

While its impossible to list all of our advisors, below are some of the key ones.

Michael Assante, SANS Lead ICS/SCADA Training

Michael Assante is currently the SANS lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security. He served as Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent. Prior to joining NERC, Mr. Assante held a number of high-level positions at Idaho National Labs and served and as Vice President and Chief Security Officer for American Electric Power. Mr. Assante's work in ICS security has been widely recognized and was selected by his peers as the winner of Information Security Magazine's security leadership award for his efforts as a strategic thinker. The RSA 2005 Conference awarded him its outstanding achievement award in the practice of security within an organization. He has testified before the US Senate and House and was an initial member of the member of the Commission on Cyber Security for the 44th Presidency. Before his career in security served in various naval intelligence and information warfare roles, he developed and gave presentations on the latest technology and security threats to the Chairman of the Joint Chiefs of Staff, Director of the National Security Agency, and other leading government officials. In 1997, he was honored as a Naval Intelligence Officer of the Year.

Tim Conway, SANS Director ICS/SCADA Training

Technical Director of ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.

Bryce Galbraith, SANS Certified Instructor

As a contributing author of the internationally bestselling book Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye. Bryce has held security positions at global ISPs and Fortune 500 companies, he was a member of Foundstone's renowned penetration testing team and served as a senior instructor and co-author of Foundstone's Ultimate Hacking: Hands-On course series. Bryce is currently the owner of Layered Security where he provides specialized vulnerability assessment and penetration testing services for clients. He teaches several of the SANS Institute's most popular courses and develops curriculum around current topics. He has taught the art of ethical hacking and countermeasures to thousands of IT professionals from a who's who of top companies, financial institutions, and government agencies around the globe. Bryce is an active member of several security-related organizations, he holds several security certifications and speaks at conferences around the world.

Brian Honan, Principal Consultant - BH Consulting

Brian Honan is an independent security consultant based in Dublin, Ireland, and is also the founder and head of IRISSCERT, Ireland's first CERT. He is a Special Advisor to Europol's Cybercrime Centre (EC3), an adjunct lecturer on Information Security in University College Dublin. He is the author of the book ISO 27001 in a Windows Environment and co-author of The CSA Guide to Cloud Computing and The Cloud Security Rules. He is a regular speaker at major industry conferences. In 2013 Brian was awarded SC Magazine Information Security Person of the year for his contribution to the computer security industry.

Eric Johnson, Senior Security Consultant

Eric Johnson is a security consultant at Cypress Data Defense and an instructor and contributing author for the SANS DEV544 Secure Coding in.NET course. He previously spent six years performing web application security assessments for a large financial institution and another four years focusing on ASP.NET web development. Other experience includes developing security tools, secure code review, vulnerability assessment, penetration testing, risk assessment, static source code analysis, and security research. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University. Eric currently holds the GSSP-.NET, GWAPT, and CISSP certifications and is located in West Des Moines, IA.

Frank Kim, SANS Certified Instructor

Frank Kim is a security leader with over 16 years of experience in information security, risk management, and enterprise IT. He has a passion for developing security strategies and building teams focused on practical solutions to business risks. He currently serves as the curriculum lead for application security at the SANS Institute and is the author and an instructor for the Secure Coding in Java course. Frank is a popular public speaker and has presented at security, software development, and leadership events around the world.

Robert M. Lee, SANS Instructor

Robert M. Lee is a co-founder at the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is the course author of SANS ICS515 - "Active Defense and Incident Response" and the co-author of SANS FOR578 - "Cyber Threat Intelligence." He is a passionate educator although he should not be confused with the other Rob Lee at SANS - that Rob Lee is cooler but has less hair. Robert obtained his start in cyber security in the U.S. Air Force where he currently serves as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert is also currently pursuing his PhD at Kings College London with research into the cyber security of control systems and is the author of "Little Bobby" - a weekly web-comic on security and technology: http://www.LittleBobbyComic.com

Clay Risenhoover, President of Risenhoover Consulting, Inc.

Clay is the president of Risenhoover Consulting, Inc., an IT management consulting firm based in Durant, Oklahoma. Founded in 2003, RCI provides IT audit and IT management consulting services to clients in multiple sectors. Clays past experience includes positions in software development, technical training, LAN and WAN operations, and IT management in both the private and public sector. He has a master's degree in computer science and holds a number of technical and security certifications, including GPEN, GSNA, CISA, CISM, and CISSP.

Bob Rudis, Sr Data Scientist & Managing Principal, Verizon Security Research

Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is a Security Data Scientist at Verizon. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), occasional best-selling author (Data-Driven Security), speaker, and regular contributor to the open source community (github.com/hrbrmstr). He currently serves on the board of directors for the Society of Information Risk Analysts, is on the editorial advisory board of SANS Securing The Human and was co-chair of the 2014 Metricon security metrics/analytics conference. He holds a bachelor's degree in computer science from the University of Scranton.

Lance Spitzner, Director, SANS Securing The Human

Lance Spitzner has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and published three security books. Lance has worked and presented in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, Lance is a serial tweeter (@lspitzner), avid blogger and works on numerous community security projects. Before working in information security, Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois-Chicago.

James Tarala, SANS Senior Instructor

James Tarala is a principal consultant with Enclave Security and is based out of Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University and his graduate work at the University of Maryland. He holds numerous professional certifications.

Kelli Tarala, Co-Founder of Enclave Security

Kelli K. Tarala (Twitter: @KelliTarala) is a principal consultant and co-founder of Enclave Security. As a security architect and project manager, she specializes in IT audit, governance, and information assurance strategies. She is a courseware author for a number of the SANS Institute's courses as well as Securing the Human modules. In addition, she serves as one of the lead technical editors and contributors to the Critical Security Controls project. She has completed graduate work at the University of Wisconsin Madison and holds multiple professional certifications.

Dr. Johannes Ulrich, Dean of Research for the SANS Technology Institute

As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.

Benjamin Wright, SANS Senior Instructor

An attorney in private practice, Benjamin Wright teaches the SANS Institute's Legal 523 course titled "Law of Data Security and Investigation." Wright is the author of several technology law books, including Business Law and Computer Security, published by SANS. Mr. Wright advises many organizations, large and small, on privacy, e-commerce, cyber security, and e-mail record retention and has been quoted in publications around the globe, from the Wall Street Journal to the Sydney Morning Herald. Mr. Wright is known for spotting and evaluating trends, such as the rise of whistleblowers wielding small video cameras. He has published many blog articles accessible at https://plus.google.com/+BenjaminWright1/about.