Faculty Directory

Adam is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

Beyond consulting and training, Shostack serves as an advisor to a variety of companies and academic institutions, and as an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Gal Shpantzer has been a full-time security consultant since the year 2000, providing (mostly good) advice to early-stage tech startups, security vendors, Ivy League universities, non-profits, and Fortune 50 clients. Gal owns and operates a boutique consultancy focused on vCISO and Observability Pipeline services that enable modern, scalable, user-friendly, auditable, and forensically ready security programs. Gal leads security programs and projects that empower business and technical leadership to prevent, detect and respond to security incidents, including threats to confidentiality (sophisticated IP theft) and availability (DDoS, ransomware).

Chris is founder of CG Silvers Consulting, an independent network, system, and enterprise security consultancy with almost three decades of technical and managerial experience in the financial, retail and wholesale industries. He specializes in internet-based security assessments, security training, social engineering, and risk and compliance consulting. Chris has a deep and broad skillset and proven ability to conceive, execute, and articulate on enterprise security strategy to C-level executives.

Caleb is the VP of Security at Databricks, a Unified Data Analytics Platform. Previously, he served as the Managing Vice President of Cyber Security at CapitalOne. Caleb has held many executive-level positions at information technology and security companies in addition to starting and running his own companies. Currently, he also serves as an Investor & Advisor to Pindrop Security.

Anand is a seasoned Information Security practitioner with domain expertise of healthcare, retail, ecommerce, and finance. His CISO roles span the spectrum of Fortune 100 to early stage companies. Anand’s personal mission is to drive solutioning of complexities and challenges in the Information Security space such as Cloud security, board oversight of cybersecurity programs, cybersecurity talent grooming and advancement, and emerging threats. Anand also serves as an adjunct faculty at Mitchell Hamline School of Law teaching Incident Management and Response.

Ed Skoudis is the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.

Eric is the CEO and Co-Founder of Lares, an international cybersecurity consulting firm specializing in a wide range of offensive, defensive, and advisory services. He is committed to a lifelong career in Information Security holding positions as CEO, CTO, VP, Co-Founder, Engineer and Consultant spanning over the last three decades.

Paul Snyder is a Director of Information Security GRC with experience leading global teams of cybersecurity professionals in healthcare, manufacturing and financial services verticals. Paul brings a unique blend of experience leading Information Security GRC, Engineering and Risk Advisory teams, enabling him to translate complex technical challenges into strategic solutions that resonate with executive leadership. From guiding strategic risk initiatives to streamlining operations through data-driven insights, Paul brings both vision and hands-on expertise to securing today’s digital landscape.

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Taryn brings over 15 years of experience in cybersecurity, governance, vulnerability management and ethical hacking. She has established a reputation as a results-driven leader in the field and proven herself adept at managing complex security challenges across finance, government and healthcare organizations. Taryn currently serves as Risk Governance and Insights Lead for Google gTech where she heads efforts to bolster global cybersecurity strategies and implement cutting-edge governance programs across diverse portfolios.

Kevin is the Founder, CEO, and Principal Security Consultant of Secure Ideas, an information security consulting company that focuses on penetration testing services and training. He is also a founder and contributor of many open source projects including the Samurai Web Testing Framework (SamuraiWTF), a web penetration testing and training environment, and the Basic Analysis and Security Engine (BASE) project, a web front-end for Snort Analysis

James is a Managing Partner at Cyverity, an information security consulting firm specializing in cybersecurity risk assessment and governance that is based in Venice, Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James is also a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute, a contributor to the Center for Internet Security’s Controls for many years, and a founder of the Cybersecurity Risk Foundation (CRF).

Kelli is a Principal Consultant and Co-Founder of Enclave Security, an information security consulting firm specializing in governance. As a security architect and project manager, she specializes in IT audit, governance, policy library development, and information assurance strategies. She is a courseware author for the SANS Institute as well as one of the lead technical editors for the Center for Internet Security’s Critical Security Controls. She is also the lead author for many of the governance resources and creator of tools and policies at AuditScripts.com. You can follow her on Twitter @KelliTarala

Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute,  where he primarily teaches the use of Python for information security purposes.