The SANS Technology Institute

Stephen Northcutt - Ex Officio: Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu. Stephen is author/coauthor of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security 2nd Edition, IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection 3rd edition. He was the original author of the Shadow Intrusion Detection system before accepting the position of Chief for Information Warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crewman, white water raft guide, chef, martial arts instructor, cartographer, and network designer.

Alan Paller - Chair:

Alan Paller is the director of research for the SANS Institute, responsible for projects ranging from the Internet Storm Center (the Internet’s early warning system with 500,000 sensors around the world) to the Top Ten Security Menaces of the coming year. He also edits NewsBites, the twice-weekly summary of the most important news stories in security. But he says his most satisfying responsibility is finding people who have solved important security problems and helping SANS 85,000 alumni in 60 countries learn about those people and their discoveries.

Alan earned degrees in computer science and engineering from Cornell and MIT. He wrote hundreds of articles on computer graphics, EIS and computer security, and authored two books, The EIS Book: Information Systems for Top Managers and How to Give the Best Presentation of Your Life.

He has testified before the House and Senate, and in 2001 the President named Alan as one of the original members of the National Infrastructure Assurance Council. In 2005 the Federal CIO Council chose him as its annual Azimuth Award winner recognizing his singular vision and outstanding service to government information technology.

His degrees are from Cornell University and the Massachusetts Institute of Technology.

Ronald A. Phipps - Higher Education Community Representative: Ron Phipps is a Senior Associate at the Institute for Higher Education Policy where he manages projects related to financing of higher education, statewide governance and administration, distance learning and technology, and other topics in the field of higher education policy. Dr. Phipps is the author of the definitive study of distance learning in higher education, Quality on the Line, which addressed benchmarks for success in Internet-based distance education. Dr. Phipps has managed several large-scale analysis projects in support of state higher education agencies and educational institutions in Russia and other countries. Dr. Phipps has almost four decades of higher education experience as a higher education administrator, researcher, and analyst. He previously served as Executive Director of the Alaska Commission on Postsecondary Education and as Assistant Secretary of the Maryland Higher Education Commission, where he conducted and supervised policy analysis, planning, and research.

Dave Shackleford - Security Industry Representative: Dave Shackleford is EMC's chief security strategist, as well as the head of the Center for Policy and Compliance, a group focused on developing controls for industry and regulatory compliance initiatives. He is also an instructor and course author for the SANS Institute, where he serves as a GIAC technical director. Previously, Dave worked as chief technical officer for both the Center for Internet Security and a security consulting firm in Atlanta where he became one of the first Visa-certified Qualified Security Assessors while managing the firm's PCI compliance practice. He has managed information security for a major airline and has also worked as a security architect, analyst, and manager for several Fortune 500 companies. In addition, he has consulted with hundreds of organizations in the areas of regulatory compliance, security and network architecture, and engineering. Dave is the co-author of Hands-On Information Security from Course Technology as well as the "Managing Incident Response" chapter in the Course Technology book Readings and Cases in the Management of Information Security. Recently, Dave co-authored the first published course on virtualization security for the SANS Institute. Dave currently serves on the board of directors at the Technology Association of Georgia's Information Security Society and the SANS Technology Institute.

Ed Skoudis - SANS Teaching Faculty Representative: Ed Skoudis is a founder and Senior Security Consultant with Intelguardians, a Washington DC based information security consulting firm. Ed teaches SANS Hacker Techniques, Exploits and Incident Handling course on a regular basis. Ed's expertise includes hacker attacks and defenses, the information security industry, and computer privacy issues. He has performed security assessments and designed information security governance and operations teams for Fortune 500 companies, and has provided rapid response to computer attacks for clients in financial, high technology, healthcare, and other industries. Ed conducted a demonstration of hacker techniques against financial institutions for the United States Senate and is a frequent speaker on issues associated with hacker tools and defenses. He has published several articles on these topics, as well as the Prentice Hall best selling book, Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses. His latest book is titled Malware: Fighting Malicious Code. Ed was also awarded a 2004 Microsoft MVP award for Windows Server Security, and is a member of the Honeynet Project. Ed's Master of Science degrees was earned at Carnegie Mellon University.

Lenny Zeltser - GIAC Certification Representative: Lenny Zeltser leads a security consulting team at Savvis. He is also a Board of Directors member at SANS Technology Institute, a SANS faculty member, and an incident handler at the Internet Storm Center. Lenny frequently speaks on information security and related business topics at conferences and private events, writes articles, and has co-authored several books.

Lenny is one of the few individuals in the world who've earned the highly-regarded GIAC Security Expert (GSE) designation. He also holds the CISSP certification. Lenny has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania. For more information about his projects, see http://www.zeltser.com.

Richard Hammer - Alumni Representative: Richard is a Technical Staff Member at Los Alamos National Laboratory. He is a senior Network/System administrator, Organizational Computer Security Representative (OCSR), and Information System Security Officer (ISSO) for the Advanced Nuclear Technology group (N-2). He has experience with most operating systems and many programming languages. Network and System security has become a larger part of his job description in the last ten years; Richard attended his first SANS conference in 1998. He is a former high school Mathematics and Computer Science teacher and is currently teaching Networks I&II, Server Configuration, and System Security courses at the College of Santa Fe. He currently holds GIAC GSEC, GCFW, GCIA, GCIH, GCUX, GCNA, GSPA certifications, CISSP and Security+ certifications, CEH certification; and he is a former Chair/Vice Chair of the GCFW advisory board. Richard is the first graduate of the SANS Technology Institute (MSISE), and serves as a Course Advisor for students at SANS Technology Institute.

Thomas A. Johnson - Higher Education Community Representative: Dr. Johnson serves as Dean of the College of Criminal Justice and Forensic Sciences. He received his undergraduate education at Michigan State University and his graduate education at the University of California - Berkeley and is the author of four textbooks and numerous publications. Dean Johnson founded the Center for Cybercrime and Forensic Computer Investigation, and serves as Director of the Forensic Computer Investigation Graduate program and the on-line program in Information Protection and Security at the University of New Haven. Dean Johnson developed the Graduate National Security program with campus offerings in Connecticut, Virginia and two of our National Nuclear Security Administration Laboratories in California and New Mexico.

Rick Wanner - Master's Candidate Director in Training: Rick Wanner is a security manager in Corporate Security at SaskTel responsible for all aspects of policy compliance including policy development, security consulting, risk assessment, compliance assessment and penetration testing. Rick has over 20 years experience in IT, and since 1996 has specialized in Information Security, working in many facets of security, including firewall analyst, security architect, security integration specialist, security consultant and penetration tester. Rick is active with SANS and GIAC and has participated in numerous activities including the Top 20 vulnerabilities project, SSH Step by Step guide, GSEC courseware revisions, courseware development, GIAC Gold advisor, SANS Advisory Board, and was integral in the creation of the GIAC Ethics Council. Rick holds GIAC GCFW, GCIH, GSNA, GCIA, GHTQ, and GREM and is currently completing his MSISE with SANS Technology Institute. Rick is a member of the Canadian Information Processing Society (CIPS), a certified Information Systems Professional (ISP), and member of the CIPS Saskatchewan Professional Conduct Committee. Rick is involved in running a community soccer league, coaching his children, and teaching security in his community.