Ethical Hacking and Hands On Security Training InfoSec Institute: Information Security Training
World Renown Instructors
Why train with people that know less than you? Why spend your time, money, and budget on a course where the instructor merely reads lines out of a "instructor's guide"? Why waste your time with an instructor that can offer no real-world insight, and gets confused when you ask a question that isn't in "the book"? InfoSec Institute has built its reputation on high caliber instructors. All of our instructors are required to: Have deep real-world experience in the subject matter.
Be recognized as an industry expert by members of the field.
Have excellent, rare to find, communication and teaching skills. Some of our instructor bios:
| |
|
 |
Jack Koziol
Senior Instructor
Jack, the lead author of The
Shellcoder's Handbook: Discovering and Exploiting Security
Holes, is a Senior Instructor and Security Program
Manager at InfoSec Institute, a provider of advanced ethical
hacking training. He regularly is called upon to train members
of the United States intelligence community, military, and
federal law enforcement agencies. Additionally, Jack provides
training for Fortune 500 companies, such as Microsoft, HP
and Citibank on how to better secure their networks and applications.
When not teaching hacking classes, Jack regularly performs
penetration tests and application security assessments for
a number of clients. He has years of private vulnerability
development and exploitation experience for his customers
and himself. Jack is also the author of Intrusion
Detection with Snort , one of the best selling security
books in its first year of publication, 2003. The book has
been translated into several languages, including French
and Japanese
, and has received rave reviews from Linux
Journal , Slashdot
and Information Security Magazine. Jack has appeared
in USA Today, CNN, MSNBC, First Business and other media outlets
for his expert opinions on information security.
View
Jack Koziol's Ethical Hacking and Computer Forensics Blog
|
| |
|
| |
|
| |
Josh Daymont
Senior Instructor
Josh has a proven track record of information security technical and business leadership, including groundbreaking published research, new product development and launches, as well as P&L responsibility for several regional North American information security consulting practices. Josh has held senior-level Security Researcher positions at ISS, McAfee and Fortify Software. He most recently held the position of Director of Research at SecureWorks,Inc, one of the largest Managed Security Service Providers (MSSPs) in North America.
Josh has discovered many vulnerabilities for private and public institutions. Some of his public vulnerability research can be found through a number of high-profile vulnerability advisories. As one of the founding members of the highly regarded ISS X-Force security research team, Josh discovered the PCNFSD vulnerabilities over 10 years ago. He also discovered the high-impact NIS vulnerabilities while conducting research at ISS .
Josh is frequently invited to speak at industry leading conferences, such as RSA, Black Hat Briefings, OWASP, Toorcon, WIB and many others. Josh has also been quoted frequently in the tech media from media outlets such as Information Security Magazine for subjects on Email Privacy, Web Compression Vulnerabilities, and iPod exploits.
Josh holds a BBA from Temple University in Philadelphia, and a Masters in Information Technology from the Georgia Institute of Technology.
|
 |
Andres Andreu
Senior Instructor
Mr. Andreu is the author of "Professional Pen Testing Web Applications", published by Wrox.
Mr. Andreu, a Cuban born American with a diverse background, comes from a strong Federal Government background. He served the United States of America in Information Technology and Security capacities, from 1991 to 2000, where he was the recipient of numerous Deprtment of Justice awards.
He holds a Bachelors Degree in Computer Science, graduating Summa Cum Laude with a 3.9 GPA from the American College of Computer and Informational Sciences. His employment is in the enterprise software space where he specializes in software / data security and cryptography. His experience comes from having architected and engineered, with a distinct focus on security, numerous software solutions for business and government/intelligence entities.
Mr.Andreu specializes in software, application, & web services security working with XML security, TCP and HTTP(S) level proxying technology, and strong encryption. He has many years of experience with technologies like LDAP, Web Services (SOA, SOAP, etc), enterprise applications, & application integration.
Publications authored by Mr. Andreu:
∞ Using LDAP to solve one company's problem of uncontrolled user data and passwords
∞ "Salted Hashes Demystified" - This paper is featured on:
OWASP
SecurityDocs
IT Toolbox
Infosec Writers
Open Source projects authored by Mr. Andreu:
∞ CSV2LDIF
∞ XML2LDAP
∞ WSFuzzer
|
 |
Dan Hestad
Senior Instructor
Dan is currently the director of the Advanced Threat Analysis Center (ATAC) for Northrop Grumman Corporation. He has an extensive background and interest in vulnerability research, secure coding, protocol analysis and cryptography. He also has experience in red team and deception operations, Information Operations and Information Warfare. Much of Dan's research remains classified. He has assisted several high profile cyber investigations including Solar Sunrise.
Prior to his current position, Dan spent over 10 years running SIGINT operations for the United States Navy; collecting network based intelligence on such targets as narcotics traffickers, nuclear proliferation operations and counterterrorism targets. He spent 4 years at the NSA (National Security Agency) conducting vulnerability research and supporting national cyber intelligence operations. Dan also served as the Director of Security at MFS Investment Management in Boston, MA.
Dan completed his graduate studies at the Naval Postgraduate School and did extensive research into computational trust models. He also studied and taught at the National Cryptologic School. Dan has spoken at such venues as RSA, Gartner, and CSI.
|
| |
|
 |
Rolf Rolles
Senior Instructor
Rolf has over 10 years experience with binary analysis and reverse engineering. Rolf was the principal engineer behind the Bindiff and VXclass tools developed by Sabre Security. Bindiff automatically discovers the difference between two binaries, thus enabling security researchers to pinpoint vulnerabilities that are patched by vendors. You can read more about Rolf's bindiff here:
http://www.securityfocus.com/news/11235
Recently, Sabre Security made the news by winning a $100,000 prize for innovation in the area of IT security with their product, VxClass.
Rolf has performed analysis of many binaries for both public and private sources. You can read a sample of one of Rolf's analysis at the OpenRCE portal.
|
| |
|
| |
|
 |
Justin Peltier
Senior Instructor
Justin Peltier is a Senior Security Consultant with Peltier Associates, with over ten years of experience in firewall and security technologies.
As a consultant, Justin has been involved in implementing, supporting, and developing security solutions, and has taught courses on many facets of information security, including vulnerability assessment and CISSP preparation. His previous employment was at Suntel Services, where he directed their security practice development. Prior to that, Justin was with Netigy, where he was involved in their corporate training efforts.
Justin currently holds 10 professional certifications (MCNE, MCP, CCSE, RHCE, CISSP, CCNA, CCSI, CCAE, SSCP, CFA, CEH) in an array of technical disciplines.
Justin has lead classes across the United States, as well as in Europe and Asia, for Peltier Associates, Sherwood Associates, Computer Security Institute, ISC2, the Mark I. Sobell Training Institute, Netigy Corporation, and Suntel Services.
Justin has developed and/or lead the following courses:
- Introduction to Windows NT Security
- Intermediate Windows NT Security
- Advanced Windows NT Security
- Installation and Configuration of Red Hat Linux
- Business Benefits of Virtual Private Networks
- Developing Policies and Procedures
- Risk Assessment Processes
- Conducting a Penetration Test
- Introduction to Checkpoint Firewall-1 Administration
- Advanced Checkpoint Firewall-1 Administration
- Conducting a Vulnerability Assessment
- WinX Vs. Linux: Which is more secure?
|
| |
|
| |
Nathan Weilbacher
Senior Instructor
Nathan has been teaching computer forensics courses at the
University and Corporate level since 1995. Prior to 1995 Nathan
served in the US Army, where he spent six years as a military
police investigator specializing in computer forensics. He
holds a MBA in Computer Business Information Systems and several
Industry certifications such as CHFI, CISSP, CCNP, and MCSE.
In addition to teaching with InfoSec Institute, he also teaches
the Computer Forensics Examiner (CFE) course at Southern Methodist
University. Nathan currently works in the Computer Forensics
field, working on high profile multi-million dollar intellectual
property theft cases. In addition to Computer Forensics he
teaches courses for certification in CISSP, CCNP, MCSE, Ethical
Hacking, Wireless Security, and Security+.
|
| |
|
| |
|
 |
Leonard Smart
Senior Instructor
Mr. Smart has over thirty years of professional experience
in telecommunications and computing technology. Through most
of his career, he has specialized in the application of telecommunications
technology to business and industrial computing applications.
Mr. Smart has been responsible for technical designs, project
management and budget control for a number of large energy-related
projects in Canada and overseas. He managed key data communications
planning and design projects for the Saudi ARAMCO, including
performance and reliability features of these activities.
He held responsibility for the design and provisioning of
communications services for a Northern Canada oil pipeline
system, supporting all aspects of planning and procurement
of telecommunications services, specifically including operational
supervisory control and data acquisition (SCADA) systems.
Mr. Smart has established a widely respected reputation as
a consultant to industry and government clients in context
of business data network design, strategic analysis, detailed
requirements specification and reengineering initiatives.
He has acted as project leader for a number of key projects,
including a national weather service data collection infrastructure
design, a multi-vendor open architecture enterprise network
design for a Fortune 500 company, and a regional mobile radio-based
data network for a law enforcement application.
Since his first encounter with a consulting assignment that
gave him opportunity to teach a professional training course
in 1983, he has increasingly focused his career on this role
as a personal priority. He is in high demand as a uniquely
experienced presenter, having successfully delivered in excess
of 500 Internet Architecture (TCP/IP), Data Networking, Mobile
Computing, Network Security, Broadband Cable and SCADA Technology
training courses in some 20 countries world-wide.
Mr. Smart is a registered Professional Engineer in the Province
of British Columbia, and a member of the IEEE.
|
| |
|
 |
Trevor Hawthorn
Senior Instructor
Trevor has 12 years of information security experience in various roles. Trevor specializes in risk management, application and infrastructure vulnerability assessment, penetration testing, wireless security and incident response. He is also a regular instructor of the Certified Ethical Hacker (CEH) training course. Previously he was a Senior Security Consultant with Cybertrust (Formerly TruSecure) where he performed information security assessments for organizations across multiple industries. Prior to Cybertrust Trevor was a Security Engineer at UUNET Technologies where he was heavily involved in DDoS Attack mitigation, protection of critical infrastructure and special security projects. While at UUNET, Trevor gave bi-annual presentations to the FBI’s NIPC group at the FBI Training Academy in Quantico, VA. Additionally he provided training and presentations to the US Secret Service, Florida Department of Law Enforcement, and the Mid-Atlantic chapter of the Hi-Tech Crime Investigation Association. Trevor also worked for EarthLink Network, Inc. as the first Network Abuse Administrator where he responded to reports of spamming, hacking, fraud and other threats.
|
| |
|
| |
|
| |
Bryce Galbraith
Senior Instructor
Bryce began his IT journey at 10 years of age with a Commodore 64 and a 300 baud modem - he never looked back. As a contributing author of the internationally bestselling book, Hacking Exposed: Network Security Secrets & Solutions, Bryce helped bring the secret world of hacking out of the darkness and into the public eye.
Bryce regularly teaches at the ever popular "Black Hat Briefings & Training" conferences and provides consulting services to clients around the world. Bryce is a member of several security-related professional organizations and is a Certified Information System Security Professional (CISSP), a GIAC Certified Incident Handler (GCIH) and a Certified Ethical Hacker (CEH).. |
| |
|
 |
Dan Moniz
Senior Instructor
Dan Moniz has over ten years experience in information security,
and is a former member of The Shmoo Group. He has spoken at
security industry conferences including Defcon, ShmooCon,
ToorCon, The Intelligence Summit, and The Black Hat Briefings
in both Las Vegas and Tokyo.
In addition, he has provided security training for audiences
at global Fortune 50 companies. He previously held positions
at Alexa Internet (an Amazon.com company), The Electronic
Frontier Foundation, Cloudmark, and Viasec.
|
| |
|
| |
Peter Thermos
Senior Instructor
Peter Thermos has worked in the information security and
assurance area since 1995, when he started working for Bellcore
(now Telcordia). Peter acts as the lead technical expert on
various tasks (for commercial and government organizations)
associated with information security and assurance, including
security risk assessments, standards and requirements development,
ISO 17799 assessments, network security architecture, and
organizational security strategy. In addition, Peter has been
the principal investigator on research tasks, in the area
of Internet Multimedia and Next Generation Networks and security,
that were are funded by government organizations such as NIST
(National Institute of Standards and Technology) and LTS (Lab
for Telecommunication Sciences).
At LTS, Peter performed research for Telecommunication Sciences
in the area of VoIP. The support included development and
testing of protocols (e.g. SIP, STUN), developing reports
and giving presentations to interested LTS audience and participating
on online IETF discussions (e.g. MIDCOM IETF Working Group)
to reflect findings to improve the protocols under investigation.
At NIST the project was divided into four sub-tasks, for which Peter
acted as the lead researcher and manager on two. The tasks
included: 1) Identification and evaluation of NGN/VoIP technologies,
including protocols and components; 2) Development of advanced
protection profiles for next generation networks; 3) Development
of an anomaly detection capability for NGN/VoIP signaling
gateways and a study of their behaviors, including detection,
suppression, scalability, and manageability; and 4) Design
and implementation of an enterprise VoIP (Voice over IP) network
to study the effects of using IPSec to protect SIP signaling.
Peter also lead the information security assessment exercises
for the 2004 Athens Olympics telecommunications network provided
by OTE (Greek telecommunications provider). Peter holds a
Masters of Science in Computer Science from Columbia University
and is a member of ACM and IEEE.
Peter is also the organizer for the Voice over Packet Security
Consortium, you can view the VoPSecurity website here:
In addition, Peter has written one of the top technical articles
on SIP security attacks.
|
| |
|
| |
|
 |
Nate Miller
Senior Instructor
Nate has 12 years of information security experience in government and commercial markets, including security architecture and design for large networks, risk management, application security assessment, vulnerability and penetration testing and wireless security assessment engagements. Nate is a regular instructor of the Certified Ethical Hacker (CEH) training course. Previously, he was employed as a Senior Security Consultant at Cybertrust, performing many types of engagements primarily focusing on web application security assessments and delivering web application security testing training.
Prior to working at Cybertrust, Nate worked at International Network Services as a Senior Network Security Consultant and performed many engagements including penetration testing, vulnerability assessments, secure network design and implementation. Prior to that, he was employed by a large Government Contractor and was involved in a number of secure network deployment projects for Federal, State, and Local Law Enforcement Agencies.
|
| |
|
| |
Stephen Ridley
Senior Instructor
Stephen Ridley was most recently a Senior Security Architect in the McAfee Security Architecture Group, a division of Avert Labs. There he performed manual code audits as well as static and run-time reverse engineering of vulnerable software. Prior to McAfee, Stephen did reverse engineering and vulnerability research with a highly skilled skunkworks team at a leading U.S. Defense/Intel contractor. Stephen is an original member of Kenshoto, the organizers that returned dignity to Capture-The-Flag at Defcon.
|
| |
|
| |
|
 |
Terrence O'Brien
Instructor
Terrence has worked in Information Security in both the public
and private sector for over 9 years. He has public and "private"
vulnerability discovery and development experience. Terrence
is often called upon by Fortune 100 companies to assess security
of mission critical information systems, such as ATM, cellular
base station, and wire transfer software. He regularly performs
penetration tests for national financial institutions, hedge
funds, and insurance providers. Terrence was the top rated
ethical hacking instructor at his previous employer. He graduated
with summa cum laude from Stanford University with a bachelor's
degree in computer science. |
|