Instructors

Instructors

Frank Kim

Frank Kim

As CISO at the SANS Institute Frank leads the security risk function for the most trusted source of computer security training, certification, and research in the world. He also helps shape, develop, and support the next generation of security leaders through teaching, developing courseware, and leading the management and software security curricula.

Prior to the SANS Institute, Frank was Executive Director of Cyber Security at Kaiser Permanente with accountability for delivering innovative security solutions to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $55 billion, 9.5 million members, and 175,000 employees. In recognition of his work, Frank was a two-time recipient of the CIO Achievement Award for business enabling thought leadership.

Frank holds degrees from the University of California at Berkeley and is a SANS certified instructor as well as the author of popular courseware on strategic planning, leadership, and application security.

"Frank provided great real world examples of attacks, course material, and quality. This is the best secure development course I have come across taught by a great instructor with top teaching skills and time management." - Andreas Hegna, Storebrand Livsforsikring AS

"Frank did a great job of providing examples and encouraging discussion." - Andy Thomas, VF

Mick Douglas

Mick Douglas

Even when his job title indicated otherwise, Mick Douglas has been doing information security work for over ten years. He received a bachelor's degree in Communications from the Ohio State University and holds the CISSP, GCIH, GPEN, GCUX, GWEB, and GSNA certifications. He currently works at Binary Defense Systems as the DFIR Practice Lead.

He is always excited for the opportunity to share with others so they do not have to learn the hard way! Please join in; security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find him indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.

"Mick does an excellent job of delivering the material. His interest in and passion for this class is obvious." - Matt Steinberg

"Priceless information! Best instructor ever." - Mat Rose, capgemini-gs

Eric Johnson

Eric Johnson

Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. He is located in West Des Moines, IA and outside the office enjoys spending time with his wife and daughter, attending Iowa State athletic events, and golfing on the weekends.

Listen to Eric discuss "WhatWorks in AppSec: ASP.NET Identity and AntiForgery Tokens" in this SANS webcast.

"I learned a ton of very valuable security techniques today. Eric has a knack for explaining complex topics in a way that makes them easy to understand." - Phil McCullough, ARRT

"This was a great course! Eric was able to help me shift my thinking from development to securing my apps and corporation." - Matt Brundage, Magellan Midstream Partners

Jason Lam

Jason Lam

Jason is a senior security analyst at a major financial institution in Canada. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion. He is currently a SANS certified instructor. Jason started his career as a programmer before moving on to ISP network administration, where he handled network security incidents, which sparked his interest in information security. Jason specializes in Web application security, penetration testing, and intrusion detection. He holds a BA in computer science from York University in Toronto, Ontario, as well as the CISSP, GCIA, GCFW, GCUX, GCWN, and GCIH certifications.

"Jason is a very knowledgeable instructor who demonstrates issues and solutions in modern web application security very well." - Colin Sullivan, Europol

"Jason's teaching style uses lots of illustrative, relevant and enlightening anecdotes to help make the course content accessible." - Daniel Abrahamsson, Klarna AB

Gregory Leonard

Gregory Leonard

Gregory Leonard has over 16 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg's responsibilities have included application architecture and security, performing infrastructure design and implementation, security analysis, code reviews, and evaluating performance diagnostics. Greg is currently focusing on overseeing the integration of secure development practices for his company.

http://www.linkedin.com/pub/greg-leonard/6/901/669 

Listen to Gregory discuss "Blocking XSS attacks with Content Security Policy" in this SANS webcast.

"The content and more importantly Greg's presentation of DEV541 was exactly what I was looking for to improve my knowledge." - Gilbert Lappano, Northrop Grumman IS

"The instructor is well versed in subject and this makes the complex issues more understandable." - Mason Jackson, NGIS

Srinidhi Mallur

Srinidhi Mallur

Sri Mallur is a security consultant at a major healthcare provider. Sri has over 15 years of experience in software development and information security. He has designed and developed applications for large companies in the insurance, chemical, and healthcare industries. He has extensive consulting experience from working with one of the big 5. Sri currently focuses on security in SDLC by working with developers, performing security code review, and consulting on projects. He is also currently involved with mobile app security. Sri holds a Masters in industrial engineering from Texas Tech University, Lubbock, TX and an MBA from Cal State University-East Bay, Hayward, CA.

Mano Paul

Mano Paul

Mano Paul is a seasoned veteran in the discipline of information security, software assurance, and software development, spanning responsibilities that include designing and developing security programs from compliance

to coding, security in the software development lifecycle, risk management, security strategy, awareness, training and education. He is the CEO of SecuRisk Solutions and Express Certifications, companies that specializes in information security training, product development, consulting, and certification assessment. He is also an (ISC)2 appointed software assurance advisor and a member of the Application Security Advisory council. He holds the CISSP, CSSLP, GWAPT, GSSP-.Net, MCSD, MCAD, ECSA and CompTIA Network+ certifications.

Megan Restuccia

Megan Restuccia

Megan is currently a certified instructor with the SANS Institute as well as a senior engineer with Savvis. She has over 16 years of experience in information technology with an extensive background in secure application infrastructure design/management utilizing Linux and Windows environments for both small and large implementations. Her experience spans several verticals, including financial services, healthcare, education, and telecommunications, allowing her to have a well-rounded understanding of various business needs. Megan holds several professional certifications from Red Hat, Cisco, ISC2, and SANS. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and vendor risk assessments.

Johannes Ullrich, Ph.D.

Johannes Ullrich, Ph.D.

As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. He founded DShield.org in 2000, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in Physics from SUNY Albany and is located in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.

@johullrich

@sans_isc

Listen to Johannes discuss "HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication" in this SANS webcast.

"Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day." - Brad Meyers, Molina Healthcare

"Excellent teaching style! Very knowledgeable, listens to questions, will keep explaining in different examples until you understand." - Lori Stockdale, NYISO