As CISO at the SANS Institute Frank leads the security risk function for the most trusted source of computer security training, certification, and research in the world. He also helps shape, develop, and support the next generation of security leaders through teaching, developing courseware, and leading the management and software security curricula.
Prior to the SANS Institute, Frank was Executive Director of Cyber Security at Kaiser Permanente with accountability for delivering innovative security solutions to meet the unique needs of the nation's largest not-for-profit health plan and integrated health care provider with annual revenue of $55 billion, 9.5 million members, and 175,000 employees. In recognition of his work, Frank was a two-time recipient of the CIO Achievement Award for business enabling thought leadership.
Frank holds degrees from the University of California at Berkeley and is a SANS certified instructor as well as the author of popular courseware on strategic planning, leadership, and application security.
"Frank provided great real world examples of attacks, course material, and quality. This is the best secure development course I have come across taught by a great instructor with top teaching skills and time management." - Andreas Hegna, Storebrand Livsforsikring AS
"Frank is a very engaging speaker and brings the examples in the class that can actually be used in real world scenarios." - Anthony Head, University of Richmond
Even when his job title has indicated otherwise, Mick Douglas has been doing information security work for over 10 years. He received a bachelor's degree in communications from Ohio State University and holds the CISSP, GCIH, GPEN, GCUX, GWEB, and GSNA certifications. He currently works at Binary Defense Systems as the DFIR Practice Lead.
He is always excited for the opportunity to share with others so they do not have to learn the hard way! By studying with Mick, security professionals of all abilities will gain useful tools and skills that should make their jobs easier. When he's not "geeking out" you'll likely find Mick indulging in one of his numerous hobbies; photography, scuba diving, or hanging around in the great outdoors.
"Mick does an excellent job of delivering the material. His interest in and passion for this class is obvious." - Matt Steinberg
"Priceless information! Best instructor ever." - Mat Rose, capgemini-gs
Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. He is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. Eric serves on the advisory board for the SANS Securing the Human Developer awareness training program and is a contributing author for the developer security awareness modules. His experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. Eric completed a bachelor of science in computer engineering and a master of science in information assurance at Iowa State University, and currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications. He is located in West Des Moines, IA and outside the office enjoys spending time with his wife and daughter, attending Iowa State athletic events, and golfing on the weekends.
Listen to Eric discuss "WhatWorks in AppSec: ASP.NET Identity and AntiForgery Tokens" in this SANS webcast.
"I learned a ton of very valuable security techniques today. Eric has a knack for explaining complex topics in a way that makes them easy to understand." - Phil McCullough, ARRT
"This was a great course! Eric was able to help me shift my thinking from development to securing my apps and corporation." - Matt Brundage, Magellan Midstream Partners
Jason is accountable for cyber security at a large global financial company. He has over 15 years of experience in the information security industry progressing from hands-on research work to securing large-scale enterprise environments. His recent SANS Institute courseware development includes Defending Web Application Security Essentials and Web Application Pen Testing Hands-On Immersion.
Jason started out as a programmer before moving on to an ISP as a network administrator. Handling security incidents for this ISP sparked his interest in information security. Over the years, Jason has performed and led intrusion detection, penetration testing, defense improvement programs and incident response in large enterprise environments. Recently, Jason specializes in building large-scale security operations teams to handle the full cycle of threat identification, response and remediation, in parallel with his passion for directing enterprise web application security programs.
Gregory Leonard has more than 17 years of experience in software development, with an emphasis on writing large-scale enterprise applications. Greg's responsibilities over the course of his career have included application architecture and security, performing infrastructure design and implementation, providing security analysis, conducting code reviews and evaluating performance diagnostics. He is currently employed as an application security consultant at Optiv Security, Inc.
Listen to Gregory discuss "Blocking XSS attacks with Content Security Policy" in this SANS webcast.
"The content and more importantly Greg's presentation of DEV541 was exactly what I was looking for to improve my knowledge." - Gilbert Lappano, Northrop Grumman IS
"The instructor is well versed in subject and this makes the complex issues more understandable." - Mason Jackson, NGIS
Sri Mallur is a security consultant at a major healthcare provider. Sri has over 15 years of experience in software development and information security. He has designed and developed applications for large companies in the insurance, chemical, and healthcare industries. He has extensive consulting experience from working with one of the big 5. Sri currently focuses on security in SDLC by working with developers, performing security code review, and consulting on projects. He is also currently involved with mobile app security. Sri holds a Masters in industrial engineering from Texas Tech University, Lubbock, TX and an MBA from Cal State University-East Bay, Hayward, CA.
Mano Paul is a seasoned veteran in the discipline of information security, software assurance, and software development, spanning responsibilities that include designing and developing security programs from compliance
to coding, security in the software development lifecycle, risk management, security strategy, awareness, training and education. He is the CEO of SecuRisk Solutions and Express Certifications, companies that specializes in information security training, product development, consulting, and certification assessment. He is also an (ISC)2 appointed software assurance advisor and a member of the Application Security Advisory council. He holds the CISSP, CSSLP, GWAPT, GSSP-.Net, MCSD, MCAD, ECSA and CompTIA Network+ certifications.
Megan is currently a certified instructor with the SANS Institute as well as a senior engineer with Savvis. She has over 16 years of experience in information technology with an extensive background in secure application infrastructure design/management utilizing Linux and Windows environments for both small and large implementations. Her experience spans several verticals, including financial services, healthcare, education, and telecommunications, allowing her to have a well-rounded understanding of various business needs. Megan holds several professional certifications from Red Hat, Cisco, ISC2, and SANS. She also holds a BS in computer science and an MBA from Columbia University. Megan's most recent focuses were on DLP, security regulations, secure applications design and training, secure infrastructure design, and vendor risk assessments.
Johannes Ullrich, Ph.D.
As Dean of Research for the SANS Technology Institute, Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. In 2000, he founded DShield.org, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.
Listen to Johannes discuss "HTML5: Risky Business or Hidden Security Tool Chest for Mobile Web App Authentication" in this SANS webcast.
"Johannes has an excellent teaching approach and did a great job of fighting the brain overload later in the day." - Brad Meyers, Molina Healthcare
"Excellent teaching style! Very knowledgeable, listens to questions, will keep explaining in different examples until you understand." - Lori Stockdale, NYISO