Faculty Directory

Richard is the Chief Risk Officer at Resilience. Prior to joining Resilience in 2021, he was the co-founder and president of Soluble, a cloud security company sold to Lacework in October 2021. He was previously the CISO of Twilio, GE Healthcare and Lending Club. He is the co-author of “How To Measure Anything In Cybersecurity Risk” (July 2016) and author of “The Metrics Manifesto: Confronting Security with Data” (March 2022).

Dave is the founder and principal consultant with Voodoo Security, an information security consulting firm with broad expertise. He is also a senior instructor, analyst and course author for the SANS Institute and a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. In addition, Dave has served as co-chair of the Cloud Security Alliance (CSA) Top Threats Working Group and founded the CSA Atlanta Chapter. Dave has consulted with hundreds of organizations in the areas of security, regulatory compliance, network architecture and engineering. He has also worked as a security architect, analyst and manager for several Fortune 500 companies.

Mr. Sharpe is a long-time (+30 years) Cybersecurity, Governance, and Digital Transformation expert with real-world operational experience. Mr. Sharpe has run business units and has influenced national policy. He has spent much of his career helping corporations and government agencies create value while mitigating cyber risk. This gives him a pragmatic understanding of the delicate balance between Business realities, Cybersecurity, and Operational Effectiveness. He began his career at NSA, moving into the Management Consulting ranks building practices at Booz Allen and KPMG. He subsequently co-founded two firms with successful exits, including the Hackett Group (NASDAQ HCKT). He has participated in over 25 M&A transactions. He has delivered to clients in almost 30 countries on 6 continents. Alex is one of the few who has been part of executive teams, has run business units, and served as a CIO and as a CISO. 

Idan was one of the founders of M-Tech Information Technology, Inc. (acquired in 2008 and renamed Hitachi ID Systems). Idan led the product development and roadmap strategy and was responsible for customer services at M-Tech and subsequently Hitachi ID for 28 years. During his tenure, the company released password management automation software in 1996, user provisioning/IAM in 2002 and PAM in 2007. Idan has worked with many corporate, government and higher education customers worldwide to implement process automation, including IAM and PAM controls across their on-premises and cloud-hosted systems and applications.

Adam is a leading expert on threat modeling, and a consultant, expert witness, author and game designer. He has decades of experience delivering security. His experience ranges across the business world from founding startups to nearly a decade at Microsoft.

Beyond consulting and training, Shostack serves as an advisor to a variety of companies and academic institutions, and as an Affiliate Professor at the Paul G. Allen School of Computer Science and Engineering at the University of Washington.

Gal Shpantzer has been a full-time security consultant since the year 2000, providing (mostly good) advice to early-stage tech startups, security vendors, Ivy League universities, non-profits, and Fortune 50 clients. Gal owns and operates a boutique consultancy focused on vCISO and Observability Pipeline services that enable modern, scalable, user-friendly, auditable, and forensically ready security programs. Gal leads security programs and projects that empower business and technical leadership to prevent, detect and respond to security incidents, including threats to confidentiality (sophisticated IP theft) and availability (DDoS, ransomware).

Caleb is the VP of Security at Databricks, a Unified Data Analytics Platform. Previously, he served as the Managing Vice President of Cyber Security at CapitalOne. Caleb has held many executive-level positions at information technology and security companies in addition to starting and running his own companies. Currently, he also serves as an Investor & Advisor to Pindrop Security.

Anand is a seasoned Information Security practitioner with domain expertise of healthcare, retail, ecommerce, and finance. His CISO roles span the spectrum of Fortune 100 to early stage companies. Anand’s personal mission is to drive solutioning of complexities and challenges in the Information Security space such as Cloud security, board oversight of cybersecurity programs, cybersecurity talent grooming and advancement, and emerging threats. Anand also serves as an adjunct faculty at Mitchell Hamline School of Law teaching Incident Management and Response.

Ed Skoudis is the founder of Counter Hack, a company focused on conducting ultra high-quality penetration tests and red team engagements to help organizations better manage their cyber risks. Ed is a SANS Fellow, author, and instructor who has trained over 20,000 cyber security professionals in the art of penetration testing and incident response. Ed is an expert witness who is often called in to analyze large-scale breaches.

Eric is the CEO and Co-Founder of Lares, an international cybersecurity consulting firm specializing in a wide range of offensive, defensive, and advisory services. He is committed to a lifelong career in Information Security holding positions as CEO, CTO, VP, Co-Founder, Engineer and Consultant spanning over the last three decades.

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Taryn brings over 15 years of experience in cybersecurity, governance, vulnerability management and ethical hacking. She has established a reputation as a results-driven leader in the field and proven herself adept at managing complex security challenges across finance, government and healthcare organizations. Taryn currently serves as a Risk Governance and Insights Lead where she leads the efforts to bolster global cybersecurity strategies and implement cutting-edge governance programs. She has held previous leadership roles at Deloitte and Citi. 

James is a Managing Partner at Cyverity, an information security consulting firm specializing in cybersecurity risk assessment and governance that is based in Venice, Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James is also a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute, a contributor to the Center for Internet Security’s Controls for many years, and a founder of the Cybersecurity Risk Foundation (CRF).