Hi! I’m Ryan. I’ve had the pleasure of working in the Digital Forensics & Incident Response (DFIR) realm for over 11 years. During my career, I have handled and led incidents from inception all the way through remediation. When it comes to ask task that befalls the “blue team”, I’m on it! Parsing, ingesting, and reviewing logs; researching domains and IPs; performing threat intelligence enrichment and pivoting; hunting through log aggregation utilities; sifting through PCAP; analyzing malware; and performing host and network forensics are just some of the things I love to do.
Prior to moving to security, I worked as a technical trainer for over five years. My stint working as a full-time trainer prepared me for the rigors of life-long learning. I absolutely love training and often find myself assisting with training development and/or delivery for new hires wherever I work.
I currently work as a Principal Incident Response Consultant for Palo Alto Unit 42. I am also the author for the SANS FOR528: Ransomware for Incident Responders course. When not consulting or teaching, I work as the Sponsor/Community Liaison for CactusCon, Arizona’s security/hacker conference.
In my role as a consultant with Unit 42, I am responsible for the execution and analysis of incident response engagements and forensic work. I help our team provide consulting services to clients, including digital forensics; incident response investigation and containment; malware reverse engineering; host and email compromise assessments; tabletop exercises; and other security services.
As my career continues to take on a life of its own, I wanted to put together this Web site to catalogue some of things I’ve been up to… lest I forget it all! Thanks for checking out my page, and feel free to drop a line.