DefCon, 2019

Hi! I’m Ryan. I’ve had the pleasure of working in the Digital Forensics & Incident Response (DFIR) realm for over 12 years. During my career, I have handled and led incidents from inception all the way through remediation. When it comes to ask task that befalls the “blue team”, I’m on it! Parsing, ingesting, and reviewing logs; researching domains and IPs; performing threat intelligence enrichment and pivoting; hunting through log aggregation utilities; sifting through PCAP; analyzing malware; and performing host and network forensics are just some of the things I love to do.

Prior to moving to security, I worked as a technical trainer for over five years. My stint working as a full-time trainer prepared me for the rigors of life-long learning. I absolutely love training and often find myself assisting with training development and/or delivery for new hires wherever I work.

Current Roles

I worked as a Principal Incident Response Consultant for just shy of 5 years (from 2019-2023). Since then, I’ve worked as a Principal Threat Hunter. I am also the author for the SANS FOR528: Ransomware and Cyber Extortion course. I previously led and then held the role of Sponsor/Community Liaison for CactusCon, Arizona’s security/hacker conference. Currently, I hold a role on the Call for Papers board, as I needed a major adjustment to my work/life balance. Finally, I chair the yearly SANS Ransomware Summit. We have our 2024 event on May 31st, 2024 — Join us!

As my career continues to take on a life of its own, I wanted to put together this Web site to catalogue some of things I’ve been up to… lest I forget it all!  Thanks for checking out my page, and feel free to drop a line.

– Ryan