My Story

Hi, I'm John and I fell in love with cybersecurity 2 decades ago. After doing a during my undergraduate studies LOT of self-learning through reading and podcasts, after finishing school with an engineering degree I jumped into a Master's program studying cybersecurity I jumped into the role that changed my life.

After graduating, I started as an entry-level SOC analyst for a major pharmaceutical company. Over the years I became a Sr. Analyst and eventually the SOC Manager for the US. Through those years as we built and matured the worldwide team, I learned what it takes to succeed as a new security org in both a technical and leadership capacity. I fought quite a few battles, saw what it takes to form a cohesive team, and went toe-to-toe with some highly talented threat actors.

While working in the SOC, after taking multiple training courses that changed the course of my career, I started teaching for the SANS Institute. In getting involved with SANS a whole new world of opportunity opened for me as not only as an instructor, but as an author of multiple SOC courses and as the Curriculum Lead for the Cyber Defense curriculum. With SANS I am now able to help spread my love of security to thousands of students per year across the globe! I'm also an independent consultant under my security consulting organization - Blueprint Cyber Security.

My SANS Journey

Becoming a SANS Certified Instructor is commonly referred to (somewhat) jokingly as "the longest job interview process in the world," but it is one of the best decisions I've ever made. Interested in becoming an instructor as well? I'm always happy to explain what it takes - check out the first steps at sans.org/teach!

  • SANS Sr. Instructor (2022+)
  • SANS Certified Instructor (2018-2022)
  • SANS Community Instructor (2016-2018)
  • SANS Mentor Program (2015)

Course Authorship

  • SEC450 - Blue Team Fundamentals
  • LDR551 - Building and Leading Security Operations Centers (co-authored with Mark Orland)
  • SEC455 - SIEM Design and Implementation (retired, co-authored with Justin Henderson)
  • SEC403 - Secrets to Successful Cybersecurity Presentation (contributed online presentation module)

Other SANS Courses I've Taught

  • SEC511 - Cybersecurity Engineering: Advanced Threat Detection and Monitoring
  • SEC555 - SIEM with Tactical Analytics

GIAC Certifications

  • GSOC - GIAC Security Operations
  • GSOM - GIAC Security Operations Management
  • GCTD - GIAC Cloud Threat Detection
  • GMON - GIAC Continuous Monitoring and Security Operations
  • GPEN - GIAC Certified Penetration Tester
  • GREM - GIAC Reverse Engineering Malware (2014-2018)

Find Me Online

The 2019 debut run of SEC450: Blue Team Fundamentals