Faculty Directory

John is the Owner of Black Hills Information Security (BHIS) where he leads the Hunt Teaming, Command & Control (C2)/Data Exfiltration and Pivot testing development. He is also a SANS Institute Senior Instructor. In these roles, John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing.

Taryn brings over 15 years of experience in cybersecurity, governance, vulnerability management and ethical hacking. She has established a reputation as a results-driven leader in the field and proven herself adept at managing complex security challenges across finance, government and healthcare organizations. Taryn currently serves as Risk Governance and Insights Lead for Google gTech where she heads efforts to bolster global cybersecurity strategies and implement cutting-edge governance programs across diverse portfolios.

James is a Managing Partner at Cyverity, an information security consulting firm specializing in cybersecurity risk assessment and governance that is based in Venice, Florida. As a consultant, he has focused on architecting and assessing large enterprise IT security and infrastructure architectures. He has also assisted organizations in security management, operational practices, and regulatory compliance issues. He often performs independent security audits and assists internal audit groups in developing their internal audit programs. James is also a Senior Instructor, Course Author, editor, and regular speaker with the SANS Institute, a contributor to the Center for Internet Security’s Controls for many years, and a founder of the Cybersecurity Risk Foundation (CRF).

Kelli is a Principal Consultant and Co-Founder of Enclave Security, an information security consulting firm specializing in governance. As a security architect and project manager, she specializes in IT audit, governance, policy library development, and information assurance strategies. She is a courseware author for the SANS Institute as well as one of the lead technical editors for the Center for Internet Security’s Critical Security Controls. She is also the lead author for many of the governance resources and creator of tools and policies at AuditScripts.com. You can follow her on Twitter @KelliTarala

Joff is a security analyst and penetration tester at Black Hills Information Security (BHIS). He has extensive experience covering intrusion prevention/detection systems, infrastructure defense, vulnerability analysis, defense bypass, source code analysis and exploit research. He is also an instructor at the SANS Institute,  where he primarily teaches the use of Python for information security purposes.

Matthew Toussain is the Founder and CIO of Open Security, an information security consulting firm specializing in holistic security services. Matt served as the senior cyber tactics development lead for the U.S. Air Force and worked as a security analyst for Black Hills Information Security and CounterHack Challenges. As a certified SANS instructor Matthew regularly delivers educational seminars to security practitioners around the world.

Jonathan is the Global Director for the Microsoft Enterprise Cybersecurity Group. In this role, he leads a team of security advisors who provide strategic direction on the development of Microsoft security products and services. He also serves as a member of Microsoft’s Internal Risk Management Committee and is a principle author of the Microsoft Security Intelligence Report. Jonathan also serves as an Affiliate Faculty member in Research Assurance at Regis University and serves as an advisor to security startups and venture capital firms.

Aaron is a three-decade veteran of the cybersecurity community, having worked on projects covering every aspect of the industry, from helping build security technologies while at Microsoft to his work on offensive cyber projects for the U.S. government. He has spent the last 15 years on a series of cybersecurity startups, building technologies and developing companies to help teams solve some of the toughest cybersecurity problems.

Ismael Valenzuela is coauthor of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering. Ismael is Vice President Threat Research & Intelligence at BlackBerry Cylance, where he leads threat research, intelligence, and defensive innovation. Ismael Valenzuela has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.

As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies.

Ken is the President and Principal Consultant of KRvW Associates, LLC, an independent information security consulting company, and a Visiting Scientist at Carnegie Mellon University. He has held executive and senior technologist positions at Tekmark, Para-Protect, Science Applications International Corporation (SAIC), the U.S. Department of Defense, Carnegie Mellon University, and Lehigh University. Ken is a frequent speaker at technical conferences, and has presented papers and training for CSI, ISF, USENIX, FIRST, CERT, among others.

John Visneski leads information security for MGM Studios.  In this capacity, he and his team are responsible for security operations, engineering, GRC and data protection across the business.  He also leads content security efforts for the full development lifecycle and supply chain of film and television production at the studio.

Prior to joining MGM, John was the CISO at Accolade, a publicly traded personalized healthcare company.  In this capacity he led post-IPO compliance efforts, as well as leading security integration efforts for two major acquisitions.  John also built the security and privacy programs at The Pokémon Company International.  During his time with the organization, he was responsible for the protection of corporate information technology systems, customer facing platforms, applications, and products.  He also developed the company data privacy strategy to meet the demands of emerging global privacy regulations.

John started his career serving over ten years in the United States Air Force as a cyberspace operations officer.  His responsibilities while in the Air Force spanned various leadership and management positions, including leading strategic engagements for the Air Force CIO; writing policy and guidance for Air Force requirements and acquisition; directing operations for a worldwide network within the intelligence community; and directing communications and information technology in deployed environments.  John served multiple deployments to Iraq and Afghanistan, the most recent of which was as the joint communications director for the NATO Rule of Law Field Force Afghanistan.  His time in the Air Force culminated in a position as the cybersecurity advisor to the Secretary of the Air Force and Chief of Staff of the Air Force, located at the Pentagon, Washington D.C.  He currently resides in Seattle, WA with his wife Althea and their dog Ben.