Cyber Defense

Instructor Spotlight: Micah Hoffman, SEC487 Author


Meet Micah Hoffman. Micah has been working in the information technology field since 1998 supporting federal government, commercial, and internal customers in their searches to discover and quantify information security weaknesses within their organizations. He leverages years of hands-on, real-world OSINT, penetration testing, and incident response experience to provide excellent solutions to his customers. Micah is the author of SEC487: Open-Source Intelligence Gathering and Analysis, is a SANS Certified Instructor, and holds GIAC's GMON, GAWN, GWAPT, and GPEN certifications as well as the CISSP.

SANS: What made you choose to work in tech/security?

Micah Hoffman: Failure. Well, failure and a lot of years. I've spoken about how I moved from studying psychology to trying (and failing) to get into medical school twice. I had always been someone who fixed other people's computers and, after being told I was going to lose my job in a local hospital due to budget cuts, I found a job selling computers to companies. I hated sales but found tech support fun. I moved from sales to tech support and loved it. Computers made sense to me. There were concrete, distinct solutions to fixing problems. There were no feelings to contend with, as in psychology. I didn't need eight more years of schooling, like in medicine. I could just work! I went from desktop and printer support to servers to network. I can remember a decision point when I felt like I either wanted to become a programmer or security person. I received funding to take a SANS class and loved security. It intrigued me that there were all these systems and data that could be exploited and then explored. Choosing the security path has been a natural fit for my personality and skills.

SANS: What was your first SANS course?

Micah Hoffman: I believe it was SEC504, in the early 2000s. I was a Unix sysadmin and was required to use telnet and the unencrypted "r" protocols (rsh, rcp) to access the servers. Taking the skills I learned in class, I went back to the lab we had and ran some of the hacker tools. Within 20 minutes, I demonstrated to management and coworkers the need to move to the encrypted SSH and to make several other changes. That hooked me on two things: 1 — SANS classes were amazing and helped students learn real skills; and 2 — Information security was the place for me.

SANS: What course is on your wish list to take as a student and/or to teach as an instructor?

Micah Hoffman: I'm a little biased right now since my open-source intelligence (OSINT) class, SEC487, is entering its second beta. That course, a year and a half in the making, has been and is my focus in the coming year. The SEC455 and SEC555 courses also look amazing! Justin Henderson and John Hubbard have put huge amounts of work into those new blue team classes and it shows. Understanding how to use a SIEM to find and analyze anomalies has never been cooler.

SANS: What song is missing from the NetWars playlist? What would you add and why?

Micah Hoffman: As students in my classes will attest, I'm a big fan of Rick Astley. There is an amazing mash-up of Nirvana's "Smells Like Teen Spirit" and Rick Astley's "Never Gonna Give You Up" that needs some NetWars play time.

SANS: What SANS event are you looking forward to most this year?

Micah Hoffman: There are three events that come to mind. The Singapore and London events scheduled in the fall are exciting for their locations. Network Security in Las Vegas is another event I'm looking forward to because more SANS instructors will be teaching at this larger conference. What many people don't realize is that SANS instructors may not see each other at events for many months and these larger events are somewhat like reunions.

SANS: How do you stay up-to-date with the latest cybersecurity information? Social media influencers, hashtags, blogs? Give examples.

Micah Hoffman: Seems like staying up-to-date is challenging these days. There is so much new material being created, new tools being released, and new conference talks being given. Much of my information comes from the people I follow on Twitter (check out my profile and see who I'm following). I am also a member of several groups such as the SANS GPWN mailing list, NoVAHackers, and several Slack groups. The people in these groups share huge amounts for InfoSec, cyber, blue team, red team, purple team, OSINT, and just fun data.

SANS: What advice do you have for students pursuing a career in cybersecurity?

Micah Hoffman: This is a huge question. I've done a talk about it (, been on panels discussing it at conferences, and written posts on my blog. My main suggestions to people are: 1 — get yourself some mentors to help guide you; and 2 — take some steps. The reason for the mentors is because in the past few years there has been an explosion in "how to get into InfoSec/cyber" information on the web. Check out Rob Fuller's (@mubix) web page at for links to many resources. All this information can and is overwhelming people. Find someone to help guide you through your next steps, then re-evaluate where you are and your interests. Then take another step. Lather. Rinse. Repeat. Until, one day, someone asks you to be their mentor.

SANS: What is your favorite cybersecurity HASHTAG to follow on twitter? And why?

Micah Hoffman: I'm torn on this one. Professionally, I enjoy the #OSINT due to the cool topics discussed and shared. From a people perspective, I enjoy seeing well-written #FF (Follow Fridays) where people tell others that they made a difference or tweet interesting content and suggest others follow them.

SANS: What was your first piece of technology as a child? Why was it important at that time?

Micah Hoffman: Apple ][e was the first computer my family had. My friends had Commodore 64s, Tandy computers, and Amigas, so I had some exposure to and experience with a variety of operating systems from a young age. My Apple was used to play games, but I remember using the first spreadsheet program, VisiCalc, to create spreadsheets for my parents and make their lives easier.

Micah is a highly active member in the cyber security and OSINT communities. When not working, teaching, or learning, Micah can be found hiking on Appalachian Trail or the many park trails in Maryland. To learn more about Micah and where you can take his next course — visit his SANS bio page: Catch him on Twitter @WebBreacher.

Post a Comment


* Indicates a required field.