Cyber Defense

Instructor Spotlight: Eric Conrad, SANS Fellow & Author

Eric Conrad

Meet Eric Conrad. SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and co-author of SEC530: Defensible Security Architecture, SEC511: Continuous Monitoring and Security Operations and SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the CISSP Study Guide Book, and the Eleventh Hour CISSP: Study Guide. He is a graduate of the SANS Technology Institute with a master of science degree in information security engineering.

In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC; GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications.

SANS: What made you choose to work in tech/security?

Eric Conrad: I was an English major/computer science minor in college. After I graduated I answered an ad in the Boston Globe for an "Electronic Shephard" in 1991. That was for an oceanographic company that was an early firm. In 1993, I was working as a Unix sysadmin for a Japanese multinational company with a research lab in Cambridge, MA. We got hacked with a first-generation rootkit. I handled that incident (before knowing what incident handling was) and got hooked on InfoSec. I then found a full-time InfoSec role at Boston University in 1994, and never looked back.

SANS: Tell us an interesting fact about yourself and your connection to the technology world.

Eric Conrad: I'm the only SANS instructor mentioned in both Maximum Rock'n'Roll Magazine and Dragon Magazine.

SANS: What was your first SANS course?

Eric Conrad: SEC503 with George Bakos (2003)

SANS: What course is on your wish list to take as a student and/or to teach as an instructor?

Eric Conrad: I'd love to take 573 (Automating Information Security with Python) or 760 (Advanced Exploit Development for Penetration Testers)

SANS: What song is missing from the NetWars playlist? What would you add and why?

Eric Conrad: I created the Cyber Defense NetWars playlist and already have the best music!

SANS: What SANS event are you looking forward to most this year?

Eric Conrad: I'm looking forward to SANS Prague, for the European debut of SEC530. Prague is a fantastic city, and I'm looking forward to returning there.

SANS: How has security changed in your specific industry in the past five years?

Eric Conrad: The leaked NSA hacking toolkit, combined with highly destructive malware such as Not Petya, has been a true game changer.

SANS: How do you stay up-to-date with the latest cybersecurity information?

Eric Conrad: Twitter is the best source. Follow a bunch of SANS instructors, and follow the people that they follow.

SANS: Advice for someone taking a SANS course for the first time.

Eric Conrad: Network, network, network. Networking with other InfoSec professionals via SANS has been a huge boost to my career.

SANS: What is a quote that inspires your work and why??

Eric Conrad: "The best time to plant a tree was 20 years ago. The second-best time is now." Chinese Proverb

SANS: Why do you teach for SANS and not other educational programs?

Eric Conrad: SANS has the best instructors on the planet!

SANS: What advice do you have for students pursuing a career in cybersecurity.

Eric Conrad: Always work on something to further your career that is not directly tied to your day job. It could be a certification, a paper, a blog post, an open-source project, a talk, etc. If you haven't performed public speaking, make that your goal.

SANS: What is the next big topic in cybersecurity?

Eric Conrad: Influencing politics, elections, and national security via the Internet.

SANS: What was your first piece of technology as a child?

Eric Conrad: I was the first kid on my block with a computer in 1983 (Texas Instruments TI-99/4A). I later upgraded to an Atari 800XL. I immediately got hooked on programming and loved exploring bulletin board systems (BBSes) via modem.

SANS: If you could write your dream course, what would it be about?

Eric Conrad: I have already done so, a few times! Check out MGT414: SANS Training Program for CISSP® Certification, SEC530: Defensible Security Architecture, SEC511: Continuous Monitoring and Security Operations & SEC542: Web App Penetration Testing and Ethical Hacking.

To learn more about Eric Conrad and where you can take his next course ? visit his SANS bio page:

Catch him on Twitter @eric_conrad


Post a Comment


* Indicates a required field.