Cyber Defense

Q & A with James Shewmaker, Certified Instructor


Meet James Shewmaker. James Shewmaker is the founder of and principal consultant at Bluenotch Corporation in Long Beach, California, which provides customized security services focusing on investigations, penetration testing, and analysis.

James authored and maintains the post-exploitation content in the SANS SEC660: Advanced Penetration Testing, Exploit Writing, and Ethical Hacking course. Before becoming a SANS Certified Instructor in 2009, his creative technical work led him on many adventures, including "The Great Translator Invasion of 2003."

James led the development and operations of NetWars as a U.S. Cyber Challenge game in June 2009. He is currently developing an independent cyber challenge, Bunker011, and is involved in the U.S. Cyber Challenge as an instructor at Cyber Camps. James regularly teaches a Tactical Offense and Defense day at these events.

Learn more about James and his upcoming teaches of SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses

SANS: What made you choose to work in tech/security?

James Shewmaker: I get to be technical and creative. There's always a new take on something considered "classic" that keeps things interesting.

SANS: Tell us an interesting fact about yourself and your connection to the technology world?

James Shewmaker: I like solving problems creatively. I love to use a "hack" to make people's everyday work less tedious or limiting. For example, I've been in many situations where kiosk hacking skills helped me work around a buggy embedded system installation. "Software needs a USB driver to load drivers? Ok, maybe I can cheat and find another way to transfer files?"

SANS: What was your first SANS course you taught?

James Shewmaker: The first SANS course that I taught was SEC503: Intrusion Detection In-Depth. I also taught several of our forensics courses before my work led me closer to penetration testing activities. Then more recently the pendulum started swinging back to the defensive perspective. People I worked with drove this: "Who broke into the website?" became "Remember how you found the weakness? Can you test to see if we've properly fixed it?" and now "Ok, we aren't sure that we know how to prevent that attack, help us improve our defenses."

SANS: What song is missing from the NetWars playlist? What would you add and why?

James Shewmaker: "Drive it Like You Stole It" by The Glitch Mob. It represents what all InfoSec people should think about to keep things in perspective.

SANS: What SANS event are you looking forward to most this year?

James Shewmaker: I'm looking forward to Network Security 2018 in Las Vegas the most. There's so many things going on at the same time, especially our Internet of Things hacking night where we are free to play with gadgets that impact everyday life and are often overlooked from a security perspective.

SANS: How do you stay up-to-date with the latest cybersecurity information? Social media influencers, hashtags, blogs? Give examples.

James Shewmaker: I like to track Twitter for the bulk of my InfoSec news. There's a lot of noise to wade through, but it's going to be pretty relevant each day. If you haven't used Twitter for it yet, you can get great perspective by following two lists: DEFCON has a speaker list that contains anyone who has presented at DEFCON (, and the SANS Instructor list ( Between both of them, the most pressing news and issues will definitely be there. If you can't or won't use Twitter, I'd say follow the Internet Storm Center daily at

SANS: Advice for someone taking a SANS course for the first time? Attending their first event?

James Shewmaker: My advice is to immerse yourself in the SANS experience. For most of us, there are too many distractions in day-to-day life, so take advantage of any bonus presentations or events at a conference to maximize your time.

SANS: What is a quote that inspires your work and why?

James Shewmaker: I often hear "Nobody would know to try that ?" Usually it's immediately after I finished doing that exact thing. I'm a firm believer in "There's nothing new under the sun." If I thought to do something pretending to be a bad guy for a penetration test, then you better believe I'm not the only one to think of it. I do love taking an old technique and using/abusing it in a modern way.

SANS: Why do you teach for SANS and NOT other educational programs?

James Shewmaker: When I first started getting involved with SANS it was because I thought, "These guys know what they're talking about, we should hang out." The folks at SANS, from the instructors to the students, are the kinds of people I want to be around and work with.

SANS: What advice do you have for students pursuing a career in cybersecurity?

James Shewmaker: I have two recommendations: challenge everything and get involved. There's a lot of incorrect information about the technology we deal with, so don't assume others are infallible authorities on any subject. Getting involved means presenting about your own research, publishing a blog, or just participating in an InfoSec group (mailing list, slack channel, or local conference). If you want more experience, Capture the Flag events can be fun, but consider the option of volunteering to help out a local non-profit organization with its security concerns.

SANS: What was your first piece of technology as a child? Why was it important at that time?

James Shewmaker: I'd have to say that the one thing that, from the first time I used it, made me realize the truth about technology's purpose of making life easier was a pulley. I spent some time growing up on a farm and there were so many ways we worked smarter, not harder. My grandfather was always inventing mechanisms with levers and pullies to perform some task that would normally take more people. I was little and I could lift things I wouldn't normally be able to when I found the right place to use that pulley.

SANS: Did we miss anything? Write your own question.

James Shewmaker: Favorite book or story? I like William Gibson's "Johnny Mnemonic" short story. I love the piece: "If they think you're crude, go technical; if they think you're technical, go crude." Such a simple way to describe tactical technology problems of cybersecurity.

To learn more about James Shewmaker and where you can take his next course, visit his SANS bio page: James Shewmaker, Certified Instructor

Catch him on Twitter @jimshew


Post a Comment


* Indicates a required field.