About Us
- Philosophy
Advancing Cybersecurity Through Collaboration
At the Cybersecurity Risk Foundation, our philosophy revolves around the belief that the challenges in cybersecurity are shared by all, and the solutions should be, too. We are dedicated to fostering a collaborative environment where insights from a diverse array of cybersecurity researchers are gathered into accessible resources for professionals in the field. We understand that the cybersecurity landscape is ever-evolving and fraught with risks, but by working together, we can overcome these challenges and fortify our defenses.
Our commitment to the cybersecurity community is rooted in the idea that together, we can achieve more than any individual effort. We strive to provide comprehensive resources that guide professionals on what they should do, enabling them to focus their valuable time and resources on implementing effective solutions. We believe in the power of unity and collaboration to confront the shared threats that businesses and organizations face in the digital age. Join us in our mission to collectively strengthen our cybersecurity defenses and ensure a safer digital future for all.
- Advisory Board
Our trusted industry leaders
James Tarala
Cyverity
James is a Managing Partner at Cyverity, a cybersecurity consulting firm, and has spent the past twenty-five years researching cybersecurity defenses, helping organizations perform cybersecurity risk assessments, and communicating enterprise risk to senior leadership teams. He is a Senior Faculty member at the SANS Institute and has authored and taught numerous classes since 2001, including the brand new LDR419: Performing a Cybersecurity Risk Assessment and LDR 519: Cybersecurity Risk Management and Compliance.
Russell Eubanks
Cyverity
As Managing Partner of Cyverity, Russell continually assesses the cybersecurity posture of many diverse organizations and increases their maturity while decreasing the probability of a breach. He is the former chief information officer (CIO) and chief information security officer (CISO) of the Federal Reserve Bank of Atlanta. He serves on IANS Faculty and is a SANS Principal Instructor and co-author of MGT521: Leading Cybersecurity Change: Building A Security-Based Culture and the SEC405: Business Finance Essentials course for SANS Technology Institute. He wrote the first paper on how to implement Critical Security Controls and is a former handler for the SANS Internet Storm Center. Russell is especially passionate about helping new or aspiring cyber leaders increase their influence by connecting to the mission of the company.
Kathy Sullaway
IANS
Kathy is the Senior Vice President of Strategic Partnerships and Product Development at IANS. She is a tech industry veteran with 20+ years as a commercial strategy leader. In her current role, she leads and manages the IANS Faculty and is an executive member of the product development team. Prior to joining IANS, Kathy was Vice President of Global Services at IDG, where she developed and launched custom consulting and leadership development programs for CIOs and IT executives. A skilled client advisor and operations leader, Kathy has successfully guided organizations through change and business transformations, enabling scale and growth. Before joining IDG, Kathy held various leadership roles at Verizon Business and NCR Corporation. Kathy holds a Bachelor of Science degree in Business Administration and Finance from SUNY Buffalo.
Brian Correia
SANS
Brian Correia is the Director of Business Development, GIAC, working on the certification source for SANS, a cybersecurity leader in training, degrees, and community resources. In his current role, Brian is focused on how certification can be used to validate skills and work roles. Brian previously was the Managing Director of North America for (ISC)² and the Director of Business Development & Venue Planning for his current employer, the SANS Institute. As an early employee of SANS, Brian built new products such as the onsite department, press room, cleared intelligence division, key processes to host numerous events throughout the year, and was the first account manager for large corporate and government clients.
Phil Hagen
Red Canary
Phil engages with the Digital Forensic and Incident Response (DFIR) community to ensure Red Canary’s endpoint security solution fits into DFIR processes at organizations of all sizes. Phil is a SANS Senior Instructor and course lead for SANS FOR572: Advanced Network Forensics. He has also held several previous positions at ManTech CFIA and worked as a communications officer in the US Air Force. He lives in coastal Delaware with his amazing wife and two kids, where he enjoys the local craft beer scene and is often found riding a OneWheel wherever he can.
Andrew Baze
Microsoft
Andrew Baze is a software and service security engineering veteran, with over 30 years of industry experience, including 25+ years of people management. Most recently, he has spent his time in cybersecurity operations and incident response, cybersecurity product management, and Security + BC/DR risk management. He has held ten different GIAC certifications, the SANS Cybersecurity Defender Graduate Certificate, and most recently obtained his MS in Information Security Engineering from SANS Technology Institute. He also enjoys public speaking on cybersecurity topics, as well as teaching English as a Second Language.
Tim Medin
Red Siege
Tim is the CEO and founder of Red Siege Information security. He’s spent more than a dozen years teaching thousands of students as Senior Instructor and course author of SEC560: Enterprise Penetration Testing at The SANS Institute. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. Tim has gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to organizations around the world. Tim is the creator of the Kerberoasting, a widely utilized Red Team penetration test technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. Tim earned his MBA through the University of Texas and recently completed an eMBA equivalent through Harvard Business School.
Philippe Langlois
Verizon
Philippe Langlois is currently working as the lead data scientist and one of the co-authors of the Verizon Data Breach Investigations Report (DBIR). Prior to joining Verizon, he worked at CIS leading various data driven projects, such as the CIS Controls and the MS-ISAC Nationwide Cyber Security Review. When not working or recreationally programming, he enjoys the great outdoors of Upstate New York with his wife, son and two dogs.
Heather Mahalik
Smarter Forensics
These days Heather is the Senior Director of Community Engagement at Cellebrite. At the SANS Institute, Heather is the DFIR Curriculum Lead, faculty fellow instructor, author, and the course lead for FOR585: Smartphone Forensic Analysis In-Depth and SEC403: Secrets to Successful Cybersecurity Presentation. As if that isn’t a full enough schedule, Heather also maintains www.smarterforensics.com, where she blogs and hosts work from the digital forensics community. She is the co-author of Practical Mobile Forensics (1st -4th editions), currently a best seller from Pack’t Publishing, and the technical editor for Learning Android Forensics from Pack’t Publishing and SQLite Forensics by Paul Sanderson. Heather is featured in Women Know Cyber as one of the 100 fascination females fighting cybercrime.
Heather is passionate about digital forensics because she loves the challenge. “This field moves so quickly. It is literally impossible to get bored,” she says. “If you find yourself bored, branch into another realm of digital forensics. The possibilities are endless and so is the fun! I love digging for artifacts and solving the puzzle. I feel like I learn something new every day.”