Ed Skoudis


Ed began teaching for SANS Institute in 1999. He earned an M.S. in Information Networking from Carnegie Mellon University and had already become a trusted security consultant with many accolades. He was the expert called in by the White House to test security viability of the Trusted Internet Connection (TIC) that now protects US Government networks and he led the team that first publicly demonstrated significant security flaws in virtual machine technology. With his vast foundational knowledge of attacker behavior and techniques, and his work creating hacker challenges in the nascent stages of Counter Hack, Ed founded the SANS Penetration Testing Curriculum in 2008. He cites, “I really love building SANS courses and cyber ranges and working hard to make sure they represent realistic technical lessons that students can apply immediately when they get back to the office.”

In 2010, Ed and his team at Counter Hack built NetWars, the widely used cyber training and skills assessment ranges relied upon by military units and corporations with major assets at risk. Now there are more than 5 versions of NetWars available in various modalities, including Core, DFIR, Cyber Defense, ICS, and CyberCity, not to mention Counter Hack’s wildly popular Holiday Hack Challenge, featuring the KringleCon virtual conference. In 2015, Ed was awarded the Order of Thor Medal by the Military Cyber Professionals Association for his contributions in preparing the next generation of Cyber Warriors in large part because of these ranges. “When I first learned the offensive arts back in the day, there weren’t many good, realistic, safe environments to practice and build skills. Some of my friends and peers did some pretty crazy stuff back then – stuff that could get them in BIG TIME trouble. In my work now, I want to make sure that we have safe alternatives for people to build their skills.” Today, Ed continues to mentor the SANS author team in making realistic labs and ranges so that people can learn safely.

Ed has been published numerous times, including his own books The Hack-Counter Hack Training Course and Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, and he’s often referenced in security articles, like the wide press coverage on his RSA panels in recent years about the most dangerous attack techniques and security threats. He originally authored SANS’s flagship penetration testing courses, SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling and SEC560: Network Penetration Testing and Ethical Hacking, but in the classroom is where his love of storytelling really shines, elevating the content with real examples to hammer home each detailed technical point through narrative.

His absolute favorite hobby is hacking together cool Internet of Things stuff for his office. Utilizing new hardware and automation, Ed can bring antique technologies back to life, writing code that stitches it all together with the cloud. Among other projects, he’s implemented the “MorseCodinator”, which is an 1861 telegraph key that follows him on Twitter, diligently typing out anything he tweets in morse code, and he’s taken a 1951 porthole TV and connected it to a Raspberry Pi to enable Netflix viewing while participating in Google Meets via the 19-inch black and white TV. “I have an old Tesla coil and a razor-sharp 1938 Westinghouse fan that I can control via Amazon Alexa. What can possibly go wrong! But, gosh, it’s so much fun!”