Using Training to Help Customers Reach Their Security Goals
- Kim Hansen
- Solutions Architect
- Data Equipment AS
Can you tell us about your professional background?
My career in the IT industry began in 1995, back in the days of DOS/Windows 3.1 and WordPerfect. In the years since, I’ve progressed from IT management to more advanced system engineering and security architecture positions, taking on more responsibility with every step.
I’m currently a Solutions Architect for Data Equipment AS in Oslo, Norway, where I’m responsible for implementing security solutions, validating IT infrastructure, and delivering business applications as safely as possible. I specialize in the design, configuration, and troubleshooting of network infrastructure with Palo Alto firewalls and integration with on-premise and cloud solutions like VMware NSX, Amazon Web Services, Microsoft Azure, and Google Cloud mobile solutions.
Most importantly, I teach our customers to keep security top-of-mind as they develop their own infrastructure, networks, and applications. I’ve been securing and training customers on different products for several years now. My goal has always been to go the extra mile with customers and provide them with services that go way beyond their expectations.
What challenges does your organization face in relation to cyber security?
My organization and its customers need to continue to shift to a security-first mindset. It’s not only about the functionality of a given product or solution, it’s about functionality with security. The only way a company can shift to a security-first mindset is if everyone in the organization recognizes the importance of cyber security.
Additionally, our company spends a lot of time showing customers how to use the security tools they have bought to effectively secure their business. Products and tools are only useful when deployed properly within an environment.
Why did you choose to train with SANS, and why did you select the courses and certifications you did?
I requested to take SANS training in 2015 when I heard that some of my clients were attending the SANS Security West event. I asked my colleagues for advice about which course to take, and they all recommended SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling. My first SANS instructor was John Strand, and he was really amazing. It wasn’t just the training, it was also all of his stories and his practical advice on how to do things that really forced me to think about security in a different way.
I went on to take SEC560: Network Penetration Testing and Ethical Hackingwith Ed Skoudis, and then SEC511: Continuous Monitoring and Security Operationswith Seth Misenar. Each course provided me with practical, meaningful instruction and with takeaways that I could apply immediately to my own work. I earned the GIAC certification associated with these courses and I now hold the GCIH, GPEN, and GMON certifications.
Recently, I took SEC545: Cloud Security Architecture and Operations. Many of our customers have established something in the cloud, so being able to talk to them about cloud security and its business impact has helped us support them better and take on their cloud-related projects. Our customers appreciate that we’re able to help them build their cloud infrastructure with security in mind.
What SANS resources have been the most beneficial for you?
I access the SANS Reading Room on a regular basis; the whitepapers and reports are an outstanding source of information. The penetration testing posters created by Ed Skoudis and his team are also on the wall in my office, so they’re always in front of me when I need them!
Can you tell us how you got involved in the Work Study Program? What was your experience as a course facilitator?
I placed in the top five at a Core NetWars event and was invited to Washington, DC for the annual NetWars Tournament of Champions. I wanted to take training while there, so I decided to apply for the SANS Work Study Program. I was selected to facilitate both SEC545: Cloud Security Architecture and Operationsand MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program. The experience was challenging, but also extremely rewarding and fun! I was able to connect with students, staff, and instructors in a completely new way. I truly felt that I was part of the SANS community. I’m looking forward to facilitating at SANS training events in the future!
Completed SANS Courses
- SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
- SEC560: Network Penetration Testing and Ethical Hacking
- SEC511: Continuous Monitoring and Security Operations
- SEC545: Cloud Security Architecture and Operations
- MGT433: SANS Security Awareness: How to Build, Maintain, and Measure a Mature Awareness Program