homepage
Open menu
Contact Sales

Ismael Valenzuela

Ismael Valenzuela is author of the Cyber Defense and Blue Team Operations course, SANS SEC530: Defensible Security Architecture and Engineering and co-author of SEC568: Combating Supply Chain Attacks with Product Security Testing. Ismael is Vice President Threat Research & Intelligence at BlackBerry Cylance, where he leads threat research, intelligence, and defensive innovation. Ismael Valenzuela has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.

More About Ismael
Specialties
Headshot of Ismael Valenzuela

Upcoming Courses

Profile

As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies

Prior to his current role at BlackBerry, Ismael worked as a Senior Principal Engineer at McAfee, where he founded the Applied Countermeasures group (AC3), leading Threat Content Research and Engineering efforts for SecOps products, driving visibility, detection, and investigation efficacy for EDR/XDR, as well as MITRE ATT&CK evaluations. Before that, Ismael led the delivery of SOC, IR & Forensics services for the Foundstone Services team within Intel globally, and worked as Global IT Security Manager for iSOFT Group Ltd, one of the world's largest providers of healthcare IT solutions, managing their security operations in more than 40 countries.

Ismael holds a bachelor's degree in computer science from the University of Malaga (Spain), and is certified in business administration. Additionally, he holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132) in addition to GREM, GCFA, GCIA, GCIH, GPEN, GCUX, GCWN, GWAPT, GSNA, GMON, CISSP, ITIL, CISM, and IRCA 27001 Lead Auditor from Bureau Veritas UK. Ismael is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition.

Endorsements

"He is clearly one of the best minds we have on how SOCs worked. He is an expert in network traffic analysis and has responded to countless intrusion cases over his career." - Rob Lee- SANS Fellow, DFIR Curriculum Lead and Technical Advisor to US DOJ

"He’s really a trailblazer in our industry." - Chris Young, Former CEO McAfee

Hear Ismael discuss defeating attackers with preventative security here:

ADDITIONAL CONTRIBUTIONS BY ISMAEL VALENZUELA:

WEBCASTS

Social Engineering Your Way to Success, July 2020

Extending Your Home Lab to include Cloud, July 2020

Building an Enterprise Grade Home Lab, May 2020

Journey to Becoming An All-Around Defender, April 2020

Architecting for Security Operations: Divide and Conquer!, February 2020

Have You Taken The "Endpoint Blue Pill"? Debunking The Endpoint Protection Myth, October 2019

Why Traditional EDR Is Not Working -- And What to Do About It, June 2019

How SOC Superheroes Win, June 2019

Defensible Security Architecture and Engineering - Part 3: Protect your Lunch Money - Keeping the Thieves at Bay, May 2019

Defensible Security Architecture and Engineering - Part 2: Thinking Red, Acting Blue - Mindset & Actions, April 2019

Defensible Security Architecture and Engineering - Part 1: How to become an All-Round Defender - the Secret Sauce, March 2019

Enterprise Security Weekly #70

BLOGS

You can read Ismael's personal blog here.

You can read Ismael's professional blog through McAfee here.

Ismael's Contributions

Zero Trust - Blog 4: Operating for Zero Trust
Blog
Zero Trust Blog Series - Blog 4: Operating for Zero Trust
This is the fourth in a 4-part series of blogs covering the end-to-end aspects of zero trust.
Ismael Valenzuela
Senior Instructor
read more
Blog 3: Instrumenting for Zero Trust
Blog
Zero Trust Blog Series - Blog 3: Instrumenting for Zero Trust
This is the third in a 4-part series of blogs covering the end-to-end aspects of zero trust.
Ismael Valenzuela
Senior Instructor
read more
Zero Trust Blog 2: Architecting for Zero Trust
Blog
Zero Trust Blog Series - Blog 2: Architecting for Zero Trust
This is the second in a 4-part series of blogs covering the end-to-end aspects of zero trust
Ismael Valenzuela
Senior Instructor
read more
Zero Trust Blog 1 Adopting a Zero Trust Mindset
Blog
Zero Trust Blog Series - Blog 1: Adopting a Zero Trust Mindset
This is the first in a 4-part series of blogs covering the end-to-end aspects of zero trust.
Ismael Valenzuela
Senior Instructor
read more
Blog
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 2)
In Part 1 of this post, I showed you how to acquire the contents of physical RAM of a Mac OS X computer using ATC-NY's Mac Memory Reader, and did some simple analysis using strings and grep searches. Today I'll provide a few more examples of what evidence can be found in a Mac OS X memory dump and...
Ismael Valenzuela
Senior Instructor
read more
Blog
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1)
Many of us have long waited for a tool that would allow incident responders to grab the contents of RAM from a live Mac. While access to memory was possible using acquisition methods such as the Cold Boot attack, by exploiting the Firewire interface which provides DMA (Direct Memory Access) or,...
Ismael Valenzuela
Senior Instructor
read more