David Mayer

Dave Mayer is a cybersecurity professional with extensive experience in red teaming, penetration testing, and offensive security research. His career spans both defensive and offensive security, providing him with a unique perspective on how to exploit weaknesses and enhance security programs. Before founding Neuvik, Dave was part of Citi’s red team, where he conducted some of the first end-to-end adversary emulations, testing security defenses and response capabilities.

With over a decade of experience, Dave has executed red team operations across various environments, tackling complex security challenges by bypassing defenses and demonstrating real-world attack scenarios. “Researching new vulnerabilities, emulating advanced threat actors, red teaming… I really enjoy doing that stuff,” Dave shares. His expertise has been recognized at industry events, having spoken at SFISAA, Hack the Flag, Hackfest, Derbycon, ISSA conferences, and as a guest on the Philip Wiley show.

Dave’s passion for cybersecurity education led him to become a SANS instructor. He initially began as a teaching assistant for SEC560, where he discovered his joy for mentoring students. Encouraged by his SANS mentors, Dave transitioned into an instructor role for SEC565, teaching command-and-control infrastructure, phishing campaigns, and corporate network access techniques.

"SEC565 is unique because it brings together multiple disciplines in offensive security," Dave says. "We teach students about more than just running attacks—it’s about understanding infrastructure, detection evasion, and how real-world adversaries operate."

As an instructor, Dave’s teaching philosophy centers on making complex topics accessible and practical for students. He believes in breaking down concepts, explaining them from different angles, and ensuring students grasp the underlying principles before moving forward. His goal is to provide students with the skills and confidence to apply offensive security techniques effectively in real-world scenarios.

“I love to share the knowledge I have gained over the years and then present it to students in a form that they can understand,” Dave explains. “Sometimes it takes explaining the same item multiple times, but seeing it click when they understand it is what makes it worth it for me.”

One of the biggest challenges students face in SEC565 is shifting to an offensive mindset—understanding how each attack step integrates into a broader adversarial campaign. Dave addresses this by guiding students through real-world case studies and hands-on exercises, demonstrating how security tools and techniques work in concert to execute sophisticated attacks. His ability to translate theoretical knowledge into practical applications makes him a highly effective instructor.

Throughout his career, Dave has had many defining moments, but one of the highlights was leading a red team engagement where his team achieved an “impossible” objective. The organization’s leadership had believed the attack scenario was infeasible, yet Dave’s team successfully executed it, providing invaluable insights into their security gaps. "The moment when we demonstrated the impact of our work to executives and they truly understood the risks—that was a career-defining moment for me," he recalls.

Beyond cybersecurity, Dave is a hands-on problem solver in all aspects of life. He spent a decade as a volunteer firefighter, a role he deeply misses. When he’s not uncovering security vulnerabilities, he enjoys spending time with his two sons, skiing, waterskiing, camping, and working on home improvement projects. His experiences contribute to his teaching style, making him a relatable and engaging instructor for SANS students.