Jim Simpson

As a seasoned professional with years of hands-on experience leading and working on cyber threat intelligence teams, Jim is eminently suitable as a Certified Instructor Candidate for the FOR578: Cyber Threat Intelligence course at SANS. Recognizing that the reality of Cyber Threat Intelligence (CTI) often differs from the polished narratives presented by marketing teams, Jim leverages his insider knowledge to provide a realistic, tangible, and impactful learning experience for his students. He understands the complex challenges within the CTI course, having dealt with them personally and having guided his teams through similar hurdles.

Currently serving as a Threat Operations, Intel Specialist for HiddenLayer, Jim's role involves working closely with consumers to ensure the product meets their needs, curating intelligence collections, and automating the processing and exploitation of data to ensure efficient analysis. His responsibilities also include delivering red teaming engagements and conducting comprehensive risk assessments. Jim's expertise ensures that all these elements come together seamlessly to provide a thorough and nuanced understanding of cyber threat intelligence. "Understanding and minimizing cognitive biases and logical fallacies is essential for producing the best possible product, which in turn is crucial for creating an intelligence product that meets the customer's needs, rather than mimicking vendor publications," Jim emphasizes, highlighting his approach to teaching and professional practice.

More About Jim
Headshot of Jim Simpson

Profile

The task of babysitting an onsite pen test when he was working in IT was how Jim Simpson got hooked on cybersecurity in 2008. As it is an ever-changing field and there is always something to learn, he loves the opportunities it brings, especially with Cyber Threat Intelligence. He started doing that as a Principal Threat Researcher for Cylance/BlackBerry. “Digging through malware and seeing the ingenuity and effort that goes into the development of it, I wanted to know more about where it came from, what ties it to the whole attack, tracking groups of activity and learning from them to help companies defend or detect future breaches.” At BlackBerry, Jim also co-authored the book Finding Beacons in the Dark: A Guide to Cyber Threat Intelligence.

Jim took his first course with SANS in 2013 via on-demand. He immediately loved the content and enthusiasm, but when he stepped into John Strand's SEC504: Hacker Tools, Techniques, and Incident Handling class a year later and saw how John took the concepts and lifted them into reality, Jim knew immediately that this was what he wanted to do too. “I want to have that impact, simplify the subject, and cut through the noise that can be deafening, so my students can walk away better placed to do good in the world.”

At the heart of things, Jim is still a big kid and gets a huge buzz from helping people understand the world a little differently. The public perception of CTI differs from how marketing teams at big security firms picture it in their blogs and white papers. “I have been in one of those places and have insights into how the work is done to get there, so I can cut through all that fluff and make it something tangible and impactful.”

According to Jim, the CTI course is a concept, an idea, a way to look at the world. It is about more than just the tools and processes to follow. “I love the freedom that brings and exploring those boundaries with the class.” He absolutely loves it when he sees students let go of the ideas they have of CTI and challenge their biases and preconceptions and start thinking about thinking.

Could he choose to do anything at any time, ever? It would be snowboarding, but as that is not realistic in the UK, Jim resorts to the next best thing: onewheeling