Upcoming Courses
Profile
As a SANS Certified instructor, Jon feels it is his responsibility to encourage curiosity in his students, helping them to understand more than just what a tool says it can do on its label, but digging deeper and working to understand how it was developed, learning its tradeoffs and alternative use cases. He encourages students to get creative with how to use tools, but also to periodically develop their own, if only just to learn or better appreciate a solution. Jon’s expertise allows him to explain things simply and thoroughly while incorporating real-life examples.
From an early age, Jon started learning about security due to his competitiveness in video gaming. After developing and improving on a series of hacks and glitches, he turned his attention to the systems and networks around him, eventually getting to the point where his high school hired him part time to remediate vulnerabilities that he identified and disclosed. Jon’s love of finding ways that things could have unintended consequences, coupled with his desire for efficiency and naturally analytical mind, made the DevOps and Security Automation work a natural progression for him out of college. He has been digging into code, processes, and assumptions ever since, with the goal of identifying and fixing vulnerabilities through automation and the creation of low-friction systems.
Early in his career, Jon identified his interest in solving difficult and unique business problems through technology. When he noticed a clear gap in local technical networking events, he created Steel City InfoSec and has been creating hands-on labs, giving and facilitating presentations, and setting up networking sessions for its roughly 1,000 members of practitioners over the decade since. Throughout his career working at an R1 research university, a top 5 US-based bank, and a retailer with over 1,200 stores, Jon has leveraged automation and large scale analysis of security data to perform automated, active defense activities shown to detect and withstand regular APT activities.
Jon holds three undergraduate degrees, including a bachelor’s degree in Cyber Forensics and Information Security, and while in school he was the recipient of two notable awards: "CIS Outstanding Undergraduate Student Award" and "IT Outstanding Student Award". In 2017 he was inducted into the National Technical Honor Society as an Honorary Member. He holds a number of industry certifications including GCSA, GCWN, GPEN, GCUX, GPPA and CISSP. He is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. Jon is an active contributor to the cybersecurity community in Pittsburgh and nationally through various affiliations.
- Steel City InfoSec Founder
- IANS Faculty Member
- CNCF TAG-Security Member
- Forbes Road CTC Occupational Advisory Committee Member
- Pittsburgh Technical College Advisory Board Member
- BSides Pittsburgh Organizer
- OSSF Working Group Participant
- Apache Software Foundation Committer
- Prior CAMLIS Organizer
- 2018 DataWorks Summit, CyberSecurity Track Chair
When not behind a computer screen, Jon can be found mountain biking through the Appalachian hills, in the gym weightlifting, or playing chess with his son.
ADDITIONAL CONTRIBUTIONS BY JON:
Presentations and Webcasts
- Alabama CSA, Sept 2024
- Cloud Native Security Con, June 2024
- AI Hackathon, May 2024
- Cloud Flight Simulator: Part 3: Safeguarding the Software Supply Chain, Feb 24
- WORKSHOP: Mastering Cloud Security Policy as Code, Nov 2023
- WORKSHOP: Container Security 101, April 2023
Tools and More
- Cloud Native Security Tool, cheat sheet
- Cookiecutter-Python - an example of a secure-by-default paved road project generator
- Easy_Infra - a docker container to simplify and secure the use of Infrastructure as Code (IaC)
- Zeek-Kafka - a popular plugin for Zeek to send logs to Kafka
- Release_monitor - a simple Lambda to identify if a specific commit is included in a GitHub release or tag
- The goat - which is a GitHub Action which apply’s Seiso’s policy as code
- Easy_sast - a product-agnostic docker container to automate the integration with static analysis tools
- Various hands-on labs covering topics such as password cracking, software defined radios, block cipher cryptography, automotive security, 802.11 security, and security data analysis at scale with open source tools.