Lesley Carhart

SANS Certified Instructor Candidate Lesley Carhart is Technical Director of Incident Response for North America for Dragos, which provides threat hunting services for industries ranging from energy to manufacturing. A recognized leader in cybersecurity who has won a number of prestigious awards in the field, Lesley will be teaching SANS Industrial Control System courses.

Following four years as a Principal Incident Responder for Dragos, Lesley now manages a team of incident response and digital forensics professionals that investigates commodity, targeted, and insider threat cases in industrial networks. Lesley is also a certified instructor and curriculum developer for incident response and threat hunting courses for Dragos.

“I'm wired to manage chaos and crises, so incident response is my dream job,” Lesley explains. “It is also deeply important to me to do a job that is ethically sound and beneficial to society. The industrial cybersecurity space has little ethical ambiguity at all. It's keeping people and the environment safe.”

Lesley is particularly active in organizing activities at conferences and lecturing on digital forensics and incident response. Notable conferences keynotes have included Wild West Hacking Fest, Blue Team Con, Blue Hat Israel, and RSA. Lesley has been honored as the DEF CON Hacker of the Year and SANS Difference Maker, and was named a “Power Player” by SC Magazine and a “Top 10 Influencer in Cybersecurity” by GlobalData.

Lesley is active in tweeting (more than 100,000 followers) and mentoring (at Tisiphone.net ) about cybersecurity, and also runs a free online hacking/cybersecurity conference called PancakesCon, which builds community and provides education for junior professionals and students.

“I mentor junior people in cybersecurity a lot,” Lesley notes. “Every once in a while I run into somebody months or years later who I have a fuzzy memory of meeting with for a short appointment who says that just having somebody listen and advise prudently made a huge difference in their career path. It means the world to me to hear about their success and that I played some tiny part.”

Lesley has a long association with SANS, having earned the GCFA, GCFE, GREM, GPEN, GCIH and GRID cybersecurity certifications and taken SANS courses since 2008.

“Industrial incident response and digital forensics has been my world for a decade and a half,” Lesley says. “I have approached the problem of responding to intrusions and tampering in cyber-physical environments from a variety of perspectives across an array of verticals. I understand the technical challenges and the human elements very well, and I have relatable stories to share with students.”

Prior to joining Dragos, Lesley was the Incident Response Team Lead at Motorola Solutions. Lesley is proud to have served in the U.S. Air Force Reserves and has a Bachelor of Science in Network Engineering from DePaul University.

Drawing on an extensive ICS background, Lesley understands current trends and what it takes to teach ICS at the cutting edge.

“Industrial cybersecurity is a big shift from standard IT cybersecurity, it requires much more awareness of holistic industrial processes, safety, and real-life impacts – and a lot of creative adaptation accordingly,” Lesley explains “Due to the prevalence of legacy systems, it also requires a solid understanding of computing and cybersecurity fundamentals. Modern tools are often unusable or unavailable. Modern over-reliance on automated tooling can make this quite a challenge for newcomers. Teaching SANS courses will give me the opportunity to teach this mindset from multiple perspectives.”