australian leadership threat hunting …...threat hunting workshop presented by the school of...

PRESENTER

Kris is a cybersecurity professional with over 15 years leading and innovating information security operations.

Kris was most recently the Senior Director of Hunting Operations at CrowdStrike, Inc., considered by MIT to be one of the 50 most innovative companies in the world (2013). Over the past 15 years, Kris has served in a variety of leadership roles within public and private sectors. He was recognized numerous times during his active duty Air Force career, where he led one of the largest Cyber Security Operations Centers in the world, achieving the status of the federal government’s #1 organization of its type. Kris’ personal accolades include recognition as the U.S. Air Force’s #1 cyber security officer.

With the thought leadership he gained from his Air Force experiences, Kris took a new model for cyber security operations with him to General Electric. There he employed a revolutionary approach to catching cyber hackers, serving a third of GE’s P&Ls with a team only 10% the size of the traditional model.

At CrowdStrike, Kris further invested in his unconventional security model to build arguably the most successful cyber security operations center in the world, catching nation-state-sponsored hackers breaking into household-name companies and organizations daily. His customers included roughly 15 of the Fortune 100 and half of the largest global banks.

QUALIFICATIONS

Thought leader with hands-on experience and leadership roles in all aspects of cyber security. Formal technical and leadership training combined with real-life experiences in pioneering cyber security intelligence, prevention, detection, and response capabilities.

• Proven ability to lead large and small teams in a highlytechnical and fast-paced environment

• Strong experience influencing peers and stakeholderstowards new strategies

• Demonstrated history of resourceful innovation to prevent,detect, and respond to advanced persistent threats (APT)

• Led team awarded the Federal Government’s #1 InformationAssurance Organization of the Year (Rowlett Award)

• Awarded the organization’s Junior Manager (CGO) of theYear out of 115 candidates around the globe

• Recognized as the #1 graduate from the AF’s elite NetworkWarfare school (UNWT/INWT)

• 1 of 16 selected from 3,500 managers for a multi-dayexecutive exposure program (AIA’s Sensor Spotlight)

• Published and presented work at the 5th InternationalConference on Information Warfare and Security

• Recognized as an information security Subject Matter Expertthrough the Federal Government’s Information AssuranceTechnology Analysis Center

• Presented at the NSA’s inaugural Threat Hunting Summit

• Presented cutting edge threat hunting methodologies atseveral other information security conferences and webinars.

AUSTRALIAN LEADERSHIP THREAT HUNTING WORKSHOP

PRESENTED BY THE SCHOOL OF INFORMATION TECHNOLOGY AND ELECTRICAL ENGINEERING IN CONJUNCTION WITH ARGO P@CIFIC

KRIS T. MERRITT

PREVIOUS WORK EXPERIENCE

Co-founder, Vector8, Inc., Englewood, CO. October 2016

• Founded a for-profit company to bring proven threathunting methodologies and technologies to a wider audience

• Develop business strategy, operate financial and productroadmaps, create key partnerships with purposeful businessdevelopment, and conduct business operations

Senior Director, Hunting Operations, CrowdStrike, Inc., Remote. December 2012 – October 2016

• Started, led, and matured CrowdStrike’s threat huntingservice and internal threat hunting teams

• Discovered hundreds of nation-state sponsored attackswithin a scope of 1M+ computers across 160+ countries

• Drove discovery and keyed response to APT attacks in 35minutes on average, compared to the industry average of 273days

• Led team that identified and initially scoped the DemocraticNational Committee (DNC) hack

Lead, Intrusion Detection for General Electric (GE) Aviation and GE Energy, Van Buren Township, MI. September 2010 – December 2012

• Led intrusion detection team to identify targeted cyberattacks into GE Aviation and GE Energy computer networks

• Developed strategy to enable more efficient, expeditious,and reliable processes to protect GE data from next-generation threats

• Founded the major pillars of information security operationsand created a capability maturity model that ultimately drovea reorganization of cyber intelligence, incident response,security tools support, and APT detection teams

MS Student, AF Institute of Technology and Instructor, AF Center for Cyberspace Research, Dayton, OH. August 2009 – September 2010

• Developed and taught original curricula for AF’s Cyberprofessional continuing education targeting mid- and senior-grade military officers

• Completed all required coursework for Cyber Operationsmasters degree

Lead, AF Network Warfare Weapons and Tactics Team, San Antonio, TX. June 2008 – August 2009• Led the AF’s only (at the time) dedicated network warfareweapons and tactics team

• Developed and validated network defense and attacktactics, techniques, and procedures that directly supported700+ network warfare technicians

• Utilized operational experience to co-develop andcommunicate an ITIL-based SOP strategy that proved to bea fundamental change to AF cyber security processes acrosshundreds of units and thousands of technicians



KRIS T. MERRITT

PREVIOUS WORK EXPERIENCE CONTINUED

Lead, Network Defense Team, Air Force Computer Emergency Response Team (AFCERT), San Antonio, TX. June 2007 – June 2008

• Led 150-member team in executing network defense for AFand United States Central Command

• Managed $125M in resources for 24/7 global real-timemonitoring of network intrusion detection sensors

• Developed and garnered support for short and long-termstrategies to contemporize AF network defense systems andoperational processes; lauded as the most significant changeto AF Enterprise Network architecture since its inception

Lead, Intrusion Prevention and Response Teams, AFCERT, San Antonio, TX. December 2005 – June 2007

• Led 23-member team in responding to intrusions intoAF computer networks as well as establishing intrusionprevention strategies to protect AF sensitive information

• Developed and implemented broad reaching preventionand response strategies on an enterprise network supportingapproximately 500,000 personnel and one million systems

• Organized and articulated incident activity that ultimatelyreceived Presidential visibility; consulted numerousfederal departments and national research laboratories ondevelopment of organic Incident Response Teams

Communications & Information Officer, Ramstein Air Base, Germany. December 2002 – December 2005

• Led 10-member team in preserving integrity and availabilityof a $35M network supporting 42,500 users

• Led 4-member team to engineer technical solutions forinformation systems directly supporting combat forces.

EDUCATION & CERTIFICATIONS

• MS in Cyber Operations, Air Force (AF) Institute ofTechnology; all but thesis

• MBA, University of Phoenix; 2007

• BS in Computer Engineering, United States AF Academy;2002

Leadership

• GE Crotonville Corporate Leadership Training; 2012

• Air Force Mid-level Officer Leadership Training; 2008

• Air Force Junior Officer Leadership Training; 2003

• United States Air Force Academy; 1998-2002

Technical

• GIAC Certified Forensic Analyst (GCFA), SANS Institute; 2011

• GIAC Security Essentials Certification (GSEC), SANS Institute;2007

• AF Undergraduate Network Warfare Training, HonorGraduate; 2007

U.S. NATIONAL SECURITY CLEARANCE: Information available upon request.



KRIS T. MERRITT

australian leadership threat hunting …...threat hunting workshop presented by the school of...

Documents