Ryan Thompson is currently working as a Senior Intrusion Researcher at Crowdstrike. His primary functions include conducting post-mortem analysis on hands-on intrusions and researching attacker techniques and trends. Previously, Ryan has worked as an Instructor at Elastic teaching the Air Force, Navy, and Army to conduct threat hunting using open source tools such as Kibana, Suricata, and Zeek. Before that, he was a Senior Security Analyst at Alert Logic providing weekly recommendations to clients using packet analysis, IDS alerts, and log-based investigations. He currently holds several SANS certs and is a TA for SANS FOR508 (GCFA).