Joel Esler

Open Source Manager & Threat Intelligence Team Lead

Joel Esler earned his stripes in intrusion analysis and incident response working for the U.S. Department of the Army. After earning a reputation for his work with Sourcefire’s Snort open source IDS, Sourcefire hired him in 2005 as a Senior Professional Services Consultant.

Esler quickly rose through the ranks at Sourcefire to become Senior Research Engineer for the Vulnerability Research Team (VRT) and Open Source Community Manager. In that dual role, he was responsible for threat detection created for the company’s Snort and ClamAV projects, as well as management of those open source projects.

In 2013, Esler joined Cisco following the company’s acquisition of Sourcefire. Today, as Threat Intelligence Team Lead and Open Source Manager for the Cisco Talos Security Intelligence and Research Group, Esler’s duties include threat actor tracking and attribution, and identifying new exploits and vulnerabilities “in the wild.” He is also responsible for the Open Source projects that originated at Sourcefire and are now part of the Cisco security solutions portfolio, such as Snort, ClamAV, Razorback, and Daemonlogger.

As part of the leadership for Talos, Esler plays a central role in coordinating the work of and cooperation between team members, who contribute diverse areas of expertise to enhance Cisco security products and help protect customer networks. He attributes his ongoing commitment to a career in security to his passion for solving puzzles and the fact that he loves facing new challenges every day.

Esler is a regular contributor to the Cisco Security and Open Source Blogs: http://blogs.cisco.com/author/joelesler/.

Previous roles

Prior to joining Sourcefire in 2005 as a Senior Professional Services Consultant, Esler was a contractor for Lockheed Martin. In that role, he worked for Lockheed Martin Information Technologies as a Senior Information Assurance Analyst and Computer Defense and Information Assurance Section Manager at the Regional Computer Emergency Response Team – South.

As a veteran of the U.S. Army, Esler served as a Multichannel Transmissions Supervisor for the U.S. Department of the Army.

More about Joel Esler …

For the past decade, Esler has been an advisor for the SANS certification process, specifically helping students to earn the Global Information Assurance Certification (GIAC) Gold Practical credential. He is responsible for the mentoring of and grading students’ GIAC Gold Papers, which is the core requirement for Gold certification.

Additionally, Esler is a Senior Handler for the SANS Internet Storm Center, a global cooperative cyber threat/Internet security monitor and alert system.

Esler is a co-author of the book, Snort® IDS and IPS Toolkit, published in 2007, and now admits that it is terribly outdated and shouldn't be used as a current manual.

When he’s not tinkering with computers and technology, Esler enjoys working on his 1968 Ford Mustang and spending time with his wife and three children.

From June 2012 to June 2014, Esler served as Mayor and Councilman for the town of Townsend, DE.


October 23, 2014


Snort has been released

1 min read

Following our February announcement of OpenAppId at RSA, we released an alpha version of Snort  Response has been extremely positive, with thousands of downloads of the platform, a beta release, a release candidate, and tons of feedback. Today we released Snort with built in OpenAppId technology, and it is now available for download […]

August 12, 2014


Cisco 2014 Midyear Security Report: Exploit Kit Creators Vying for ‘Market Leader’ Role

1 min read

Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested in Russia in late 2013, other malware creators […]

April 28, 2014


Cisco, a founding member of the Linux Foundation Initiative

1 min read

Our Cisco colleague Anthony Grieco wrote a quick blog post over on the Cisco Security blog announcing that Cisco is a proud supporter and founder of the Linux Foundation initiative announced on April 24th. We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open […]

March 10, 2014


Sourcefire Open Source Community Webinar

1 min read

First off, we’d like to thank everyone for their continued use of our projects and products here at Sourcefire, now a part of Cisco.  We love making great software, and we love for you to use it and contribute back.  It’s been a great transition so far into the Cisco community, and recently, we held […]

February 21, 2014


Open Source Community Meeting at RSA next week!

1 min read

After a lot of hard work by our teams, and with RSA just a few days away, we are proud to announce that along with Cisco and Sourcefire’s corporate teams being present at RSA, and for the first time at RSA we will also be holding an Open Source Community Meeting for Sourcefire’s Open Source […]

January 24, 2014


Snort from Sourcefire, now a part of Cisco

1 min read

Yesterday, the Snort team here at Sourcefire conducted its first major release of Snort now that we are part of the Cisco family, Snort  You can read more about this release over on the Snort.org Blog. In this version we released a lot of new features.  Features that have been requested by our community, and […]