Avatar

Tim Gurganus

Info Security Incident Manager, Cisco Active Threat Analytics

Cisco Security Services

Tim currently works for Cisco Systems as a security incident manager for the Active Threat Analytics service. Tim monitors client networks to detect security incidents and provides expert incident response against an ever-increasing list of attacks (phishing, malware infections, web application exploits, etc.) to ensure protection of company data, accounts and systems. He also develops investigation methods, analyzes threat trends and does vulnerability assessments. Tim enjoys teaching cybersecurity awareness and computer security principles, part-time, at a local university. He has given presentations recently on malware exploit kits, mobile device security, web application security, network security monitoring and compliance. He holds a B.S. degree in Computer Engineering and an M.S. degree in Integrated Manufacturing Systems Engineering. Tim’s certifications include: CISSP, GCFA, PCI-P, SFCP, MCSE and SCyber. His current interests are IT threat assessment, security metrics and threat management. He enjoys running honeypot systems in order to analyze hacker tactics and techniques. He studies malware analysis, phishing attacks and digital forensics. Over the last ten years, Tim has written over 30 published newspaper/blog articles and has done many presentations on information security for IT newsletters, Computer Security Awareness Month and Data Privacy Day. He has also been a faculty sponsor for teams in the International Capture the Flag competition and the Collegiate Cyber Defense Competition. Tim believes information security is a process (not a destination) that can only be achieved using a balanced, holistic approach which includes people, processes and technology.

Articles

May 12, 2015

SECURITY

Attackers Slipping Past Corporate Defenses with Macros and Cloud Hosting

6 min read

Macro malware is a good example of malware writers and distributors using old tricks that most users have forgotten to spread malware. Unlike earlier macro malware, these macros don’t infect other documents but download password stealing trojans and install them on targets. Macro malware typically arrives via email with an attachment that contains a macro-based phishing […]