Digital Forensic and Incident Response Strategist

Phil Hagen

Phil engages with the Digital Forensic and Incident Response (DFIR) community to ensure Red Canary’s endpoint security solution fits into DFIR processes at organizations of all sizes. Phil is a SANS Senior Instructor and course lead for SANS FOR572: Advanced Network Forensics. He has also held several previous positions at ManTech CFIA and worked as a communications officer in the US Air Force. He lives in coastal Delaware with his amazing wife and two kids, where he enjoys the local craft beer scene and is often found riding a OneWheel wherever he can.
Ransomware survival guide: A holistic approach to detection and mitigation
Everything you need to engage a virtual audience
Endpoint Security vs Network Security: Where to Invest Your Budget
Building security from the ground up as a team of one
MITRE ATT&CK Deep Dive: Persistence
ATT&CK Deep Dive: Defense Evasion
MITRE ATT&CK Deep Dive: Lateral Movement
How to use MITRE ATT&CK to mature your threat hunting program