Digital Forensic and Incident Response Strategist

Phil Hagen

Phil engages with the Digital Forensic and Incident Response (DFIR) community to ensure Red Canary’s endpoint security solution fits into DFIR processes at organizations of all sizes. Phil is a SANS Senior Instructor and course lead for SANS FOR572: Advanced Network Forensics. He has also held several previous positions at ManTech CFIA and worked as a communications officer in the US Air Force. He lives in coastal Delaware with his amazing wife and two kids, where he enjoys the local craft beer scene and is often found riding a OneWheel wherever he can.
Building security from the ground up as a team of one
ATT&CK Deep Dive: Persistence
ATT&CK Deep Dive: Defense Evasion
ATT&CK Deep Dive: Lateral Movement
How to Use the ATT&CK Framework to Mature Your Threat Hunting Program
Building a Winning Security Team: Practical Tips on Training and Team Development
Why the Philosophy of Continuous Monitoring Is Powerful
Common Security Mistake #3: Aimless Use of Threat Intelligence