Principal Information Security Specialist

Phil Hagen

Phil engages with the Digital Forensic and Incident Response (DFIR) community to ensure Red Canary’s endpoint security solution fits into DFIR processes at organizations of all sizes. Phil is a SANS Faculty Fellow and course lead for SANS FOR572: Advanced Network Forensics. He has also held several previous positions at ManTech CFIA and worked as a communications officer in the US Air Force. He lives in coastal Delaware with his amazing wife and two kids, where he enjoys the local craft beer scene and is often found riding a OneWheel wherever he can.

By This Author

Defying tunneling: A Wicked approach to detecting malicious network traffic

February 12, 2025

Threat detection

Defying tunneling: A Wicked approach to detecting malicious network traffic

Explore the new Atomic Red Team website

November 13, 2024

Testing and validation

Explore the new Atomic Red Team website

Better know a data source: Network telemetry

November 7, 2023

Better know a data source: Network telemetry

Ransomware survival guide: A holistic approach to detection and mitigation

August 26, 2020

Threat detection

Ransomware survival guide: A holistic approach to detection and mitigation

Everything you need to engage a virtual audience

July 8, 2020

Opinions & insights

Everything you need to engage a virtual audience

Endpoint Security vs Network Security: Where to Invest Your Budget

September 11, 2019

Opinions & insights

Endpoint Security vs Network Security: Where to Invest Your Budget

Building security from the ground up as a team of one

July 25, 2019

Opinions & insights

Building security from the ground up as a team of one

MITRE ATT&CK Deep Dive: Persistence

Webinars| MITRE ATT&CK

MITRE ATT&CK Deep Dive: Persistence

Security gaps? We got you.

Get curated insights on managed detection and response (MDR) services, threat intelligence, and security operations—delivered straight to your inbox every month.

Back to Top