image-1
Menu
Linkedin Icon Twitter Icon Github Icon Medium Icon

Unlocking Cybersecurity Insights:
Author, Teacher, Speaker.

0 +
Years nurturing expertise in Human Intelligence
0 +
Years Of Experience
0 +
Organizations strengthened
0 +
Happy Clients
0 +
Years Of Experience
0 +
Organizations strengthened

Who is Sean O’Connor?

Sean O’Connor has predominately worked in the Intelligence Community (IC), starting his career, like many do, in the US military, where he worked in various intelligence disciplines, ranging from Human Intelligence (HUMINT) to tactical Signals Intelligence (SIGINT), and later serving as a Counterintelligence (CI) contractor for the Department of Defense (DoD).

Sean has always been passionate about all things intelligence and all things cyber. With this combined passion, Sean decided after his third tour in Afghanistan, to transition to the private sector as a Cyber Threat Intelligence (CTI) researcher for Dell Secureworks in the exclusive Counter Threat Unit (CTU). “The intelligence training and experience I obtained throughout my military career and in the DoD gave me the tools necessary to build the CTU’s first ever virtual HUMINT team.” By applying traditional HUMINT tradecraft through sock puppet accounts, the CTU vHUMINT team was able to infiltrate dark web cybercriminal networks for the purpose of collecting, analyzing and producing intelligence.

After six years in the Secureworks CTU, Sean took on a new opportunity with KPMG US as their head of Threat Intelligence, where he built the CTI program for the US, LATAM, and Israel member firms. Fast forward to today, Sean is the Global Head of the Equinix Threat Analysis Center (ETAC), which is comprised of teams focused on threat intelligence research, threat hunting, consulting services and data analytics.

Author & Teacher

Sean is a Partnered Faculty member, instructor, and Project Coordinator at Georgia State University’s Evidence-Based Cybersecurity (EBCS) Research Group. Sean partnered with EBCS to coauthor GSU’s first ever Darknet Intelligence course, which is taught to various Law Enforcement agencies. Sean is a firm believer in continuing education, especially in the field of CTI. “As analysts we should always be trying to keep up with the ever-evolving threat landscape, and as an instructor, I enjoy teaching these topics to anyone who has the willingness to learn,” he says. Through years of covert cybercrime intelligence operations, Sean identified how these criminals were laundering their money, such as through the use of cryptocurrency mixing/tumbling services, illicit exchanges, and Dark Web marketplaces. “Intelligence is a crucial piece of the puzzle that can significantly benefit cyber professionals in the DFIR cases they respond to. However, the cyber threat landscape continues to evolve, and as such, so should the intelligence supporting these DFIR cases,” says Sean. With Blockchain and Dark Web Intelligence, responders can better understand the criminals involved in their investigations. In some cases, this intelligence can give Law Enforcement (LE) agencies the evidence they need to attribute activity to individuals, allowing LE to make arrests. These kind of observations are captured in the all new SANS FOR589 course, which will be available to the public in 2023. As the lead author of FOR589, Sean takes CTI a step further by teaching students how to collect, analyze, and produce intelligence derived from cybercriminals’ cryptocurrency activity and from the dark web. Take a sneak peek at SANS first ever cybercrime intelligence course.

Mentorship

Sean’s unique background enables him to share his experience with his students through the courses he has authored and through mentorship opportunities. An example of this that Sean is most proud of is the mentorship he provides to veterans who are transitioning out of the military and into the civilian workforce. “I was so fortunate to have had a successful transition out of the defense sector because I was able to translate the skills that I had obtained while in the military into the needs of the private sector, and I want to help as many veterans as I can do the same thing,” Sean explains.

Volunteering

In his spare time, Sean enjoys traveling, playing soccer (futbol), reading, working out, and spending time with his family and friends. Sean also likes to volunteer his time to non-profit organizations and causes that he supports in both the physical and cyber space, such as the CTI-League, which works side by side with law enforcement to protect healthcare organizations from cybercriminals, and was recognized by SANS as a 2020 Difference Maker. Sean founded the CTI-League’s Darknet Intelligence team (CTIL Dark), which publishes an annual dark web threat landscape report on cybercriminal threats to the healthcare sector.

Profile Summary

Sean O’Connor is an industry expert with nearly 15 years of experience in various security disciplines, ranging from Counterintelligence (CI), Human Intelligence (HUMINT), Digital Forensics & Incident Response (DFIR) for the defense sector, to managing security research teams and building Cyber Threat Intelligence (CTI) programs for the private sector. He is an author, a teacher, holds a number of industry certifications, has been invited to speak at international conferences and quoted by media outlets on various security research topics. Sean currently serves as the Global Head of the Equinix Threat Analysis Center (ETAC)™, which is comprised of some of the world’s top security experts who identify and analyze emerging cyber threats, while developing countermeasures to better protect Equinix and its customers. He is passionate about volunteering his time to causes that he supports such as the CTI League and Curated Intelligence, as well as providing mentoring opportunities to students and to veterans looking to break into the cybersecurity industry. On top of all this, Sean is the author and the course lead for the new SANS FOR589 course.

With an extensive background spanning 15 years in security leadership, Sean O’Connor stands as a distinguished expert. As both an accomplished author and dedicated educator, he imparts his knowledge with passion. Sean’s influential speaking engagements resonate widely, and his perspectives often find a place in media narratives, further solidifying his reputation in the field.

Sean O'Connor (He/Him) Follow

Head of @Equinix Threat Analysis Center (ETAC) | @sansforensics Author | @curatedintel contributor | Husband, Father, Veteran. Thoughts are my own

vHUMINT
Retweet on Twitter Sean O'Connor (He/Him) Retweeted
sneakymonk3y Mark @sneakymonk3y ·
24 Nov

.@TrendMicro kudos to the team that put this together.

180+ page report - Exploring forensic evidence and detection methods for remote monitoring and management (RMM) tooling. Also including common sync tools used in incidents.

https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
#DFIR #RMM

Reply on Twitter 1728075909947641914 Retweet on Twitter 1728075909947641914 122 Like on Twitter 1728075909947641914 361 Twitter 1728075909947641914
Retweet on Twitter Sean O'Connor (He/Him) Retweeted
josh_penny Joshua Penny @josh_penny ·
24 Nov

🚨New Analysis🚨: #LockBit 3.0 Exploit CVE 2023–4966 #CitrixBleed

@MichalKoczwara and I deep dive into the recent #CISA LockBit advisory, looking at IOCs provided by @Boeing to uncover additional #infrastructure.

Hope you find it an interesting read!

Link & Findings👇

Reply on Twitter 1728073811944149025 Retweet on Twitter 1728073811944149025 109 Like on Twitter 1728073811944149025 293 Twitter 1728073811944149025
Retweet on Twitter Sean O'Connor (He/Him) Retweeted
msftsecintel Microsoft Threat Intelligence @msftsecintel ·
22 Nov

Microsoft has uncovered a supply chain attack by North Korean threat actor Diamond Sleet (ZINC) involving the modification of an installer file from software maker CyberLink. The payload calls back to attacker infrastructure for instructions. Learn more:

Reply on Twitter 1727373881206296891 Retweet on Twitter 1727373881206296891 231 Like on Twitter 1727373881206296891 441 Twitter 1727373881206296891
Retweet on Twitter Sean O'Connor (He/Him) Retweeted
threatlabz Zscaler ThreatLabz @threatlabz ·
16 Nov

The #Trigona ransomware group is back online and extorting victims after the Ukrainian Cyber Alliance infiltrated and took down the infrastructure.

New victim portal URL: http://znuzuy4hkjacew5y2q7mo63hufhzzjtsr2bkjetxqjibk4ctfl7jghyd.onion

Reply on Twitter 1725201184372506941 Retweet on Twitter 1725201184372506941 22 Like on Twitter 1725201184372506941 43 Twitter 1725201184372506941
Load More

Quick Links

Social

Get In Touch

2023 Humint All Rights Reserved

Interested in Having a Chat? Schedule a consultation.

Let's Talk