Sondra J. Schneider ( Resume)
Founder & President / Administrator

Full Time Professor, Lead PKI Instructor, CISSP, CEH/ Q/EH, ESCA/ Q/SA, Q/PTL, CHFI/ Q/FE, Q/ND, ISO 27001 Lead Auditor, Grant Officer.

A 31-year information security industry veteran, Sondra Schneider is the President of SU, an Information Security & Assurance Certification and Training Education Company. For the past 25 years Sondra has been traveling around the world training network professionals to be network and security professionals. In 2008 the NSA approved SU’s Q/ISP “hands-on” performance-based qualified security certifications for the information & assurance community. The new “Qualified” Q/ISP Certificate Program and micro Q/EH, Q/SA-Q/PTL, Q/FE & Q/ND Certifications were NSA 4011, 4012, 4013A, 4014, 4015 and 4016 A in 2008- 2018 when the NSA expired the CNSS credentials and created the CAE 4 year degree [only] programs.

In 2004 Ms. Schneider was awarded “Entrepreneur of the year” for the First Annual Woman of Innovation Awards from the CT Technology Council. She is an active advisor for the CT Technology Counsel, and advisers 3 computer security internet (start-up) technology companies and a frequent speaker at computer security and industry events. She is a founding member of the NYC HTCIA and IETF, and works closely with the vendor community to provide information security certification training to comply with the 8570 DoDM mandate.

Ms. Schneider specializes in password and identity management – access, authentication and PKI systems, biometrics, networks and security, network perimeter architecture and security, vulnerability auditing, intrusion detection, and broad band networks. Prior to founding SU, she was a founding partner of the first information security consulting practice located in New York City ( since acquired by Price Waterhouse/True Secure) where she developed information security consulting, training & certifications processes for Fortune 500 customers and developed and managed Federal IA/IS consulting projects. Ms. Schneider has been a pioneer in information security technologies since 1992 when she began her career delivering 45 mega bit broadband services along the eastern seaboard for first implementation of the “internet” with MFS DataNet. While with MFS DataNet she was part of the team that built the first “downstream ISP provider” market - AOL, PSI Net & Earthlink etc. After MFS DataNet was acquired in 1993, she left to pursue a new Internet role at ATT as the first ATT Internet Specialist where she used her MFS Datanet internet skills to create and deliver the first internet sites for ATT. Ms Schneider was tasked with educating large (10M+) ATT client accounts about internet access as a business process tool. And in 1995 she was involved with the first ATT branded firewall (Site Patrol) from BBN to protect corporate networks as they deployed Internet access across closed networks. In 1996, she accepted the Director of Business Development position in the Northeast for the WheelGroup Corporation ( since acquired by CISC O in 1997), where she was responsible for the “introduction and implementation” of the CISC O/ WheelGroup NetRanger intrusion detection and NetSonar network auditing tools product line with large customers and VARs. Capitalizing on her earlier product experience with ATT, she brought real-time intrusion detection systems and tools to financial institutions telcos, healthcare, and Fortune 500 customers.

Greg Ecklin ( Resume)
CTO - SU Chief Technology Officer

As CTO of Security University Greg has been pivotal in the qualifying and upskilling the DMV adult cybersecurity workforce. Security University is 32,000 strong. Greg is a veteran and 2013 West Point Graduate who brings his Army Cyber Warrior experience leading a national incident response team of 23 cyber professionals conducting defensive cyberspace operations for the Cyber Protection Brigade to Security University’s [2018 NSA approved] MSA-CESS Accredited, SCHEV approved Q/ISP Qualified Cybersecurity Certificate Program of Mastery. Greg brings his MITRE experience building and leading cyber teams in offensive and defensive cybersecurity assessments against national security interests to SU student qualified practicum’s. Greg’s entrepreneur and small business experience helps SU identify how to qualify, upskill and validate our adult cybersecurity workforce to advance our nation’s cyber security.

Greg is a seasoned cyber security professional who is an innovative, results-oriented leader with 12 years of building and leading technical teams in cybersecurity and IT, focused on operational agility and “adaptability” across organizations. A technically proficient cybersecurity professional and SME, Greg is a strong leader with exceptional communication skills with significant experience in leading large-scale programs, and a practical approach to problem solving. Greg CISO senior leadership position leverages his cybersecurity knowledge across the IT infrastructure.

Additionally, Greg runs Big Bytes a veteran owned small business serving small and medium IT/cyber clients. Greg drives the modernization and cyber transformation of his clients. His focus is on streamlining services and reducing IT/Cyber complexity while enabling business units and decreasing the attack surface. 

Ken Cutler CISSP, CISM, CISA, Security, CASP ( Resume)
Director Professional Cyber Security Certification Programs / Instructor

Ken Cutler is Director, Professional Training Certification classes. His responsibilities include CyberSecurity and professional certification curriculum development and senior lead instructor for SU. He is an internationally recognized consultant, lecturer, and hands-on trainer in the Information Security and IT audit fields. Previously, Ken founded the Information Security curriculum for MIS Training Institute in 1993 and served as training department head, conference/symposium chair, and lead instructor for over 18 years. He has delivered a wide array of lecture and hands-on courses throughout the United States, including numerous US government agencies, as well as, in Russia, United Kingdom, Netherlands, Finland, Nigeria, Ghana, Tunisia, South Africa, Serbia, Mexico, United Arab Emirates, Oman, Greece, Singapore, and Hong Kong
Previously, Ken has headed major Information Security and Quality Assurance programs at American Express Travel Related Services and Lockheed-Martin (Martin Marietta) and has been a Fortune 500 company Chief Technology Officer (Moore McCormack Resources). His industry experience includes: insurance, banking, financial services, healthcare, natural resources, manufacturing, government contracting, security and audit software product design and utilization, consulting and training.

Mr. Cutler has been a long-time active participant and advisor in US federal, international government, and industry security standards initiatives and co-authored NIST SP 800-41, “Guidelines on Firewalls and Firewall Policy”. Ken has also published works on the intricacies of Information Security, security architecture, disaster recovery planning, security, vulnerability testing, firewalls, and single sign-on. In addition, he has been frequently quoted in popular trade publications such as Healthcare Information Security Newsletter, Computerworld , Information Security Magazine , Infoworld, InformationWeek, CIO Bulletin, and MIS TransMISsion. Mr. Cutler was featured in a special TV program entitled, “The Electronic Battlefield” , on Abu Dhabi, UAE Public TV.

Mr. Cutler is also the Founder and Principal Consultant of KCA InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. His input on vulnerability and risk assessment tools has been frequently sought out by major software vendors. Ken served as a Certified Weather Forecaster in the US Air Force and was decorated for his exemplary performance during his overseas duty assignment in Alaska.

Mr. Cutler is also the Founder and Principal Consultant of KCA InfoSec Assurance, an independent consulting firm delivering a wide array of Information Security and IT Audit management and technical professional services. His input on vulnerability and risk assessment tools has been frequently sought out by major software vendors.

Ken served as a Certified Weather Forecaster in the US Air Force and was decorated for his exemplary performance during his overseas duty assignment in Alaska.

Kevin Cardwell ( Resume)
Director of SU Qualified/ Performance Based Cyber Security Certificate Programs Q/ISP, Q/IAP, Q/WP, Q/CND / Instructor

Kevin Cardwell spent 22 years in the U.S. Navy, during this time he tested and evaluated Surveillance and Weapon system software, some of this work was on projects like the Multi- Sensor Torpedo Alertment Processor (MSTRAP), Tactical Decision Support System (TDSS), Computer Aided Dead Reckoning Tracer (CADRT), Advanced Radar Periscope Discrimination and Detection (ARPDD), and the Remote Mine Hunting System (RMHS). He has worked as both software and systems engineer on a variety of Department of Defense projects and was selected to head the team that built a Network Operations Center (NOC) that provided services to the command ashore and ships at sea in the Norwegian Sea and Atlantic Ocean . He served as the Leading Chief of Information Security at the NOC for six years prior to retiring from the U.S. Navy. During this time he was the leader of a 5 person Red Team that had a 100% success rate at compromising systems and networks. He currently works as a freE-lance consultant and provides consulting services for companies throughout the US , UK and Europe . He is an Adjunct Associate Professor for the University of Maryland University College where he participated in the team that developed the Information Assurance program for Graduate Students which is recognized as a Center of Excellence program by the National Security Agency (NSA). He is an Instructor and Technical Editor for Computer Forensics, and Hacking courses. He has presented at the Blackhat USA Conference. He is a Certified Ethical Hacker (CEH), and holds a BS in Computer Science from National University in California and a MS in Software Engineering from the Southern Methodist University (SMU) in Texas. His current research projects are in Computer Forensic evidence collection on "live" systems, Professional Security Testing and Advanced Rootkit technologies.

Randy Kohler ( Resume)
Director of Cyber Security Training and Curriculum Development / Instructor, Security +, SecureX, Q/EH, C|EH 2024

Randy brings over 20 years of security related experience with the last 15 with institutional instruction in a multitude of different security roles. Randy’s clientsincluded corporate executives, small businesses, U.S. Air Force & Navy, non-profit organizations, colleges, and local radio stations. Senior Consultant & Senior Technical Instructor & Senior Penetration Tester • Assisted in the process of getting over 10,000+ students certified from Network+,Security+,CySA+,CASP+,CEH,CHFI and many more since 2001. He has high energy and encouraging outlook with a compelling desire for team continuity• Exceptional presentation and customer service skills • Superb competency in IT security, network design, maintenance & project management • Impeccable work ethic, steadfast dedication, and high integrity • Noteworthy ambitious attitude • Self-motivated, quick-witted and inspiring.

Char Sample - Adjunct & Advisor ( Resume)

Academically and professionally experienced cyber security professional with over 23 years of experience in network security and software engineering. Internet security experiences include expertise with firewalls, IDS, IPS, Anomaly Detection, DNS, DNSSEC, Mail, routing, authentication, encryption, secure network architectures, cloud computing (IaaS, PaaS) and Unix internals. Experienced in designing and developing Internet security products. Additional experiences in relating cultural influences in computer network attack behaviors. Published author. Invited speaker at international conferences and forums.

Dr. Sample recently defended her dissertation on “Culture and Computer Network Attack Behaviors” at Capitol College in Laurel, Maryland.“ Other areas of research interest include: Cloud Computing, Anomaly Detection methods, Big Data, and DNS.
Doctor of Science, Information Assurance, Capitol College (Laurel, Maryland) May 2013

Title: Culture and Computer Network Attack Behaviors
Master of Science, Systems Management, Capitol College (Laurel, Maryland) May 1995 - Telecommunications Systems
Bachelor of Science, University of Pittsburgh, August 1984. Majjor: Computer Science   Minor: Math

RESEARCH AREAS: Interdisciplinary research combining social sciences and cybersecurity, data fidelity, artificial intelligence, malicious use of artificial intelligence, machine learning, adversarial machine learning, fake news, threat intelligence, metrics, cyber operations modeling and simulation, cyber mission force development and preparation, DNS security, routing security, security architecture issues, anomaly detection techniques, big data, cloud security analytics, quantifying behaviors, firewalls, IDS and monitoring solutions.

Gale Pomper - Adjunct & Advisor ( Resume)

Gale Pomper has over 27 years of experience installing and designing computer networks. She holds numerous certifications from Microsoft, Novell, and CompTIA, including Server+, MCT, MCSE, MCTS for SharePoint , and MCTS and EMA for Exchange 2007. She is the principal author for an exam guide for Windows 2000 Active Directory published in December 2001, and a contributing author for Windows XP Power Pack published in March 2003. For the past 15 years, Gale has been an independent consultant providing network design services, customized training, and SharePoint implementation services. In 2007, Ms. Pomper took a position working for the Department of Defense as a Global Exploitation and Vulnerability Analyst and is currently a Program Director for her office. She is a CISSP.

David Spivey - Instructor, Systems Engineer, Major Accounts Palo Alto Networkds CSE Q/AAP

David brings over 20 years of security related experience with the last 18 with Cisco in a multitude of different security roles. David bring's real-world deployment, implementation, root cause analysis, security posture assessments, and architectures for some of the largest global organizations.

Some security engagements that David has been involved with include Microsoft, Intel, GM, Ford, Best Buy, Target, CAT, State Farm, Eli Lilly, Cummins, Wellpoint, United Healthcare and the largest financial institutions. These engagements have included but not limited to IPS, DDoS, PKI, 802.1x/Radius Control Planes, Firewall, Botnet Filtering, Security Posture Audit & Assessments.

David has been instructing for clients, internal Cisco and at external conferences like Secure360 for the last 10 years. He brings real-world examples and experiences to the classroom often discussing what he can in detail for your information analysis.

David graduated from WKU with a Bachelor of Science in Mathematics/Computer Science and has extensive Graduate work within Mathematics Topology and Group Theory disciplines.

Behzad Salimi - Instructor ( Resume)

Frederick Haggerty - SU Advisor Forensics, Security+, CEH, CHFI, Q/FE

Frederick Haggerty is an accomplished Senior Java/J2EE Developer with 15+ years of experience in providing technical solutions that improve scalability, performance, and productivity for a variety of organizations.

As a Senior Java/J2EE Developer, Frederick h as extensive experience in building mission critical web-based systems — providing enterprise application integration, designing and implementing solutions using SOA and Web Services, and integrating technologies like JAAS and JSF, Spring and Hibernate, and a variety of other Java frameworks. He has also been involved in all phases of Software Development Life Cycle (SDLC) for small and large scale projects.

Frederick's areas of technical expertise include designing and implementing secure web-based systems, using middleware technologies, implementing the Role Based Access Control (RBAC) security model using Java Authentication and Authorization Service (JAAS) to secure Java applications, and building Enterprise Service Bus (ESB) applications. His experience also includes designing, developing, and building secure web services with JAX-WS/JAXB and SAML authentication (X509 Certificates, LDAP), which allows for logging, monitoring and alerting, and ensuring strict compliance to the Privacy Act for PII data.

Throughout his career, Frederick has supported a wide range of clients that have spanned many areas such as DOD, law enforcement (FBI/NCIS), and DOI, as well as non-profit organizations.

Most recently, Frederick has focused primarily on digital forensics and information security program development, to include security policy development for small and medium organizations. He has combined his expert knowledge in building complex systems and his technical proficiency in information security to help companies achieve an overall better security posture.

Michael Penders - SU Instructor CMMC & ISO 27001 Lead Auditor / Lead Implementer ( Resume)

Chairman/ President, Environmental Security International L3C (ESI) (2001 to Present)

Founding Principal and Chief Executive Officer of consulting firm which conducts assessments, investigations, and designs compliance programs; ESI implements Environmental and Security Management Systems conforming to standards for Best Practices; ESI provides training in the implementation and enforcement of environmental laws and best practices in risk assessment and security management; ESI offers facilitation, mediation, policy and legal services. Clients have included: NATO; EPA; DOD; DOE; WCO; Port Authorities and Public Utilities; Government Agencies, Associations and Corporations in North America, Europe, Asia and the Middle East.
Select Accomplishments, Leadership Positions, and Publications:

• Transportation Research Board (TRB) Critical Infrastructure Protection Committees;
• Chair, US-Israel Working Group of Experts in Management Systems, Standards and Security. Facilitated agreement on first international standard for integrated Security Management System (SMS) now reflected in ISO 28000 standards and DHS Regulations;
• US Technical Advisory Groups (TAG) ISO TC8 for ISO DIS 20858 for Maritime Port Facility Assessment and Security Plan Development; ISO 28000, US ANSI Strategic Advisory Group (SAG) on Integrated Management System Standards; ANSI DHS Homeland Security Panel;
• Judge, Secretary of Defense Environmental Excellence Awards (2006 to present);
• Testified before Chairman of the Senate Judiciary Committee on environmental law enforcement, homeland security policy, audit and risk management system standards;
• Lead Investigator of pilot projects testing integrated security assessments, management system design, and implementation at critical infrastructure facilities, including ports;
• Chairman, Homeland Security Committee, American Bar Association (ABA), Section of Environment, Energy, and Natural Resources (SEER) (August, 2007 to 2010);

John Ellwood Saurbaugh - Instructor ( Resume)

Steven B. Wyllie - Instructor ( Resume)

Daniel Conroy - Advisor ( Resume)

Previous CISO Synchrony, head of Strategy, Planning and Governance Citibank,Daniel Conroy was MD & Chief Information Security Officer at The Bank of New York Mellon for four years. In 2009 he received the ‘Best in Class’ BNYM award which recognizes individuals/ teams who demonstrate a spirit of dedication & ingenuity. Daniel enhanced monitoring, identification & control within the information security environment through the procurement & implementation of additional software & toolsets. Daniel focused on the increased involvement of organized crime in this arena:* State sponsored cyber threats* Growing insider threats* Legislative initiatives. Daniel’s group had responsibility for threat & vulnerability assessments, incident response, security architecture, network monitoring, data loss prevention, policies & standards, security awareness, client assessment/communications, information classification & database monitoring. In 2010, he was a speaker at the RSA Conference & delivered a presentation on integrating SEIM with network access control. Daniel’s project regarding the governance & control of Internal Social Media was awarded a national honor, Best Project in the Information Security category, at Technology Managers Forum in 2010.

Also in 2010, Daniel was a finalist for Information Security Executive of the Year (Northeast Sector) for 2010 at T.E.N. In 2011 Daniel presented at numerous high-profile conferences & events across the United Sates such as the FS-ISAC conference in Miami, FL, IT-GRC summit in Boston, MA & IT Roadmap conferences nationwide & is recognized as an expert in his field. Once again, Daniel & his team were finalists in the ISE North America competition. Daniel has been guest lecturer at the Institute of Technology, Tallaght for several years.In April '11, Daniel featured in CIO Digest magazine with an article titled "Preparing & Adapting".

Steve Boddy

Ambitious thought leader with a tech-savvy approach towards collaborative innovation. Lead the best of breed technologists at tip of the spear on high value mission-critical programs designed to safeguard information essential to maintain national security in identity and access management of the cyber frontier. •Results-driven Program Manager actualizing strategies to identify cadence and synchronization requirements to create complex software products. Combine strong team leadership, consensus building and talent development to create agile teams that transform business objectives into effective solutions using Scrum, Kanban, Lean and the Scaled Agile Framework.

More than three decades of experience in increasingly challenging information technology, management, and administrative positions. Exceptionally talented at leading cooperative efforts for creating solutions to overcome IT issues with cross-integration of system implementation, information security, and technical management in agile DevOps environments.

H. Morrow Long - CISSP, CEH, CHFI
Instructor - Qualified/ Information Security Professional Program (Q/ISP) (On Sabbatical)

H. Morrow Long is Director Qualified/ Information Security Professional (Q/ISP) Programs @ SU. Morrow has been a presenter at (and organizer of) several conferences as well as an instructor at Yale University, Fairfield University, the University of New Haven, Gateway Community Technical College and a number of private training institutes.

H. Morrow Long (CISSP, CISM, CEH, Q/EH, Q/SA - Q/PTL, Q/FE, Q/ND) is the Yale University Information Security Officer, Director of the Information Security Office and DMCA Notification Agent for Yale University. He has been with Yale University for the past 23 years, participating in many campus and IT projects (Y2K Planning, Business Continuity/DR, Oracle Financials/HR Business Modernization Project, Yale's Windows NT to Windows 2000 Active Directory Migration Project, HIPAA Security). 

Morrow Long is also a Visiting Scientist with the Carnegie Mellon University Software Engineering Institute's in the CERT/Networked Systems Survivability group. 

Mr. Long is a UNIX, NT and TCP/IP security expert, an author, consultant and educator with more than 26 years of experience with the IP (Internet Protocol) networking protocols and over 13 years of experience designing Internet/Intranet firewalls and information security solutions. 

Morrow has written and released several information security software programs into the public domain (including one of the first TCP portscanners and the first audio Web server CGI cited in Wired magazine).

Morrow has taught computer science, networking and information security courses at several Universities (including Yale, the University of New Haven and Fairfield University) and private seminar institutes (including SecurityUniversity).

Mr. Long was one of the original participants in the Infragard program in Connecticut. Morrow was on the executive board of CUISP (Campus University & Information Security Professionals) and also participates in the EDUCAUSE/I2 Computer/Network Security Task Force (a founder of the annual Educause Security Professionals Conference), CISDG (CT InfoSec Discussion Group) and is President of the Connecticut ISSA Chapter. 

Prior to working at Yale University Mr. Long was a Member Technical Staff at the ITT Advanced Technology Labs in Stratford and Shelton (1984-6) Connecticut and a Lead Programmer Analyst developing INVESTWARE(TM) at New England Management Systems (NEMS 1982-84).Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986).

Mr. Long holds a B.S. in Communications from the Boston University School of Communication (1981) and a M.S. C.I.S. (Computing and Information Systems) from the University of New Haven (1986) as well as CISSP®, CISM® and CEH™ certification. Morrow has contributed to several papers and books on computer security, computer crime, digital forensics, network survivability and information assurance.