Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Jason Ostrom

Certified InstructorFounder and Principal Consultant at Stora Information Security

Specialities

Offensive Operations, Cloud Security

Connect with Jason

Jason Ostrom
Jump to:

About Jason Ostrom

Jason has a curiosity for tinkering and building offensive things that has spanned his 23 year career in IT and penetration testing. He is a principal consultant at Stora Security where he helps clients improve their readiness for security incidents. Jason has helped over 225 organizations mature their Cyber Security programs by focusing on an offensive approach coupled with the many hats he has worn rolling up his sleeves within enterprises – CTO, Network Engineer, Coder, System Administrator, Cloud Architect, Incident Handler, and Penetration Tester. Jason has not only built and led Pentest practices, but also delivered SaaS software and new MDR/MSSP service offerings. He believes in giving back to the InfoSec community and enjoys creating open source security tools. Jason holds several certifications, including Cisco CCIE #15239, AWS Certified Solution Architect Associate, GPEN, GCIH, GCFA, AWS Certified Security Specialty, and Azure Security Engineer Associate.

Press & Media

More From Jason

  • Aria Cloud A remote penetration testing Docker container, with a focus on including cloud penetration testing tools for Azure, AWS, and GCP.
  • Purple Cloud Deploys a small Active Directory domain in Azure IaaS, using Terraform + Ansible. Joins three Windows 10 endpoints to a domain and includes a Linux Adversary.
  • VoIP hopper VoIP Hopper is a network infrastructure penetration testing tool to test the (in)security of VLANS as well as mimic the behavior of IP Phones to automatically VLAN Hop and demonstrate risks within IP Telephony network infrastructures.
  • Azure Velociraptor Deploys the Velociraptor live response DFIR agent in Azure IaaS, using Terraform + Ansible. Deploys one Velociraptor server and one Windows 10 endpoint configured to register the Velociraptor agent to the server.
  • HELK_Azure Deploys Hunting ELK (HELK) hunting SIEM into Azure IaaS, using Terraform + Ansible. Deploys one HELK server and one Windows 10 endpoint. The endpoint is auto-configured to ship SwiftOnSecurity Sysmon logs via Winlogbeat using Kafka transport. Default support for Mordor.
  • Hammer A learning demo example of a vulnerable Ruby on Rails application found in the wild. It leaks cloud API keys through a vulnerable middleware component. Docker container support as well as build instructions.

Students Say

Slide 1 of 0