Our Next Episode
We are thrilled to be chatting with Phil Hagen, SANS Fellow, Principal Information Security Researcher at Red Canary, Author of FOR572: Advanced Network Forensics, Author of SOF-ELK.
Phil Hagen has built a career spanning deep technical execution, leadership, and executive responsibility in information security. He has supported mission-critical 24×7 environments, led a national security forensic services team of 85 professionals, and delivered forensic consulting to law enforcement, government, and commercial clients. Today, he is a Principal Information Security Researcher at Red Canary (a Zscaler company) and the author of SANS FOR572: Advanced Network Forensics.
Phil’s interest in cybersecurity began long before it was mainstream, starting in the late 1980s with early networking and evolving into a career focused on network-based investigations. He studied computer science at the U.S. Air Force Academy, served as a communications officer at Beale AFB and the Pentagon, and later transitioned into government contracting and advanced forensic work. A senior instructor with the SANS Institute, Phil leads FOR572, a hands-on course focused on investigating network-based incidents where traditional forensic artifacts may be missing. He is also the creator of SOF-ELK, a widely used DFIR platform built on the ELK stack.
Throughout his career, Phil has led major global investigations, including large-scale financial fraud cases spanning multiple countries and complex infrastructures. Known for his passion for mentorship, he takes pride in the success of the many professionals he has trained and led over the years. Outside of cybersecurity, Phil is an avid runner and craft beer enthusiast, often exploring local breweries wherever he travels.
