Ryan Sommers

Ryan Sommers

Manager of Threat Intelligence and Incident Response

LogRhythm Labs Logo

My Role:

I came to LogRhythm to help build the Incident Investigation and Response Service team within LogRhythm Labs. This new service is targeted at providing security consulting to customers such as malware and forensic analysis capabilities. Customers can use this service to augment their own internal security teams or fully operationalize their LogRhythm deployments.

In this role, my primary goal is to help customers use LogRhythm for incident response purposes. To support this, my other goal is to help evolve LogRhythm’s products into the best tools available for incident response.

My Story:

For more than 10 years, I’ve dedicated my career to incident response, and I’ve always wanted to build out an IR team from the ground up. To be able to do this at LogRhythm, where the culture is dynamic and people are so excited about the product, it was a natural fit.

Prior to coming to LogRhythm, I worked for CrowdStrike Stroz Friedberg and the Mayo Clinic. My positions at these companies included forensic examiner, malware analyst, incident response consultant and assistant director.

I’ve worked incident response investigations for some of the world’s largest defense contractors, credit card processors, media companies and Internet service providers. I’ve worked many incidents that involve the advanced persistent threat, as well as financially motivated cybercrime gangs. I’ve also served as an expert witness related to computer forensic matters, and I’ve provided database forensics for cases involving both the FTC and SEC.

In addition, I’ve frequently designed training modules for companies I’ve worked for, customers and the public. These modules have included topics on computer forensic analysis, incident response and general computer security. One of these presentations—for work recovering fragmented and deleted DNA analysis files—received the Best Presentation in the General Section award at the 2008 American Academy of Forensic Science Conference, 60th Anniversary Scientific Meeting in Washington, D.C.

Outside of the office, I enjoy spending time in the backcountry away from civilization. I’m an avid rock climber, skier, backpacker, mountaineer and general outdoorsperson. I’ve gone frozen waterfall hunting in Northern Minnesota when it was 30 degrees below zero, alpine snow, ice and rock climbing on Colorado 14ers and alpine rock climbing in the Tetons.

My Philosophy:

“Two roads diverged in a yellow wood, and I—

I took the one less traveled by,

And that has made all the difference.”

–Robert Frost

I’m a problem solver at heart—I get excited about finding a solution and motivated by the challenge. My experience in security consulting and giving court testimony has put me in a very unique position to be able to help and educate customers on incident response at both technical and non-technical levels. I use this perspective to help our customers grow their security maturity and educate them on new tactics and best practices. I work hard so, that when I’m not working, I can play hard and enjoy my time outside of the office.

My Qualifications:

B.S. in Computer Science—emphasis on Operating System Design and Implementation

GIAC Network Forensic Analyst

GIAC Certified Incident Handler

CompTIA Network+

CompTIA A+ Computer Technician

EnCase EnCE Guidance Software