Ismael Valenzuela
GSE #132SANS Senior InstructorVP Labs, Arctic Wolf Networks

Ismael Valenzuela

Creator of the Think Red, Act Blue philosophy | Redefining how defenders think about adversaries to build security architectures that actually hold.

Read The Monday BriefView Think Red. Act Blue. →

New York, USA · Originally from Málaga, Spain

Portrait of Ismael Valenzuela

Speaking & Media

Featured Interviews & Presentations

A selection of spotlight interviews and talks.

From Building Defenders to Commanding Cyber Labs — Ismael Valenzuela
Podcast

From Building Defenders to Commanding Cyber Labs — Ismael Valenzuela

Open
AI, Automation & Threat Modeling: Lessons Learned from Hacking the Planet
RSA Conference 2025

AI, Automation & Threat Modeling: Lessons Learned from Hacking the Planet

Open
AI-Powered BladeRunners, Part 2: Threat Intelligence Meets Zero Trust
SANS Cyber Defense

AI-Powered BladeRunners, Part 2: Threat Intelligence Meets Zero Trust

Open

Latest Videos

AI, Automation & Threat Modeling: Lessons Learned from Hacking the Planet

RSA Conference · 2025

A Conversation With Ismael Valenzuela About AI and Threat Intelligence

Unsupervised Learning · 2024

Threat Researcher Insights: A Day with Ismael Valenzuela

Security Weekly · 2024

Zero Assumptions: Expert Threat Intel Roundtable on Emerging Cybersecurity Threats

Arctic Wolf Networks · 2024

Hunting Threats Inside Your Network with rastrea2r

SANS Institute · 2016

In the Press

Loading press…

Conference Talks

AI, Automation & Threat Modeling: Lessons Learned from Hacking the Planet

RSA Conference · 2025 · San Francisco, CA

Defensible Security Architecture: Building Defenses That Hold

RSA Conference · 2024 · San Francisco, CA

Think Red, Act Blue: A Framework for Threat-Informed Defense

SANS Security Summit · 2024 · Virtual

Disrupting the Disruptors: How to Threat Hunt Like a Pro

Black Hat USA · 2018 · Las Vegas, NV

Hunting Threats Inside Your Network with rastrea2r

SANS Threat Hunting & Incident Response Summit · 2016 · New Orleans, LA

Podcasts & Audio

From Building Defenders to Commanding Cyber Labs: Ismael Valenzuela's Journey

KO's Launchpad Podcast · 2025

A Conversation With Ismael Valenzuela About AI and Threat Intelligence

Unsupervised Learning · 2024

Threat Researcher Insights: A Day with Ismael Valenzuela

Security Weekly · 2024

Arctic Wolf Labs Threat Intelligence Expert Roundtable on Emerging Threats

Arctic Wolf Networks · 2024

Cyber and Business are Becoming One with Ismael Valenzuela

Forcepoint Podcast · 2023

On Cyber Security Interviews — Episode 009

Cyber Security Interviews with Douglas Brush · 2018

Open Source Projects

View all on GitHub →

attck-lens

Think Red. Act Blue. | A MITRE ATT&CK v18 Intelligence Dashboard

TypeScript0

rsac2025

AI, Automation, & Threat Modeling: Lessons Learned from Hacking the Planet

Python3

jupyter-notebooks

My Jupyter Notebooks — threat hunting, data science for cybersecurity

Jupyter Notebook36

blueteam_homelabs

Great List of Resources to Build an Enterprise Grade Home Lab

Markdown917

rastrea2r

Collecting & Hunting for IOCs with gusto and style

Python117

Talks-and-Presentations

Slides and other resources from my latest talks and presentations

Various24

Latest News

Fetching latest press…

The Framework

Think Red.
Act Blue.

As the creator of the Think Red, Act Blue philosophy — the foundational framework behind SANS SEC530: Defensible Security Architecture & Engineering — I've spent my career bridging the gap between offensive threat understanding and defensive security operations. Think Red, Act Blue challenges security teams to adopt the adversary's perspective not to attack, but to architect smarter, more resilient defenses. This approach has shaped how thousands of security professionals worldwide design detection strategies, build zero-trust architectures, and operationalize threat intelligence — moving the industry away from checkbox compliance toward continuous, threat-informed defense. As a SANS course author and instructor, I bring this philosophy to life through hands-on labs and real-world scenarios that equip defenders to stay ahead of evolving threats.

The Ecosystem

Where the Work Lives

Philosophy

Think Red. Act Blue.

The philosophy and framework site — adversary-perspective defense methodology for security practitioners.

www.thinkredactblue.com
Newsletter

The Monday Brief

Weekly signals-to-decisions newsletter on security, strategy, and threat intelligence.

themondaybrief.com
Tool

ATT&CK Lens

Interactive MITRE ATT&CK coverage and gap analysis tool built on the Think Red, Act Blue framework.

lens.thinkredactblue.com
TrainingComing Soon

All Around Defender

Practitioner school for security defenders — hands-on training for the modern security operations team.

SANS Institute

Upcoming Courses

DateCourseLocation
Mar 29 – Apr 3, 2026SEC530: Defensible Security Architecture & EngineeringOrlando, FL (SANS 2026)Register ↗
Jul 13–18, 2026SEC530: Defensible Security Architecture & EngineeringWashington, DC (SANSFIRE 2026)Register ↗
Sep 28 – Oct 3, 2026SEC530: Defensible Security Architecture & EngineeringParis, France (SANS Paris Sep 2026)Register ↗

Newsletter

The Monday Brief

Read all issues →

The Monday Brief — Weekly Signals to Decisions

Weekly intelligence briefing for security leaders and practitioners.

Let's Connect

Get In Touch

Follow the work across platforms or reach out directly.

Newsletter

Get The Monday Brief

Weekly signals to decisions — curated intelligence, threat trends, and practitioner insights delivered every Monday.

Subscribe on Substack →