Security Operations Center

Deep Dive With a Red Canary Analyst: Frank McClain

Cory Bowline

Share this Project

Frank McClain is a Senior Threat Analyst on the Red Canary Security Operations team. We love getting to highlight the analysts on our team because customers get to know who is defending their endpoints day-in and day-out.

Frank McClain, Red Canary Analyst

Frank joined Red Canary from PrimeLending, a top ten mortgage company with an annual mortgage volume of over $10B. As the AVP of Information Security, he ran Security Operations for the company. He was one of the first users of Carbon Black and has a deep understanding of the tool’s forensic and incident response capabilities. (For those not familiar, Carbon Black is the endpoint visibility sensor on top of which we layer the Red Canary solution).

“Getting Frank on board has been great. He was one of the earliest members of the Carbon Black user base and has a rare set of skills and experience that aligns perfectly with our solution.” – Keith McCammon, CSO and Head of Security Operations

Before PrimeLending, Frank worked as a Senior Forensic Analyst at Digital Discovery, a Texas-based forensics consultancy.

Over the course of his career, Frank has worked on several hundred forensic investigations, many of which involved analysis for IP theft, computer abuse, fraud, malware, and other inappropriate conduct. He has performed data acquisitions of computer hard drives and memory, smartphones, network-stored files, packet captures, and other digital evidence. So he is basically legit.

Frank has been a regular speaker at the SANS DFIR Summit, teaching topics related to digital forensics and incident response.

He holds GCFA and GCIH certifications and is a SANS Lethal Forensicator Coin Holder, completing the following SANS Institute courses:

  • Security 511 – Continuous Monitoring and Security Operations
  • Forensics 610 – Reverse Engineering Malware
  • Forensics 526 – Windows Memory Forensics In-Depth
  • Forensics 558 – Network Forensics
  • Forensics 508 – Computer Forensics, Investigation, and Response
  • Security 504 – Hacker Techniques, Exploits, and Incident Handling

Add to all that his Texas swagger and soothing southern accent, and he is pretty much the complete package.

“I’m an analyst, and that’s my core; it’s what excites me about technology, and why I do what I do. That has been fueled and grown through DFIR work, both in consulting and corporate environments. I have experienced the challenges that organizations go through to identify and take action on threats with limited time and resources, and now I am extremely excited to be a part of the solution.” -Frank McClain, Senior Threat Analyst

Frank is too modest to ever say anything like this, but the power of Red Canary is that our customers around the world now have Frank McClain, a forensics and endpoint security expert, reviewing potentially suspicious activity in their environment and triaging threats.

Are you looking to hire someone like Frank? Consider outsourcing your endpoint security to Frank and the Red Canary team.