Kai Thomsen

DFIR Analyst

Kai has been working in various IT Security roles for more than 15 years. Currently he is the lead DFIR analyst at premium automaker AUDI AG and played a key role in establishing a modern cyber defense team at Audi that is responsible for protecting enterprise, ICS, and connected car infrastructure.

When he joined Audi in 2013, he established an IT Service Continuity Management organization, one of the best ways to learn how your company actually ticks and makes money.

Kai also designs and runs Red Team and crisis management exercises at Audi that integrate IT, business, and physical aspects.

Before Audi he worked for more than 12 years in the steel industry at the engineering company SMS Group where he designed and implemented defensible LANs for enterprise and ICS environments in-house as well as for customers’ plants. The steel industry was also where Kai got into Network Security Monitoring, Digital Forensics and Incident Response building security monitoring solutions for company and customer sites and performing incident response in Europe, Asia, and the United States.

Kai has spoken and taught at various security conferences including S4 Europe, CS3STHLM, Troopers, ISF, SANS Automotive Cybersecurity Summit, and SIGS SCADA in Switzerland. He has chaired the SANS Automotive Cybersecurity Summit 2018 and SANS ICS Europe Summit 2018.

Kai is „GIAC Response and Industrial Defense (GRID)“ certified and holds an MA in Computer Science and English and American Literature from University of Siegen.

In the little free time that is left between working in his DFIR job and as a SANS instructor, Kai loves to travel the world, especially mountain regions where climbing, hiking, and skiing look promising.

My Sessions