Teaching
SEC565 & SEC699 Red Team Ops & AI for SecuritySecurity researcher • SANS instructor • consultant
Jean-Francois Maes
Red team operator, SANS instructor, and offensive security toolmaker. I build things that break things, then teach others how.
Pentesting Red team ops vCISO Adversary emulation SANS SEC565 SANS SEC699
Open source
1,200+ GitHub stars across public toolsConsulting
Offensive Guardian Pentesting, red team, vCISO advisoryProduct
Helix Labs Hermes, Context Me, Negotiator AIOffensive Guardian
Security services
Security Retainers
Ongoing security partnerships that pair offensive testing with strategic advisory. One relationship, continuous improvement, no re-onboarding.
Red Team & Adversary Simulation
Full-scope adversary simulation that tests your detection, response, and resilience — best as a recurring engagement so you can measure real improvement.
vCISO & Security Advisory
Fractional CISO services for organizations that need senior security leadership without the full-time hire. I bring both offensive and defensive perspective.
Penetration Testing
Web, API, cloud, and internal network testing with actionable remediation. Available standalone, but most valuable as part of a retainer.
Helix Labs
Products
Hermes
AI-powered communication and workflow automation for security operations.
Helix LabsContext Me
Contextual intelligence platform that enriches security data with actionable context.
Helix LabsNegotiator AI
AI-assisted negotiation workflows for incident response and threat scenarios.
Helix LabsFine-Tuning LLMs
A practical book on adapting large language models to specialized domains. Covering techniques, tooling, and real-world case studies.
BookFeatured
Selected work
Tools, talks, and research worth looking at first.
Author & instructor
SEC565: Red Team Operations and Adversary Emulation
SANS course on red team operations covering adversary emulation, C2, and end-to-end attack simulation.
Author & instructor
SEC699: Advanced AI Security and Operations
SANS course on applying AI to security operations: LLM integration, AI-powered workflows, and practical AI security.
Workshop author
Vibe Hacking: MCP Empire Edition
SANS workshop on driving Empire C2 through an MCP server using natural-language workflows.
Creator
LazySign
Fake code-signing for binaries using built-in Windows tooling. The most-starred tool in the collection.
Creator
SharpZipRunner
Encrypted-zip loader that executes position-independent shellcode from memory.
Creator
phisherman
Phishing and MFA-bypass training application, originally built for SEC565.
Overview
By category
Now
Current focus
Helix Labs products
Building Hermes, Context Me, and Negotiator AI. AI-powered tools for security operations, contextual intelligence, and negotiation workflows.
Workshop material
Developing new SANS workshop content around AI-assisted offensive workflows, including MCP server integrations with Empire C2.
Red team education
Continuing to build practical training material around adversary emulation, operator tradecraft, and phishing simulation for SEC565 and SEC699.
Writing a book
Writing a book on fine-tuning LLMs: practical techniques for adapting large language models to specialized domains.
SANS Institute
Upcoming teaching
SEC565 Sold out
SANS Secure South Asia 2026
Virtual
Register SEC565
SANS 2026
Orlando, FL
Register SEC565
SANS Amsterdam April 2026
Amsterdam, NL
Register SEC565
SANS Paris June 2026
Paris, FR
Register SEC565
SANS Virginia Beach 2026
Virginia Beach, VA
Register SEC565
SANS London September 2026
London, GB
Register