John Hoffoss
Information Security Professional

Home            Bio            Resume            Wedding

John Hoffoss' Biography

With Minnesota State Colleges and Universities (MnSCU), John piloted and facilitated an information security assessment program to establish a security baseline of all 32 MnSCU institutions, providing guidance and direction to close gaps in system security. He then collaboratively developed an innovative training program, educating the 800 IT staff across MnSCU, ultimately saving over $10 million dollars compared to private training.

At LarsonAllen's Information Security Services Group, John built the computer forensics practice, generating $500 thousand dollars in revenue and saving clients an additional $500 thousand dollars. Also serving as the technical lead, John generated an additional $500 thousand dollars in revenue performing SAS70 and IT controls audits.

John has a Bachelor of Science in Computer Science from the University of Minnesota. He is a Certified Information Systems Security Professional (CISSP) and a GIAC-Certified Incident Handler and a member of InfraGard.


Certified Information Systems Security Professional #308608

The CISSP is a certification from the (ISC)2, demonstrating the necessary knowledge, skills and abilities for competent practice of information security.

GIAC Certified Incident Handler #789

The GCIH is a certification from the SANS Institute, demonstrating:
  • the knowledge, skills, and abilities to manage incidents,
  • understanding of common attack techniques and tools,
  • techniques to defend against and respond to attacks, and
  • hardening systems and processes to prevent attacks.

Learning & Development

  • Secure360. Saint Paul, MN. May 2010.
  • MnSCU ITS Conference. Brainerd, MN. April 2010.
  • nCircle IP360 Administration. Eagan, MN. February 2010.
  • Secure360. Saint Paul, MN. May 2009.
  • Secure360. Saint Paul, MN. May 2008.
  • MnSCU ITS Conference. Brainerd, MN. April 2008.
  • Secure360. Saint Paul, MN. May 2007.
  • MnSCU ITS Conference. Brainerd, MN. April 2007.
  • DEFCON 14. Las Vegas, NV. August 2006.
  • DEFCON 13. Las Vegas, NV. July 2005.
  • SANS 504: Hacker Techniques, Exploits & Incident Handling. Minneapolis, MN. June 2005.
  • DEFCON 12. Las Vegas, NV. July 2004.


"Information Security Assessment Program." MnSCU ITS Conference. Brainerd, MN. April 2007.

This seminar introduced a system-wide project to survey IT security controls implemented at each MnSCU institution, and assessed the effectiveness of those controls.

"Two-Factor Authentication and Backup Tape Encryption." Community Bankers Operations Network Seminar, February 2006.

This seminar discussed the technologies out there to satisfy the FFIEC's two-factor authentication requirement for online banking applications.

"Computer Forensics and Forensic Accounting." ISACA Round Table, December 2005.

This session conceptually introduced forensics and discussed their relevance to IT operations.

"Techno-Junk For Non-Techies." LarsonAllen Internal Learning Session, July 2005.

This session focused on Microsoft Windows event logging settings, log management, and other technical information.

"Phishing and Email Security." ISACA Round Table, November 2004.

This session discussed the threats, risks and techniques for mitigation of current phishing and email security attack vectors.


"Will Your Organization React or Respond to its Next Incident?" LarsonAllen EFFECT, Fall 2005.

"What About the Home Network?" LarsonAllen EFFECT, Summer 2004.


"Curling." Noticeably Different. Twin Cities Business, December 2006.