Thomas McEwan

Thomas McEwan, a Manager with StoneTurn, is a cybersecurity professional with more than 20 years of experience operating in the U.S. Intelligence and Counterintelligence communities. He has deep expertise in discovering, identifying, pursuing, containing and mitigating complex cyber threats.

Thomas is a highly technical leader with significant experience conducting threat hunting, incident response, exploitation analysis and digital media forensics and is well versed in Cyber Threat Intelligence (CTI) collections, analysis, and reporting. Thomas now serves StoneTurn clients by leveraging his experience and training to pursue and counter advanced cybersecurity threats.

Prior to joining StoneTurn, Thomas most recently served the U.S. Air Force as a project leader supporting whole of government efforts and National Security Agency (NSA) operations through network exploitation capabilities. He led counterintelligence and adversary pursuit operations against Advanced Persistent Threat (APT) actors and managed multiple global projects across the extended enterprise.

Previously, Thomas was the technical subject matter expert and team lead for the Air Force Office of Special Investigations’ (AFOSI) Cyber Threat Pursuit Team where he was responsible for integrating Cyber-ISR (Intelligence, Surveillance, and Reconnaissance) capabilities in support of counterintelligence operations. Thomas and his team conducted network traffic analysis, threat discovery, malware analysis and pursuit operations to deny, degrade, disrupt, and neutralize sophisticated criminal and nation-state affiliated actors. Thomas was an early executor of critical cyber effects operations which resulted in multiple DIA (Defense Intelligence Agency) awards for innovation.

Additionally, Thomas was the Operations Superintendent of his Cyber-ISR squadron, overseeing operations supporting over 400 personnel at multiple locations conducting Computer Network Exploitation, Computer Network Defense, research and engineering and capabilities missions, and special Air Force Cyber programs. He produced, researched and tailored relevant Cyber-ISR reporting to meet Joint, National, Air Force and partner agency intelligence requirements.

Thomas’s career has included assignments at the NSA’s National Security Operations Center and the NSA Cybersecurity Threat Operations Center with positions in the Computer and Network Forensics and Malware Analysis teams supporting U.S. Army, U.S. Navy, Pentagon CERT, other DoD elements, and the Department of Energy. His efforts were critical in attributing a destructive attack against a U.S. company by a nation-state threat group, the results of which earned him and his team the National Intelligence Meritorious Unit Citation.