Cyber Security Evangelist
Security Weekly Productions
Respected Information Security expert, advisor, evangelist, and co-host on Paul's Security Weekly. Over 34 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation's best-known companies.
After spending nearly 13 years working for the Department of Defense, I ventured out into the private sector to consult and advise on matters of information security. On many occasions, after explaining some basic security concept to a customer and outlining what they need to do to be secure,I often heard the retort, “yeah, but we don’t need DoD level security.” Well, after twenty years in the private sector, and especially over the past 2-3 years with the proliferation of data breaches against major companies, I find myself wanting to reply, “yeah, you really DO need DoD level security!”
What does this mean? Probably not what you are thinking. This talk will start with an overview of the foundation nature of data security, highlight the major tenets or goals of data security, introduce the risk equation, discuss how and why so many companies so often fail at implementing the basics of data security, and explore some ways that a DoD-centric approach to data security might be implemented in the private sector. Brainstorming, discussion, dissension all welcome.
I was the First Edward Snowden - A Perspective on NSA, Privacy, and Snowden from a former NSA Analyst
Jeff Man - Cyber Security Evangelist
NSA takes very seriously its mandate to do "what NSA does" against foreign entities and NOT U.S. citizens. The rules were clarified in the late 70's in the Foreign Intelligence Surveillance Act (FISA). FISA was written after the findings of the "Church Proceedings" were published as part of the fallout of the Watergate scandal. In 1996 I was investigated for violating NSA's charter when I led a forensic team to help the Dept. of Justice after their website was defaced. I will share the story of how I was almost fired from NSA for violating the same law that NSA has been accused of violating based on the information disclosed by Edward Snowden several years ago, which is why I'm sometimes heard to say, "I was the first Edward Snowden". The goal is to shed some light on how NSA really operates, from someone who used to be on the inside, in order to take the whole Snowden debate to a different level. I do not intend to sway anyone's opinion, but merely want to offer some details that should help anyone make a more informed decision about NSA, its mission, and the laws by which it is governed.