InfoSec Curmudgeon @Security Weekly
Respected Information Security expert, advisor, evangelist, co-host on Paul’s Security Weekly, Tribe of Hackers, and currently serving in a Consulting/Advisory role for Online Business Systems. Over 37 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified NSA Cryptanalyst. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises and was part of the first penetration testing “red team” at NSA. For the past twenty years, has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
More Tales from the Crypt…Analyst
The speaker, a former Cryptographer for the National Security Agency (NSA), has previously presented “Tales from the Crypt…Analyst” where he shared some of his experiences as both a designer of and breaker of cryptographic systems. “More Tales from the Crypt…analyst” picks up with the speaker’s third “tour of duty” at NSA where he became one of the founding members of NSA’s first penetration testing or Red Team. While the thought of NSA hiring hackers or engaging in cyber warfare might be fairly common today, it was not always the case. Somebody had to be first, and the policies, procedures, methodologies, and rules of engagement had to be developed for not only conducting what we called Vulnerability and Threat Assessments, but for successfully navigating the politics, bureaucracy, and reticence of this often-misunderstood clandestine organization. The first NSA penetration testing team was assembled as a part of the newly formed center of excellence that NSA called the “Systems and Network Attack Center” or SNAC. Come hear some war stories from the early days, and get a glimpse of how this industry and the art of penetration testing has evolved in the past 25 years.