American computer scientist
POPULARITY
Three Buddy Problem - Episode 7: In this episode, we try to close the book on the CrowdStrike Windows BSOD story, Microsoft VP David Weston's technical documentation and issues around kernel access and OS resilience. We also discuss Binarly's PKFail research, secure boot bypasses, Dan Geer and tech monoculture, software vendor liability issues and the need for inspectability in security mechanisms. The conversation explores cyber angles to train service disruptions in Paris, the history of cyber operations targeting the Olympics, the lack of public acknowledgment and attribution of cyber operations by Western intelligence agencies, and the importance of transparency and case studies in understanding and discussing cyber operations. Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand. At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion." So, without further ado, enjoy our interview with Dan Geer! Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-3
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand. At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion." So, without further ado, enjoy our interview with Dan Geer! Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-3
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand. At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion." So, without further ado, enjoy our interview with Dan Geer! Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-3
Welcome to another edition of a Paul's Security Weekly Vault episode! This episode was previously recorded on April 5, 2012 and features an interview with none other than Dan Geer. Unfortunately there is no video for this episode, but the content is still relevant today. Dan Geer is a renowned cybersecurity expert and visionary. With a wealth of knowledge and experience in the field, Dan has made significant contributions to our understanding of information security and its implications. In this interview, we'll explore his background, education, and delve into some of his most influential works, such as his paper on the security implications of mono-culture. My co-hosts for this interview included Jack Daniel and John Strand. At the very end of the interview we talk about Dan giving the keynote at the Source Boston 2012 event. I've included a link to the video of that talk in the show notes for historical reference. ChatGPT summarized this keynote as follows stating: "Dan Geer discusses the claim that the internet is critical infrastructure and explores the potential hypocrisy involved in this assertion." So, without further ado, enjoy our interview with Dan Geer! Link to Dan Geer's 2012 Source Boston Keynote: https://www.youtube.com/watch?v=Qb8r0XoNd60 Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/vault-psw-3
Dan Geer and Olav Lysne join Dale Peterson to discuss Cyber Nationalism and how this will affect ICS asset owners and ICS vendors should and will deal with increased pressure by nation states to insert back doors and other weaknesses in ICS. Why would a vendor even consider cooperating with a government asking for a special favor? What are some of the different levels of cooperation? The benefits of deniability, and what is the likely business impact if the vendor is caught. How is a global vendor to deal with multiple knocks on the door from competing 'teams'. Does the vendor need to pick a side? How should asset owners view a solution from a vendor coming from a different 'team'? Should they assume there is a way the team could compromise their system?
In this episode of the Data Exchange I speak with Dan Geer, Senior Fellow at In-Q-tel and Andrew Burt, co-founder and Managing Partner of BNH.ai and Chief Legal Officer at Immuta. Dan is one the leading experts in cybersecurity and risk management, and he has written numerous influential essays on security, privacy, and risk (examples here and here). Andrew serves as co-founder of a new law firm focused on AI compliance and related topics. BNH is the first law firm run by lawyers and technologists focused on helping companies identify and mitigate those risks.Subscribe: Apple • Android • Spotify • Stitcher • Google • RSS.Download the 2020 NLP Survey Report and learn how companies are using and implementing natural language technologies.Detailed show notes can be found on The Data Exchange web site.Subscribe to The Gradient Flow Newsletter.
"The nature of information security and the future of humanity are tied together." In episode 06, Dan Geer, security and risk management expert and current CISO at In-Q-Tel, joins us to talk about his path in information security, the state of privacy and security in today's landscape, and where potential new security businesses should focus their energy.
Podcast: Unsolicited Response PodcastEpisode: Dan Geer Interview at S4x18Pub date: 2018-02-01I had the pleasure of interviewing Dan Geer on the S4x18 Main Stage for 30 minutes. He typically speaks from prepared papers, so an interview is a bit unique, and his papers provided plenty of topics and questions. We covered a wide range of issues including: Risk: The impact of complexity and dependencies. How redundancy can increase risk against a sentient opponent. The trade off between preventing random faults and protecting targeted faults. The importance of eliminating silent failures. Even so far as raising the probability of failure if it eliminates or reduces silent failure. Business risk acceptance when society would not make the same risk decision. The need for "different" redundancy, two systems with no common mode failures. Manual is an obvious different redundancy, but can two cyber systems have no common mode failures? The growing importance of integrity. The value of patching or otherwise reducing vulnerabilities based on whether vulnerabilities are sparse or dense. The density of medical device vulnerabilities was discussed as an example. Are we going to take the path of proof of correctness and rigid change control or almost constant change? This episode was sponsored by CyberX. Founded by military cyber experts, CyberX has developed a platform that helps organizations continuously reduce ICS risk. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
If you enjoy listening to my podcast, please take a minute to leave a review here! As many of you know, I like to choose podcast topics that are at the forefront in the minds of my audience. I also like to interview leaders who inspire me. When I was looking for a new podcast guest for my show, I asked my CTO at RedZone, James Crifasi, if there was someone he knew in security that he really respected – that stood out for him as a leader in the industry. James recommended Dmitriy Ayrapetov, Executive Director of Product Management at SonicWall. Since RedZone has been a SonicWall partner for many years, I knew Dmitriy, and I knew that he represented most of the network security products that we work with. Luckily, he agreed to come on the show. My conversation with Dmitriy ranges from philosophical to tactical and technical especially with his positions on Machine Learning and AI with security. We discuss a variety of topics including, who are his mentors and what does a product manager do at a high-profile security company like SonicWall? One interesting discussion centered around the thought that, “Humans will always make mistakes – human mistakes are one of the main issues with security. Knowing that we will never fix 100% of the problems of security today, and that we have a massive likelihood of a security breach happening,” – I asked Dmitriy “How can you approach this problem?” Key Points of Interest in This Episode: How Dmitriy researches and keeps on the pulse of security How his mind works when he is thinking of how his customers will be impacted by security Who are his mentors? What would he focus on if he was a startup founder? How would I want to react if I was a customer? Are your security vendors as concerned about business continuity as you are? I think you will really appreciate Dmitriy’s philosophy for CIOs and CISOs – in particular, his thoughts on human mistakes. He believes that since human mistakes can’t be prevented, that you must realize the need for continuity of the business and be prepared for them. With this, I want to welcome you to my interview with Dmitriy Ayrapetov. Major Take-Aways From This Episode: In this podcast we discuss cutting edge strategies with security: sandboxing, block until verdict, remediation and roll back. What does a product manager do at a high-profile security company like SonicWall? o Find people’s problems and bring these engineered solutions to market Evolution of Security – Block first, then ask questions later. Staying current with security is imperative with a current approach centered on business continuation. New ways of thinking – Prevention vs. Continuity, continuous operations like auto-rollback functions. Supply Chain Attacks – Next Gen behavior analytics which led us into an industry education on old fashioned heuristics vs. machine learning and AI. Read Full Transcript Here About Dmitriy Ayrapetov: Dmitriy Ayrapetov has been with SonicWall for over 13 years. He is currently the Executive Director of Product Management at SonicWall, in charge of product security. Prior to this position, Dmitriy held product management and engineering roles at SonicWall and at enKoo Inc., an SSL VPN startup acquired by SonicWall in 2005. As a cybersecurity expert, he speaks at industry conferences including, RSA, Gartner Security Summit, Dell World and is a regular presence at SonicWall’s annual partner conference Peak Performance. Dmitriy holds an MBA from the Haas School of Business at U.C. Berkeley and a BA in Cognitive Science at UC Berkeley. You can see all the SonicWall products Dmitriy has had his hand on since the beginning. • Network Security • Firewalls • FTDMI – Automation and Security • SonicWall ips Series • Client Capture – rollback • Email Security How to get in touch with Dmitriy Ayrapetov LinkedIn Twitter Facebook Key Resources + Links Link to Dmitriy’s SonicWall blog page: https://blog.sonicwall.com/authors/dmitriy-ayrapetov/ • Blog, pub. 9/12/2018: Botnets Targeting Obsolete Software • Blog, pub. 2/13/2017: Practical Defense for Cyber Attacks + Lessons from 2017 SonicWall Annual Threat Report Other SonicWall blog pages that cover suggested topics of discussion listed above: • Sonic Wall Threat Intelligence blog page: https://blog.sonicwall.com/categories/threat-intelligence/ • Annual and mid-year cyber threat reports: https://brandfolder.com/s/pix4u8-fllsa0-f5587c Other presentations and videos by Dmitriy Ayrapetov: SonicWall Roadmap and Industry Trends: https://www.youtube.com/watch?v=p0vAqko1E2s, pub. July 13, 2018 2018 SonicWall Cyber Threat Report – Webcast: https://www.sonicwallsales.com/Video.aspx?code=KJSCK7 RSA Presentation 2017: The Strategic Advantage of Adaptive Multi-Engine Advanced Threat Protection (this is a pdf file of the slide presentation) Learn How to Detect and Prevent Malicious Files with SonicWall Capture ATP: https://www.youtube.com/watch?v=55tw20crqhk, pub. Sept 1, 2017. Also, published as a webinar through BrightTALK, Sept 19, 2017 How SonicWall SuperMassive Next-Gen Firewall Series ensures that every byte of every packet coming into and going out of your network is inspected while maintaining high-performance and low latency: https://www.facebook.com/SonicWall/videos/10155323557848859/, pub. Aug 17, 2017 Other resources mentioned in the Podcast, provided by Dmitriy Ayrapetov: There are two people that Dmitriy mentioned as thought leaders in the field: one of them is well known, Bruce Schneier, an internationally renowned security technologist; while the other is less known, Dan Geer, CISO at In-Q-Tel. Bruce provides a lot of industry as well as practical advice on his website: https://www.schneier.com/. Dan’s keynote at Black Hat 2014 was, in my opinion, direction setting. It was one of the highest signal to noise ratio keynotes that I’ve ever heard and I still come back to it from time to time. It’s very dense, and is based on an essay that he authored. Black Hat Keynote: https://www.youtube.com/watch?v=nT-TGvYOBpI Essay: http://geer.tinho.net/geer.blackhat.6viii14.txt Dan has many other essays/keynotes and your listeners can find them on his website: http://geer.tinho.net/pubs The book that Dmitriy mentioned early in the podcast is Hacking Exposed –they’re on the 7th edition now. I’m not “recommending” the book, I just referenced it as something that piqued my curiosity in security early on. This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes. Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here. Click here for instructions on how to leave an iTunes review if you’re doing this for the first time. About Bill Murphy Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.
I had the pleasure of interviewing Dan Geer on the S4x18 Main Stage for 30 minutes. He typically speaks from prepared papers, so an interview is a bit unique, and his papers provided plenty of topics and questions. We covered a wide range of issues including: Risk: The impact of complexity and dependencies. How redundancy can increase risk against a sentient opponent. The trade off between preventing random faults and protecting targeted faults. The importance of eliminating silent failures. Even so far as raising the probability of failure if it eliminates or reduces silent failure. Business risk acceptance when society would not make the same risk decision. The need for "different" redundancy, two systems with no common mode failures. Manual is an obvious different redundancy, but can two cyber systems have no common mode failures? The growing importance of integrity. The value of patching or otherwise reducing vulnerabilities based on whether vulnerabilities are sparse or dense. The density of medical device vulnerabilities was discussed as an example. Are we going to take the path of proof of correctness and rigid change control or almost constant change? This episode was sponsored by CyberX. Founded by military cyber experts, CyberX has developed a platform that helps organizations continuously reduce ICS risk. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.
In our sixty-seventh episode of the Steptoe Cyberlaw Podcast, Stewart Baker, Alan Cohn, Michael Vatis, and Jason Weinstein are joined by Dan Geer, Chief Information Security Officer at In-Q-Tel. They discuss: this week in NSA: what’s on top this week for the 215 metadata program; border laptop searches; an FTC FOIA case; hacking airplanes in flight; FBI’s Stingray guidance; and the first anniversary of the “Right to be Forgotten.” In our second half we have an interview with Dan Geer, a legendary computer security commentator and current CISO for In-Q-Tel. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.
This week, Dave and Gunnar talk about vampire plants, spider oaks, and ultrasonic potatoes. No radiation gets in, only creepy vibes get out. Lauren’s latest project now published: Raspberry Pi powered juggling performance Gunnar loves pajamas, especially these HT Matt Micene: Ultrasonic everything Gunnar removes chips, water, and plants from the Faraday cage in his basement: Researchers reconstruct human speech by recording a potato chip bag The Gyroscopes in Your Phone Could Let Apps Eavesdrop on Conversations Bad Bio: Evil Talking Plants Use DNA Communication Open source mind control: A new brain-computer interface lets DIYers access their brain waves Yahoo to provide PGP encryption for mail Almost related: AOL still has 2.3 million dialup subscribers SpiderOak Implements A Warrant Canary Google Says Website Encryption – Or Lack Thereof – Will Now Influence Search Rankings In-Q-Tel CISO Dan Geer: Security expert calls home routers a clear and present danger More from Dan Geer: CIA’s venture firm security chief: US should buy zero-days, reveal them Good news/bad news for Shawn Wells: Ohio Turnpike says sponsorships, ads OK, but not naming rights to tollway Formal ALUG Meeting: Controlling juggling pins with Raspberry Pi – Lauren Egts on September 4 Try the tel:// hack yourself by clicking here to call Red Hat’s 800 number and buy something Cutting Room Floor Google Mesa is crazytown From O’Reilly Radar’s Four short links: “Paper by Googlers on the database holding G’s ad data. Trillions of rows, petabytes of data, point queries with 99th percentile latency in the hundreds of milliseconds and overall query throughput of trillions of rows fetched per day, continuous updates on the order of millions of rows updated per second, strong consistency and repeatable query results even if a query involves multiple datacenters, and no SPOF. (via Greg Linden)” We Give Thanks Matt Micene for making us more paranoid Mr Porter for the thumbnail on this post.
In this episode Who is Dan Geer (just in case you live in a cave and don't know) Dan's definition of security - "The absence of unmitigatable surprise" What exactly is the pinnacle goal of security engineering? Responsibility, liability and when software fails as a result of security issues In a liability lawsuit - "What did you know, when did you know it?" The fraction of the population who could sign an "informed consent" is falling - so now what? Why ICANN is actually making all of this so much worse What do we do about "abandoned software"? Fixing security bugs in software is a tricky business...good, bad, worse Are things getting better [in security]? Dan talks about a "diversity re-compiler" and how we can make the exploit writer's job harder (from Jason White) -What "low hanging fruit" issues are we simply not addressing properly right now? (from Jason White) If the Internet were being built from scratch today, what would you keep and throw away? Guest Dan Geer - Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security.Geer is currently the chief information security officer for In-Q-Tel, a not-for-profit venture capital firm that invests in technology to support the Central Intelligence Agency.In 2003, Geer's 24-page report entitled "CyberInsecurity: The Cost of Monopoly" was released by the Computer and Communications Industry Association (CCIA). The paper argued that Microsoft's dominance of desktop computer operating systems is a threat to national security. Geer was fired (from consultancy @Stake) the day the report was made public. Geer has cited subsequent changes in the Vista operating system (notably a location-randomization feature) as evidence that Microsoft "accepted the paper." --http://en.wikipedia.org/wiki/Dan_Geer
Episode 0x38 Dreidel Turkey Dreidel Peter Mackay!!! Can't do HTML, can't follow the instructions on how to write an introductory paragraph welcoming our listeners to the show notes that no one reads. Gotta love the stunt team. Upcoming this week... Lots of News Breaches, anti-derps!! It's Chanukah!!! and many turkeys are now dead And there are weekly Briefs - no arguing or discussion allowed And if you've got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It's not that explicit, but you may want to use headphones if you're at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient opinions of their own they don't need to speak for anyone except themselves. Ok? Good. In this episode: News and Commentary Someone's been MiTMing the internets... Bruce Schnier thinks Ars Technica had an okay write up about it... And more reporting on Renesys's original research on it. (and a little more) Japan is awesome, told NSA no thanks because it believed the request was illegal Canada's Bill C-13 is a Trojan Horse (and Michael Geist weighs in too) (and the Ontario privacy commissioner does comment on it) Breaches Health Canada doesn't understand privacy (and the bad things start happen) Clearport Mercantile exchange (and the 450,000 daily contracts they process) got p0wned EU is not good with the Wifi Anti-derps Anti-DERP - Diffie is awesome! so is newegg (but sadly the lost - which sucks) Anti-DERP - konami button press sequence is not a hack (it's a metaphor) Anti-DERP - Mom takes on revenge porn site, a creepy hacker and Anonymous to the rescue Mailbag Hi Guys: 0x37 was good -- thanks! During recording the podcast one of youse (Ben?) wanted to determine the version of Silverlight installed on a browser. I make Rapid7's browserscan the home page for all of my browsers. It displays a nice list of the plugins currently installed & enabled in your browser. The list includes the plugin's installed version, the currently available version and -- when appropriate -- a Red Download Button in case you want to download the latest version. cheers, Mark Rapid 7's Browserscan Qualys Briefly -- NO ARGUING OR DISCUSSION ALLOWED Amber Baldet's DefCon 21 talk on Suicide Risk Assesment and Intervention Tactics. Dan Geer speaks more wisdom... go read it now Awesome hack - private LCD BIPS suffers Bitcoin heist Liquidmatrix Staff Projects -- gratuitous self-promotion The Security Conference Library Contribute to the Strategic Defense Execution Standard (#SDES) and you'll be Doing Infosec Right in no time. If you're interested in helping out with openCERT.ca, drop a line to info@openCERT.ca Upcoming Appearances: -- more gratuitous self-promotion Dave: - Attending Bluehat and Hushcon to close out the year. James: - Chicago, we think Ben: - nowhere in particular Matt: - Turkey coma Wil: - On location. He's looking for representation so get him while he's still cute... Other LSD Writers: - MIA Advertising - pay the bills... Signing up for a SANS course? Be sure to use the code "Liquidmatrix_150" and save $150 off the course fee! And Liquidmatrix_5 for 5% off a course Seacrest Says: Tell Peter Mackay everything Creative Commons license: BY-NC-SA
Dan Geer comes on the show to talk about security, metrics, APT, breaches, and more! Episode 282 Show Notes Episode Hosts: Paul Asadoorian, Host of Security Weekly and Stogie Geeks Larry Pesce, Host of Hack Naked At Night Jack Daniel, Security B-Sides, Most epic beard in information security. John Strand, Host of Hack Naked TV Carlos Perez, Host of Security Weekly Espanol Audio Feeds: Video Feeds:
If there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management. About the speaker: Daniel Earl Geer, Jr., Sc.D.MIT S.B. in EE & CS, 1972Harvard Sc.D. in Biostatistics, 1988Ten years in clinical and research medical computing followed by five years running MIT's Project Athena, the first distributed computing emplacement. A small stint in the Research division of the then Digital Equipment Corporation and from then on a series of entrepreneurial successes. In all entrepreneurial endeavors either a founder outright or an officer of the company.Milestones: The X Window System and Kerberos (1988), the first information security consulting firm on Wall Street (1992), convenor of the first academic conference on electronic commerce (1995), the "Risk Management is Where the Money Is" speech that changed the focus of security (1998), the Presidency of USENIX Association (2000), the first call for the eclipse of authentication by accountability (2002), principal author of and spokesman for "Cyberinsecurity: The Cost of Monopoly" (2003), and co-founder of SecurityMetrics.Org (2004) and convener of Metricon 1.0 (2006).Advisor to or Board member for a number of promising startups and their funding sources, forty-two refereed publications, one book and many book chapters, three patents, over two hundred fifty invited presentations twenty percent of which were keynotes including ten abroad, technology selection and standardization work, and five times before the US Congress of which two were lead witness. Commercial teaching history both extensive in scope and in excess of ten thousand students in the aggregate.Participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts.Frequently consulted by the business and technical press alike, frequent author of lay articles, editor or editorial board for various security publications, member of all relevant professional and trade organizations public and private, and extensive civic involvement including several service recognition awards at the national level. Skilled debater when worthy opponents are available.
If there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management.