Jeff is a respected Information Security advocate, advisor, evangelist, international speaker, keynoter, former host of Security & Compliance Weekly, co-host on Paul’s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions. Currently serving in a Consulting/Advisory role for Online Business Systems. Over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst.
Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the “whiz” wheel, a cryptologic cipher wheel used by US Special Forces for over a decade. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing “red team” at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation’s best known companies.
Be sure to catch Jeff’s talk at ShowMeCon!
________________________________________________________________________________________________________________
Tales from the Crypt…Analyst: The After Life
Jeff began his career in InfoSec at the National Security Agency first as a Cryptologist, designing and
fielding the first software-based cryptosystem ever produced by NSA, and later becoming the primary architect of the first NSA Red Team. He has shared his NSA story in a series of talks, “Tales from the
Crypt…Analyst” and “MORE Tales From the Crypt…Analyst”. This talk is the third installment in Jeff’s story
and features his transition from NSA to the private sector in the early days of Information Security
consulting.
He will recount stories from the days of trying to convince companies that if they wanted to connect to the Internet they really needed a firewall; how penetration testing evolved to vulnerability assessments and then to security architecture advisory work; convincing clients that you didn’t need a browser to hack a web server; finding an open network jack really did mean you had access to the network; why it’s not a good idea for your mainframe to be Internet reachable; rooting a mainframe; and ultimately trying to find ways to get organizations to think about Information Security from a strategic perspective rather than just selling them a bunch of blinky boxes and telling them where to place them. Of course, we’ve solved all these problems from the early days…or maybe, just maybe there are still lessons to be learned.