More Tales from the Crypt...analyst picks up with the speaker's third tour of duty at NSA where he became one of the founding members of NSA's first penetration testing or Red Team. While the thought of NSA hiring hackers or engaging in cyber warfare might be fairly common today, it was not always the case. Somebody had to be first, and the policies, procedures, methodologies, and rules of engagement had to be developed for not only conducting what we called Vulnerability and Threat Assessments, but for successfully navigating the politics, bureaucracy, and reticence of this often-misunderstood clandestine organization. The first NSA penetration testing team was assembled as a part of the newly formed center of excellence called the Systems and Network Attack Center (SNAC). To quote Charles Dickens, It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness. Come hear some war stories from the early days and see how this industry and the practice of penetration testing has evolved in the past 25 years.

Jeff is a respected Information Security expert, adviser, and evangelist. He has over 33 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Earlier in his career, Jeff held security research, management and product development roles with NSA, the DoD and private-sector enterprises and was part of the first penetration testing "red team" at NSA. For the past twenty years, Jeff has been a pen tester, security architect, consultant, and QSA, providing consulting and advisory services to many of the nation's best known brands.\n\nTwitter:\n@MrJeffMan

Recorded at NolaCon 2019