More Tales from the Crypt…Analyst presented at GrrCon2018 2018

by Jeff Man,

Summary : The speaker, a former Cryptographer for the National Security Agency (NSA), presented “Tales from the Crypt…Analyst” at GrrCON 2016 where he shared some of his experiences as both a designer of and breaker of cryptographic systems. “More Tales from the Crypt…analyst” will pick up with the speaker’s third “tour of duty” at NSA where he became one of the founding members of NSA’s first penetration testing or Red Team. While the thought of NSA hiring hackers or engaging in cyber warfare might be fairly common today, it was not always the case. Somebody had to be first, and the policies, procedures, methodologies, and rules of engagement had to be developed for not only conducting what we called Vulnerability and Threat Assessments, but for successfully navigating the politics, bureaucracy, and reticence of this often-misunderstood clandestine organization. The first NSA penetration testing team was assembled as a part of the newly formed center of excellence that NSA called the “Systems and Network Attack Center” or SNAC. To quote Charles Dickens, “It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us…” Come hear some war stories from the early days, and see how this industry and the practice of penetration testing has evolved in the past 25 years.