What Snowden and I Have in Common - Reflections of an ex-NSA Hacker

BSidesLV 2016

Presented by: Jeff Man
Date: Tuesday August 02, 2016
Time: 11:00 - 11:55
Location: Firenze
Track: Underground

NSA takes very seriously its mandate to do "what NSA does" against foreign entities and NOT U.S. citizens. The rules were clarified in the late 70's in the Foreign Intelligence Surveillance Act (FISA). FISA was written after the findings of the "Church Proceedings" were published as part of the fallout of the Watergate scandal.

I've only heard the Church Proceedings mentioned twice in my lifetime - once twenty years ago when I was investigated for violating the charter when I led a forensic team to help the Dept. of Justice after their website was defaced, and the second time was in hearing news reports about Edward Snowden. This is why I'm sometimes heard to say, "I was the first Edward Snowden".

I will share the story of how I was almost fired from NSA for violating the same law that NSA has been accused of violating based on the information disclosed by Edward Snowden several years ago. The goal is to shed some light on how NSA really operates, from someone who used to be on the inside, in order to take the whole Snowden debate to a different level. I do not intend to sway anyone's opinion, but merely want to offer some details that should help anyone make a more informed decision about NSA, its mission, and the laws by which it is governed.

Jeff Man

Jeff Man is a Strategist and Security Evangelist at Tenable Network Security. He has over 30 years of experience working in all aspects of computer, network, and information security, including risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Earlier in his career, Jeff held security research, management and product development roles with NSA, the DoD and private-sector enterprises. Prior to joining Tenable, Jeff served as a QSA, first with TrustWave, then with VeriSign and finally AT&T; Consulting Services. In this role he has provided PCI consulting and advisory services to many of the nation's best known brands.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats