Hacking the Pentagon: How a Rebel Alliance Shifts Culture to Protect National Security

Presented at BSidesLV 2019, Aug. 7, 2019, 11 a.m. (55 minutes)

Three years ago, a team of nerds at the Pentagon brought in hackers and launched the federal government's first bug bounty and coordinated disclosure programs. Today, the Defense Digital Service's (DDS) ‘Hack the Pentagon' program has run nearly twenty bug bounties across the Department of Defense, engaged thousands of ethical hackers, and uncovered thousands vulnerabilities. The program has been replicated at agencies across government and is helping feds to rethink many of the government's security approaches. While these programs are what DDS is best known for, the military also manages thousands of vehicles, ICS systems, and medical devices, in some of the most unique and challenging circumstances or any organization. Hear from DDS Director and noted data scientist Brett Goldstein about going beyond checklists and attested security, shifting culture in the world's largest bureaucracy, and working to incorporate diverse perspectives and talent to contribute to our country. Under Brett, the DDS team is helping to push better security norms and best practices - recognizing talent, diverse perspectives, and creativity are critical to remaining a step ahead of our adversaries. You'll learn how this passionate group of citizens have been effective and how they're inviting BSidesLV participants to get involved.


Presenters:

  • Harlan Lieberman-Berg
    Harlan Lieberman-Berg is an engineer with the Defense Digital Service, currently focusing on reforming the background investigation process for federal employees. With a background in operations and information security, he is a passionate advocate for free and open source software and the ethical responsibilities of software engineers and technologists of all stripes. Harlan's career began as a *nix administrator, working in startups from online music sales, adult entertainment, and ad tech. He served several roles at Chitika, Inc., including as the Director of Engineering, before starting his own company building a high-frequency ad trading system for the adult entertainment industry. Before joining the Defense Digital Service, he was an information security architect at Akamai Technologies, the first and largest CDN in the world. In the free software space, Harlan has held a variety of positions, including the Kernel Security Lead of Gentoo Linux. Currently, he is a Debian Developer and leads the Debian Let's Encrypt team maintaining (among other things) certbot, the premier Let's Encrypt client made by the Electronic Frontier Foundation.
  • Brett Goldstein
    Brett Goldstein is the Director of Defense Digital Service, where he leads a team of technologists focused on high-impact problems at the Department of Defense. Throughout his career, Brett has served in a range of mission-driven leadership roles across government, the private sector, and academia. He is deeply committed to improving government through data and technology, and by creating tools and new approaches for smarter decision making and better services. Brett began his technology career at OpenTable, where he helped grow the company from an early stage startup to a multinational corporation. He later joined the Chicago Police Department where he led the department's efforts at predictive analytics. He became Chicago and the nation's first Chief Data Officer and later Chicago's Chief Information Officer. Brett continues to serve as a Senior Fellow and Special Adviser for Urban Science at the University of Chicago.

Similar Presentations: