Q&A

Dan Geer Helping CIA, Enjoying 'Gee-Whiz' Moments

Security luminary Dan Geer talks with CSO about all the fun he's having as the new CISO of In-Q-Tel, the investment arm of the U.S. intelligence community. He also revisits the Microsoft monoculture debate that lead to his firing from @Stake five years ago.

By Bill Brenner

August 04, 2008CSO — It's been five years since security pioneer Dan Geer was fired from @Stake for co-writing a paper warning that a Microsoft monoculture threatened national security.

The firing actually helped cement Geer's status as a security luminary and has led to a wealth of opportunities, including a stint as president and chief scientist at Verdasys Inc. and his latest role as CISO for In-Q-Tel, the investment arm of the U.S. intelligence community - particularly the Central Intelligence Agency (CIA).

Geer - a member of the Athena Project at MIT during the creation of the widely-used Kerberos authentication protocol - recently sat down with CSO to discusses the "gee-whiz" moments he now enjoys as he gets a peek at some of the latest intelligence technology.

He also explains the goal behind his recently-released book, "The Economics and Strategies of Data Security," and revisits the monoculture debate, which he believes played a role in security improvements at Microsoft.

Dan Geer, CISO In-Q-Tel

CSO: Last time we spoke, you were at Verdasys. Why the move to In-Q-Tel?
Dan Geer: The role I have is new, partly the classic job of CISO, and they have information that needs to be handled properly. Information security and digital identity management are important for this company and I was hired to help with that. I'm obviously on the technical side. So far, the gee-whiz fascination value is pretty high. I'm finding that the elements that are not my specialties are the most fascinating part of the job.

Such as?
A ground cover that changes color when its roots touch land mine residue, so you can plant it and find land mines without having to use your water buffalo; what looks like a sheet of paper which is actually lit up, three times the efficiency of LEDs (light-emitting diode, a semiconductor diode that emits light when an electrical current is applied in the forward direction of the device) which is paper-thin and can be cut with a scissors; and the ability to extract power from the room you are in. Powering things without a power cord is of huge interest to commercial and intelligence entities.

I've also found that the nanotechnology world is full of fascinating things, and I've also seen a hand-held spectrometer that lets you tell what material you're looking at—a tool that came out of carpet recycling, of all things. In the carpet recycling business it's evidently a bad idea to melt down your polypropylene with your nylon. As obvious as that sounds, I had no idea. The spectrometer was invented so the recycling people could sort the shreds into the proper piles.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development