About Keith Watson

Keith Watson, professional photo by ISPhotographic


My name is Keith Watson. I focus on improving information security and privacy for organizations and individuals. Right now, my emphasis is on information supply chain security, risk management, system and software security architecture, awareness, and education. Since the mid-1980’s, I have been fascinated with computers and programming. In 1992, I got an email address and first accessed the global internet as a freshman computer science major. While working as a UNIX systems administrator in 1995, the Security Administrator Tool for Analyzing Networks (or SATAN) was released, and my interest and career in information assurance and security launched.

Today, I am an information assurance and security professional with interests on security tools, operating systems, social media, and software development. Currently, I work as the information security architect for IT Security & Policy at Purdue University (ITaP). Previously, I was an information assurance research engineer for the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue. Prior to coming to Purdue, I held several technical and marketing positions focused on information security at Sun Microsystems (now part of Oracle).

I organize a monthly meeting of security professionals in the Greater Lafayette area (GLSP). I am also contributor to Own Your Space and co-authored “A Guide to Facebook Security” (PDF).

My persona online is “ikawnoclast”. It is an imaginary word based on “iconoclast” and my initials: “i-kaw-noclast”. ikawnoclastic thoughts is a place for me to share information and teach.

If you care about certifications, I have a few. I have been a CISSP since 2001 and CISA since 2007. I was awarded the CISSP-ISSAP concentration in June 2012.

Elsewhere Online




  • I am working on several activities at the moment. More details to be announced later.


  • I have taken a break on consulting tasks to focus on higher priority activities.


  • ikawnoclast.com, “ikawnoclastic thoughts” (this blog)
  • Own Your Space, specifically “A Guide to Facebook Security” (PDF) and various Facebook Security Notes.


December 2014

  • Presented a talk on your career as a security professional (PDF) for the GLSP meeting.

November 2014

August 2014


January 2014

  • Started the Eyes on Privacy podcast (as a replacement to Serious about Security), podcast and blog focused primarily on privacy news, issues, and tools.

December 2013

  • Ended the Serious about Security podcast, an announcement, news, and discussion podcast about important security topics.

June 2013

  • Started as the information security architect at IT Security & Policy at Purdue.
  • Ended work on the following CERIAS projects and activities:
    • Filehound, a law enforcement application for collecting digital image evidence. Currently, we are taking this project in a new direction.
    • Network and security architecture for CERIAS.
    • Healthcare information security risk assessments for Indiana hospitals and healthcare providers as well as training and consulting service methodology development for the Purdue Healthcare Advisors.
    • Patient Health Information (PHI) research project information security assessments for various Purdue research projects.

October 2012

  • Co-organized the Purdue National Cybersecurity Awarness Month event on campus. I also presented on Social Media Security and Privacy. (PPTX)
  • I presented information at the Greater Lafayette Security Professionals October meeting on process isolation, including techniques such as chroot(), FreeBSD jails, privilege separation, sandboxing, multi-process architectures, mandatory access control, capability systems, and virtualization. He discussed how each of techniques work, the trade-offs associated with each, and the issues in managing each. (Presentation Link)

September 2012

  • Josh Gillam and I conducted a workshop for the Greater Lafayette Security Professionals on using Metasploit for exploring and exploiting VMware servers and the VMs that run on them. (Presentation Link)

June 2012

  • On June 27, I was notified that I had successfully passed the Information Systems Security Architecture Professional examination. I am now a CISSP-ISSAP! Thanks go to my long-suffering family and to my friends, study partners, and now fellow ISSAPs: Doug Couch and Nathan Heck.
  • In the wake of the “Week of Leaks” (i.e. password losses by Linkedin, eHarmony, and Last.fm), I talked about Password Hashing at the Greater Lafayette Security Professionals June meeting. (Presentation Link) We also discussed the “Week of Leaks” in Episode 9 and password hashing in Episode 10 of the Serious about Security podcast.

April 2012

March 2012

  • I was quoted in two articles in the Journal and Courier. One article is about online privacy issues. The other has tips for users to protect their online privacy. [Note: These articles are no longer available online.]

February 2012

  • The Own Your Space “A Guide to Facebook Security” is available in Arabic. (PDF)
  • Presented with Doug Couch an advanced Metasploit workshop at the Greater Lafayette Security Professionals February meeting. (Presentation Link)

January 2012

  • Presented on Facebook Security at the Greater Lafayette Facebook Conference 2012. (Presentation Link)
  • Led a discussion on risk analysis of a theoretical telephony-based two-factor authentication platform. (Presentation PDF)

December 2011

  • Presented on Information Security Career Management at the Greater Lafayette Security Professionals December meeting. (Presentation PDF)

November 2011

  • Doug Couch, Nathan Heck, Preston Wiley, and I led an introductory workshop on Metaploit at the Greater Lafayette Security Professionals November meeting. (Presentation Link)

October 2011

  • The Own Your SpaceA Guide to Facebook Security” was translated into French, German, Italian, Japanese, Korean, Brazalian Portuguese, and Spanish (As of January 2015, these translations are no longer available from Facebook.)
  • Presented on one-time password systems at the Greater Lafayette Security Professionals October meeting. (Presentation PDF)

August, 2011

  • Facebook publishes “A Guide to Facebook Security” (Document PDF), which Linda McCarthy, Denise Weldon-Siviy, and I wrote. It covers Facebook security risks and advanced security tools provided by Facebook. It was covered in the news.
  • Demonstrated some active defense techniques for operating systems using TCP Wrappers, PF overload rules, and some scripts at the Greater Lafayette Security Professionals August meeting.