My name is Keith Watson. I focus on improving information security and privacy for organizations and individuals. Right now, my emphasis is on information supply chain security, risk management, system and software security architecture, awareness, and education. Since the mid-1980’s, I have been fascinated with computers and programming. In 1992, I got an email address and first accessed the global internet as a freshman computer science major. While working as a UNIX systems administrator in 1995, the Security Administrator Tool for Analyzing Networks (or SATAN) was released, and my interest and career in information assurance and security launched.
Today, I am an information assurance and security professional with interests on security tools, operating systems, social media, and software development. Currently, I work as the information security architect for IT Security & Policy at Purdue University (ITaP). Previously, I was an information assurance research engineer for the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue. Prior to coming to Purdue, I held several technical and marketing positions focused on information security at Sun Microsystems (now part of Oracle).
My persona online is “ikawnoclast”. It is an imaginary word based on “iconoclast” and my initials: “i-kaw-noclast”. ikawnoclastic thoughts is a place for me to share information and teach.
- Eyes on Privacy (podcast and blog)
- ITaP (IT Security & Policy org chart)
- CERIAS (homepage, blog, staff directory)
- Own Your Space (“A Guide to Facebook Security“, Facebook, Twitter)
- Security Architect, Information Technology Security & Policy, Purdue University.
- Benevolent Dictator of the Greater Lafayette Security Professionals, an informal Purdue and Greater Lafayette, Indiana group of information security professionals.
- Faculty Advisor to the CERIAS Student Association.
- I am working on several activities at the moment. More details to be announced later.
- I have taken a break on consulting tasks to focus on higher priority activities.
- ikawnoclast.com, “ikawnoclastic thoughts” (this blog)
- Own Your Space, specifically “A Guide to Facebook Security” (PDF) and various Facebook Security Notes.
- I gave a TEDx talk at TEDxLafayette 2014. I spoke on autonomous vehicles (text of the talk and related news).
- Presented a talk at the GLSP meeting on Alternative Scanners, focusing on network scanners other than nmap.
- Started the Eyes on Privacy podcast (as a replacement to Serious about Security), podcast and blog focused primarily on privacy news, issues, and tools.
- Ended the Serious about Security podcast, an announcement, news, and discussion podcast about important security topics.
- Started as the information security architect at IT Security & Policy at Purdue.
- Ended work on the following CERIAS projects and activities:
- Filehound, a law enforcement application for collecting digital image evidence. Currently, we are taking this project in a new direction.
- Network and security architecture for CERIAS.
- Healthcare information security risk assessments for Indiana hospitals and healthcare providers as well as training and consulting service methodology development for the Purdue Healthcare Advisors.
- Patient Health Information (PHI) research project information security assessments for various Purdue research projects.
- Co-organized the Purdue National Cybersecurity Awarness Month event on campus. I also presented on Social Media Security and Privacy. (PPTX)
- I presented information at the Greater Lafayette Security Professionals October meeting on process isolation, including techniques such as
chroot(), FreeBSD jails, privilege separation, sandboxing, multi-process architectures, mandatory access control, capability systems, and virtualization. He discussed how each of techniques work, the trade-offs associated with each, and the issues in managing each. (Presentation Link)
- Josh Gillam and I conducted a workshop for the Greater Lafayette Security Professionals on using Metasploit for exploring and exploiting VMware servers and the VMs that run on them. (Presentation Link)
- On June 27, I was notified that I had successfully passed the Information Systems Security Architecture Professional examination. I am now a CISSP-ISSAP! Thanks go to my long-suffering family and to my friends, study partners, and now fellow ISSAPs: Doug Couch and Nathan Heck.
- In the wake of the “Week of Leaks” (i.e. password losses by Linkedin, eHarmony, and Last.fm), I talked about Password Hashing at the Greater Lafayette Security Professionals June meeting. (Presentation Link) We also discussed the “Week of Leaks” in Episode 9 and password hashing in Episode 10 of the Serious about Security podcast.
- I moderated a panel on Securing Mobile Devices at the CERIAS Annual Information Security Symposium. I also wrote a summary of the presentation by Howard Schmidt, the Special Assistant to the President and Senior Director for Cyber Security, Office of the U.S. President.
- I was quoted in two articles in the Journal and Courier. One article is about online privacy issues. The other has tips for users to protect their online privacy. [Note: These articles are no longer available online.]
- The Own Your Space “A Guide to Facebook Security” is available in Arabic. (PDF)
- Presented with Doug Couch an advanced Metasploit workshop at the Greater Lafayette Security Professionals February meeting. (Presentation Link)
- Presented on Facebook Security at the Greater Lafayette Facebook Conference 2012. (Presentation Link)
- Led a discussion on risk analysis of a theoretical telephony-based two-factor authentication platform. (Presentation PDF)
- Presented on Information Security Career Management at the Greater Lafayette Security Professionals December meeting. (Presentation PDF)
- Doug Couch, Nathan Heck, Preston Wiley, and I led an introductory workshop on Metaploit at the Greater Lafayette Security Professionals November meeting. (Presentation Link)
- The Own Your Space “A Guide to Facebook Security” was translated into French, German, Italian, Japanese, Korean, Brazalian Portuguese, and Spanish (As of January 2015, these translations are no longer available from Facebook.)
- Presented on one-time password systems at the Greater Lafayette Security Professionals October meeting. (Presentation PDF)
- Facebook publishes “A Guide to Facebook Security” (Document PDF), which Linda McCarthy, Denise Weldon-Siviy, and I wrote. It covers Facebook security risks and advanced security tools provided by Facebook. It was covered in the news.
- Demonstrated some active defense techniques for operating systems using TCP Wrappers, PF overload rules, and some scripts at the Greater Lafayette Security Professionals August meeting.