CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

Protecting a billion identities without losing (much) sleep

Mark Crosbie, Tim Tickel, Four Flynn
Facebook

Mark Crosbie, Tim Tickel, Four Flynn - Facebook

Sep 18, 2013

Size: 174.9MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

The Facebook security team will share how we approach the security
challenges involved in protecting the identities of over a billion users
on our site. This talk is partly about our culture, and partly on how we
take a practical, risk-based approach to security. In the first part of
the talk Mark Crosbie will give an overview of our culture, how we think
about security and what makes Facebook unique in the industry in this
regard. Then Tim Tickel and Four Flynn will give an in-depth look at
Facebook's easy to use internal multi-factor authentication deployment.
We will discuss our motivations, how our solution works, technical and
security trade-offs, deployment problems, and outstanding issues.

About the Speaker


Mark Crosbie is head of information security for Facebook EMEA. His focus
is on the areas of data protection, privacy, controlling access to
information and intelligently managing risk for user data. He works with
Facebook security, legal, policy and user operation teams worldwide on
addressing security challenges. Mark has 20 years experience in
information security in multiple domains. Prior to joining Facebook Mark
led development of security policy for the IBM CIO where he also led a
team of ethical hackers who specialised in software penetration testing.
Before joining IBM Mark was a member of the corporate security program
office at Hewlett-Packard where he led a global program to deliver
e-Passport and national identity systems. Mark has done extensive work in
the areas of biometrics and intrusion detection, and holds numerous
patents on key security innovations. Mark graduated with an MsC from
Purdue University computer science under Prof. Gene Spafford in 1995, and
a bachelors from Trinity College Dublin in 1993. Mark lives in Ireland
with his family and a very large pile of Lego.

Tim Tickel is a security engineer specializing in enterprise security
and large-scale linux infrastructure. He currently works at Facebook
where he spends much of his time solving auth problems at scale. Prior
to Facebook, Tim worked as a security engineer at Google. Tim holds a
Masters in Computer Science and Information Assurance from George
Washington University and a Bachelors in Computer Science from Purdue
University.

John "Four" Flynn is an expert in Information Security with over 10 years
of experience in the field. At Google, he was the founder and lead
architect of Google's innovative Intrusion Detection group which led to
the successful detection of the Aurora attack in December 2009. Four also
led Google's Security Operations team where he pioneered innovative
approaches to Enterprise IT Security. He is a technical advisor to both a
prominent political campaign and a top tier Venture Capital firm. Four
holds a Masters in Computer Science and Information Assurance from George
Washington University as well as a Bachelors in Computer Engineering from
the University of Minnesota. Currently he works as a Security Engineer at
Facebook.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.