The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mark Crosbie, Tim Tickel, Four Flynn - Facebook

Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.

Protecting a billion identities without losing (much) sleep

Sep 18, 2013

Download: Video Icon MP4 Video Size: 174.9MB  
Watch on Youtube Watch on YouTube


The Facebook security team will share how we approach the security
challenges involved in protecting the identities of over a billion users
on our site. This talk is partly about our culture, and partly on how we
take a practical, risk-based approach to security. In the first part of
the talk Mark Crosbie will give an overview of our culture, how we think
about security and what makes Facebook unique in the industry in this
regard. Then Tim Tickel and Four Flynn will give an in-depth look at
Facebook's easy to use internal multi-factor authentication deployment.
We will discuss our motivations, how our solution works, technical and
security trade-offs, deployment problems, and outstanding issues.

About the Speaker

Mark Crosbie, Tim Tickel, Four Flynn

Mark Crosbie is head of information security for Facebook EMEA. His focus
is on the areas of data protection, privacy, controlling access to
information and intelligently managing risk for user data. He works with
Facebook security, legal, policy and user operation teams worldwide on
addressing security challenges. Mark has 20 years experience in
information security in multiple domains. Prior to joining Facebook Mark
led development of security policy for the IBM CIO where he also led a
team of ethical hackers who specialised in software penetration testing.
Before joining IBM Mark was a member of the corporate security program
office at Hewlett-Packard where he led a global program to deliver
e-Passport and national identity systems. Mark has done extensive work in
the areas of biometrics and intrusion detection, and holds numerous
patents on key security innovations. Mark graduated with an MsC from
Purdue University computer science under Prof. Gene Spafford in 1995, and
a bachelors from Trinity College Dublin in 1993. Mark lives in Ireland
with his family and a very large pile of Lego.

Tim Tickel is a security engineer specializing in enterprise security
and large-scale linux infrastructure. He currently works at Facebook
where he spends much of his time solving auth problems at scale. Prior
to Facebook, Tim worked as a security engineer at Google. Tim holds a
Masters in Computer Science and Information Assurance from George
Washington University and a Bachelors in Computer Science from Purdue

John "Four" Flynn is an expert in Information Security with over 10 years
of experience in the field. At Google, he was the founder and lead
architect of Google's innovative Intrusion Detection group which led to
the successful detection of the Aurora attack in December 2009. Four also
led Google's Security Operations team where he pioneered innovative
approaches to Enterprise IT Security. He is a technical advisor to both a
prominent political campaign and a top tier Venture Capital firm. Four
holds a Masters in Computer Science and Information Assurance from George
Washington University as well as a Bachelors in Computer Engineering from
the University of Minnesota. Currently he works as a Security Engineer at

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!