The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Dan Geer - Geer Risk Services, LLC

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

A quant looks at the future

Mar 21, 2007

Download: Video Icon MP4 Video Size: 217.5MB  
Watch on Youtube Watch on YouTube


If there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management.

About the Speaker

Daniel Earl Geer, Jr., Sc.D.

MIT S.B. in EE & CS, 1972
Harvard Sc.D. in Biostatistics, 1988

Ten years in clinical and research medical computing followed by five years running MIT's Project Athena, the first distributed computing emplacement. A small stint in the Research division of the then Digital Equipment Corporation and from then on a series of entrepreneurial successes. In all entrepreneurial endeavors either a founder outright or an officer of the company.

Milestones: The X Window System and Kerberos (1988), the first information security consulting firm on Wall Street (1992), convenor of the first academic conference on electronic commerce (1995), the "Risk Management is Where the Money Is" speech that changed the focus of security (1998), the Presidency of USENIX Association (2000), the first call for the eclipse of authentication by accountability (2002), principal author of and spokesman for "Cyberinsecurity: The Cost of Monopoly" (2003), and co-founder of SecurityMetrics.Org (2004) and convener of Metricon 1.0 (2006).

Advisor to or Board member for a number of promising startups and their funding sources, forty-two refereed publications, one book and many book chapters, three patents, over two hundred fifty invited presentations twenty percent of which were keynotes including ten abroad, technology selection and standardization work, and five times before the US Congress of which two were lead witness. Commercial teaching history both extensive in scope and in excess of ten thousand students in the aggregate.

Participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts.

Frequently consulted by the business and technical press alike, frequent author of lay articles, editor or editorial board for various security publications, member of all relevant professional and trade organizations public and private, and extensive civic involvement including several service recognition awards at the national level. Skilled debater when worthy opponents are available.

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!