A quant looks at the future
Dan Geer - Geer Risk Services, LLC
Mar 21, 2007Size: 217.5MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractIf there is a difference between information and bits we had better find it soon. The bit-count is bounding upward, no one dares throw anything away, and once "search" supplants "organize" there is no going back. Information may or may not want to be free, but it wants to be in motion, so much so that ISPs see their future in movie rentals and the speed of light determines how far away your trade submission servers can be from the Exchange and still do micro-arbitrage. Like a gas, information has to be collected, purified, and compressed to be of value, so any leak, impurity, or loss of containment is a loss of value, per se. The street price of drugs has a more stable floor than the street price of stolen data, the percentage of attack tools that are privately held is rising, and the workfactor for information defense is the integral of the workfactor for information offense, yet we do not have the quantitative tools to value our information. That is possibly the key -- quantitative information risk management that is on par with quantitative financial risk management.
About the SpeakerDaniel Earl Geer, Jr., Sc.D.
MIT S.B. in EE & CS, 1972
Harvard Sc.D. in Biostatistics, 1988
Ten years in clinical and research medical computing followed by five years running MIT's Project Athena, the first distributed computing emplacement. A small stint in the Research division of the then Digital Equipment Corporation and from then on a series of entrepreneurial successes. In all entrepreneurial endeavors either a founder outright or an officer of the company.
Milestones: The X Window System and Kerberos (1988), the first information security consulting firm on Wall Street (1992), convenor of the first academic conference on electronic commerce (1995), the "Risk Management is Where the Money Is" speech that changed the focus of security (1998), the Presidency of USENIX Association (2000), the first call for the eclipse of authentication by accountability (2002), principal author of and spokesman for "Cyberinsecurity: The Cost of Monopoly" (2003), and co-founder of SecurityMetrics.Org (2004) and convener of Metricon 1.0 (2006).
Advisor to or Board member for a number of promising startups and their funding sources, forty-two refereed publications, one book and many book chapters, three patents, over two hundred fifty invited presentations twenty percent of which were keynotes including ten abroad, technology selection and standardization work, and five times before the US Congress of which two were lead witness. Commercial teaching history both extensive in scope and in excess of ten thousand students in the aggregate.
Participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts.
Frequently consulted by the business and technical press alike, frequent author of lay articles, editor or editorial board for various security publications, member of all relevant professional and trade organizations public and private, and extensive civic involvement including several service recognition awards at the national level. Skilled debater when worthy opponents are available.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.