Enterprise Level Security 1 & 2  book cover
1st Edition

Enterprise Level Security 1 & 2

ISBN 9781003082118
Published May 29, 2022 by CRC Press
500 Pages

FREE Standard Shipping

What are VitalSource eBooks?

Prices & shipping based on shipping country


Book Description

This is a set, comprising of Enterprise Level Security and Enterprise Level Security 2.

Enterprise Level Security: Securing Information Systems in an Uncertain World provides a modern alternative to the fortress approach to security. The new approach is more distributed and has no need for passwords or accounts. Global attacks become much more difficult, and losses are localized, should they occur. The security approach is derived from a set of tenets that form the basic security model requirements. Many of the changes in authorization within the enterprise model happen automatically. Identities and claims for access occur during each step of the computing process.

Many of the techniques in this book have been piloted. These techniques have been proven to be resilient, secure, extensible, and scalable. The operational model of a distributed computer environment defense is currently being implemented on a broad scale for a particular enterprise.

The first section of the book comprises seven chapters that cover basics and philosophy, including discussions on identity, attributes, access and privilege, cryptography, the cloud, and the network. These chapters contain an evolved set of principles and philosophies that were not apparent at the beginning of the project.

The second section, consisting of chapters eight through twenty-two, contains technical information and details obtained by making painful mistakes and reworking processes until a workable formulation was derived. Topics covered in this section include claims-based authentication, credentials for access claims, claims creation, invoking an application, cascading authorization, federation, and content access control. This section also covers delegation, the enterprise attribute ecosystem, database access, building enterprise software, vulnerability analyses, the enterprise support desk, and network defense.

Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors’ first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, device management, mobile ad hoc, big data, mediation, and several other topics. The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program. The book is intended for enterprise IT architecture developers, application developers, and IT security professionals. This is a unique approach to end-to-end security and fills a niche in the market. Dr. Kevin E. Foltz, Institute for Defense Analyses, has over a decade of experience working to improve security in information systems. He has presented and published research on different aspects of enterprise security, security modeling, and high assurance systems. He also has degrees in Mathematics, Computer Science, Electrical Engineering, and Strategic Security Studies. Dr. William R. Simpson, Institute for Defense Analyses, has over two decades of experience working to improve systems security. He has degrees in Aeronautical Engineering and Business Administration, as well as undergoing military and government training. He spent many years as an expert in aeronautics before delving into the field of electronic and system testing, and he has spent the last 20 years on IT-related themes (mostly security, including processes, damage assessments of cyber intrusions, IT security standards, IT security evaluation, and IT architecture).

Table of Contents

Enterprise Level Security (1)

1 Introduction


1.1 Problem Description

1.1.1 Success beyond Anticipation

1.1.2 But, It Started Long before ­at A Brief History of the Development of the WWW

1 1.1.3 Fast-Forward to Today

1.2 What Is Enterprise Level Security?

1.3 Distributed versus Centralized Security

1.3.1 Case Study: Boat Design

1.3.2 Case Study Enterprise Information Technology Environment

1.3.3 Security Aspects Confidentiality Integrity Availability Authenticity Nonrepudiation

1.4 Crafting a Security Model

1.4.1 ­e Assumptions

1.4.2 Tenets: Digging beneath the Security Aspects

1.5 Entities and Claims

1.5.1 Credentialing

1.6 Robust Assured Information Sharing

1.6.1 Security Requirements

1.6.2 Security Mechanisms

1.6.3 Goals and Assumptions of IA Architecture

1.6.4 Assumptions

1.6.5 A Framework for Entities in Distributed Systems

1.7 Key Concepts

1.7.1 ELS-Specific Concepts

1.7.2 Mapping between Tenets and Key Concepts

1.7.3 Enterprise-Level Derived Requirements

1.7.4 Mapping between Key Concepts and Derived Requirements

1.8 Two Steps Forward and One Step Back

1.9 ­e Approximate Time-Based Crafting

1.10 Summary




2 Identity


2.1 Who Are You?

2.2 Naming

2.3 Identity and Naming: Case Study

2.4 Implications for Information Security

2.5 Personas

2.6 Identity Summary


3 Attributes


3.1 Facts and Descriptors

3.2 An Attribute Ecosystem

3.3 Data Sanitization

3.3.1 Guarded and Filtered Inputs

3.3.2 Guard Administrator Web Interface

3.3.3 Integrity in Attribute Stores

3.3.4 Secure Data Acquisition

3.3.5 Integrity at the Source

3.4 Temporal Data

3.5 Credential Data

3.6 Distributed Stores


4 Access and Privilege


4.1 Access Control

4.2 Authorization and Access in General

4.3 Access Control List

4.3.1 Group Requirements

4.3.2 Role Requirements

4.3.3 ACRs and ACLs

4.3.4 Discretionary Access Control and Mandatory Access Control

4.4 Complex Access Control Schemas

4.5 Privilege

4.6 Concept of Least Privilege

4.6.1 Least Privilege Case Study


5 Cryptography


5.1 Introduction

5.2 Cryptographic Keys and Key Management

5.2.1 Asymmetric Key Pairs RSA Key Generation

5.3 Symmetric Keys

5.3.1 TLS Mutual Authentication Key Production

5.3.2 Other Key Production

5.4 Store Keys

5.5 Delete Keys

5.6 Encryption

5.7 Symmetric versus Asymmetric Encryption Algorithms

5.7.1 Asymmetric Encryption

5.7.2 RSA Asymmetric Encryption

5.7.3 Combination of Symmetric and Asymmetric Encryption

5.7.4 Symmetric Encryption Stream Ciphers Block Ciphers

5.7.5 AES/Rijndael Encryption Description of the AES Cipher

5.7.6 Data Encryption Standard Triple DES Description of the Triple DES Cipher

5.8 Decryption

5.8.1 Asymmetric Decryption

5.8.2 Symmetric Decryption

5.9 Hash Function

5.9.1 Hash Function Algorithms

5.9.2 Hashing with Cryptographic Hash Function MD-5 SHA-3-Defined SHA-512

5.10 Signatures

5.10.1 XML Signature

5.10.2 S/MIME Signature

5.10.3 E-Content Signature

5.11 A Note on Cryptographic Key Lengths

5.11.1 Encryption Key Discovery

5.11.2 ­e High-Performance Dilemma

5.11.3 Parallel Decomposition of Key Discovery

5.12 Internet Protocol Security

5.13 Other Cryptographic Services

5.14 ­e Java Cryptography Extension

5.15 Data at Rest

5.16 Data in Motion


6 The Cloud


6.1 ­e Promise of Cloud Computing

6.2 Benefits of the Cloud

6.3 Drawbacks of Cloud Usage

6.3.1 Differences from Traditional Data Centers

6.3.2 Some Changes in the ­reat Scenario

6.4 Challenges for the Cloud and High Assurance

6.5 Cloud Accountability, Monitoring, and Forensics

6.5.1 Accountability

6.5.2 Monitoring

6.5.3 Knowledge Repository

6.5.4 Forensic Tools

6.6 Standard Requirements for Cloud Forensics


7 The Network


7.1 ­e Network Entities

7.1.1 Most Passive Elements

7.1.2 Issues of the Most Passive Devices

7.1.3 ­e Convenience Functions

7.1.4 Issues for the Convenience Functions

7.1.5 Content Analyzers

7.1.6 Issues for Content Analyzers




8 Claims-Based Authentication


8.1 Authentication and Identity

8.2 Credentials in the Enterprise

8.3 Authentication in the Enterprise

8.3.1 Certificate Credentials

8.3.2 Registration

8.3.3 Authentication

8.4 Infrastructure Security Component Interactions

8.4.1 Interactions Triggered by a User Request for Service

8.4.2 Interaction Triggered by a Service Request

8.5 Compliance Testing

8.6 Federated Authentication

8.6.1 Naming and Identity

8.6.2 Translation of Claims or Identities

8.6.3 Data Requirements

8.6.4 Other Issues


9 Credentials for Access Claims


9.1 Security Assertion Markup Language

9.2 Access Control Implemented in the Web Service

9.3 Establishing Least Privilege

9.4 Default Values

9.5 Creating an SAML Token

9.6 Scaling of the STS for High Assurance Architectures

9.7 Rules for Maintaining High Assurance during Scale-Up


10 Claims Creation


10.1 Access Control Requirements at the Services

10.1.1 Discretionary Access Control List

10.1.2 Mandatory Access Control

10.1.3 Access Control Logic

10.2 Access Control Requirement

10.3 Enterprise Service Registry

10.4 Claims Engine

10.5 Computed Claims Record


11 Invoking an Application


11.1 Active Entities

11.2 Claims-Based Access Control

11.2.1 Authorization in the Enterprise Context

11.3 Establishing Least Privilege

11.4 Authorizing the User to the Web Application

11.5 Authorizing a Web Service to a Web Service

11.6 Interaction between Security Components

11.6.1 Access from within the Enterprise

11.6.2 Disconnected, Intermittent, or Limited Environments Prioritization of Communications Reduction of the Need for Capacity Asset Requirements


12 Cascading Authorization


12.1 Basic Use Case

12.2 Standard Communication

12.3 Pruning Attributes, Groups, and Roles

12.4 Required Escalation of Privilege

12.5 Data Requirements for the Pruning of Elements

12.6 Saving of the SAML Assertion

12.7 SAML Token Modifications for Further Calls

12.8 An Annotated Notional Example

12.9 Additional Requirements

12.10 Service Use Case Summary


13 Federation


13.1 Federation

13.2 Elements of Federated Communication

13.2.1 Naming and Identity

13.2.2 Credentials

13.2.3 PKI—X.509 Certificates

13.2.4 Certificate Services

13.2.5 Bilateral Authentication

13.2.6 Authorization Using SAML Packages

13.2.7 Registration of the STS

13.2.8 Recognizing STS Signatures

13.2.9 Translation of Properties, Roles, and Groups

13.2.10 Other Issues

13.3 Example Federation Agreement

13.4 Access from Outside the Enterprise

13.5 Trusted STS Store

13.6 Trusted STS Governance


14 Content Access Control


14.1 Authoritative and Nonauthoritative Content

14.2 Content Delivery Digital Rights Management

14.3 Mandatory Access Control

14.4 Access Control Content Management System

14.5 Enforcing Access Control

14.6 Labeling of Content and Information Assets

14.7 Conveying Restrictions to the Requester

14.8 Enforcing/Obtaining Acknowledgment of Restrictions

14.9 Metadata

14.10 Content Management Function

14.11 Components of a Stored Information Asset

14.11.1 Information Asset, Section A: ACL, MAC, and Data

14.11.2 Information Asset, Section B: Information Asset as Labeled

14.11.3 Information Asset, Section C: Information Asset Signature(s)

14.11.4 Information Asset, Section D: MDE Metacard

14.12 Additional Elements for Stored Information Assets

14.12.1 Key Words

14.12.2 Storage Location(s) of Key Word Metadata

14.12.3 Reference Identity and Information Asset Description

14.12.4 Information Asset Name

14.12.5 Information Asset Description

14.13 Key Management Simplication

14.13.1 Information Asset

14.14 Import or Export of Information Assets


15 Delegation


15.1 Delegation Service

15.2 Service Description for Delegation

15.3 Form of Extended Claims Record

15.4 Special Delegation Service


16 The Enterprise Attribute Ecosystem


16.1 User and Data Owner Convenience Functions

16.1.1 Self-Registration (Partial)

16.1.2 User Attribute Service

16.1.3 Service Discovery

16.1.4 User Claim Query Service

16.1.5 Direct Service/Application Invocation

16.1.6 Trusted Delegation Service

16.1.7 Special Delegation Service

16.2 Attribute Ecosystems Use Cases

16.2.1 Process Flows Related to Security for Each Service

16.2.2 Updating Claims

16.2.3 Adding a New Identity

16.2.4 Adding a Service

16.2.5 Accessing Services

16.2.6 Providing Delegation

16.2.7 Providing Special Delegation

16.3 Attribute Ecosystem Services

16.3.1 Authoritative Content Import Service(s)

16.3.2 Manage Import and Aggregation Web Application

16.3.3 Manual Entry Web Application for Attributes

16.3.4 AE Import Service

16.3.5 Enterprise Service Registry Web Application

16.3.6 Manage Claims Engine Web Application

16.3.7 Claims Engine

16.3.8 Manage Claims Web Application

16.3.9 Manage Delegation Web Application and Service

16.3.10 Claims Exposure and Editor Web Service

16.3.11 Provide Claims Web Service

16.3.12 Delegation Web Application and Web Service

16.3.13 Manage Groups and Roles Web App

16.3.14 Autoregistration Web App

16.3.15 Write Attribute List

16.3.16 User Query Attributes

16.3.17 User Query Claims

16.3.18 Special Delegation Web Application and Web Service


17 Database Access


17.1 Database Models

17.2 Database Interfaces and Protocols

17.2.1 SQL Databases

17.2.2 XML Databases

17.2.3 Large-Scale Databases

17.2.4 Geospatial Databases

17.3 Overall Database Considerations

17.4 Enterprise Resource Planning Business Software

17.5 ERP as a Legacy System

17.5.1 ERP Attribute System Synchronization

17.5.2 ERP Border System

17.6 Hardening of ERP Database Systems

17.6.1 Hardening Stage One: Encryption of Data at Rest

17.6.2 Hardening Stage Two: Encryption of Data in Transit

17.6.3 Hardening Stage Th­ree: Claims Identity, Access, and Privilege

17.6.4 Hardening Stage Four: Least Privilege for Application Financial Roles Application-Driven Database Operations Application-Driven Annotated Example Data-Driven Database Operations Data-Driven Annotated Example

17.6.5 Hardening Stage Five: Homomorphic Encryption


18 Building Enterprise Software


18.1 Services Types

18.2 Functionality of All Services

18.2.1 Evaluating Inputs Extensible Markup Language

18.2.2 Credentials

18.2.3 PKI Required: X.509 Certificates

18.2.4 PKI Bilateral Authentication

18.2.5 Authorization Using Authorization Handlers

18.2.6 Agents in the Enterprise Self-Help Agents Embedded Agents Monitor Sweep Agents Import Agents Self-Protection Agents

18.2.7 Data Keeping and Correlation

18.3 Service Model

18.4 Enterprise Services Checklist

18.5 Enterprise Service Registry

18.6 Service Discovery: Manual and Automated

18.7 Additional Considerations

18.7.1 Agents in the Enterprise Environment

18.7.2 Code Elements of a Service

18.7.3 Anatomy of a Service Commercial Of-the-Shelf and Legacy Software Load Balancing Applications Web Service Monitor Activities

18.8 Orchestration

18.9 ELS Interface

18.10 Access Control List


19 Vulnerability Analyses


19.1 Vulnerability Causes

19.2 Related Work

19.2.1 Static Code Analysis

19.2.2 Dynamic Code Analysis

19.2.3 Penetration Testing

19.2.4 Code Analysis and Penetration Testing Summary

19.3 Vulnerability Analysis

19.3.1 Vulnerability Analysis Objective

19.3.2 Vulnerability Analysis Information

19.3.3 Obtaining Vulnerabilities

19.3.4 Deriving Penetration Tests

19.3.5 Continuous Updating

19.3.6 Review and Approve

19.4 Flaw Remediation

19.4.1 Flaw Remediation Objectives

19.4.2 Flaw Remediation Information

19.4.3 A Flaw Remediation Process

19.4.4 Flaw Remediation Quality System

19.4.5 Flaw Remediation Reporting

19.4.6 Review and Approve

19.5 Summary


20 An Enterprise Support Desk


20.1 Monitoring

20.2 Data Repository System

20.3 Information for Service Monitoring

20.4 Centralized Repository

20.5 Services by Type

20.6 Data Keeping Requirements

20.7 Naming Schema

20.8 Monitor Activities

20.8.1 Data Generation

20.8.2 Log 4j Specification

20.8.3 Alerts and Automatic Response

20.8.4 SMTP Format for Alerts

20.8.5 Requirements for Java and Service Exception Errors

20.8.6 Record Storage

20.9 Help Desk Breakdown

20.10 Customer Support and Help Desk

20.11 Levels of Service

20.11.1 Level 0: Client Self-Help

20.11.2 Level 1: Basic Information

20.11.3 Level 2: Interactive Support

20.11.4 Level 3: Security, Serious Bugs, and Vendor Support

20.12 Using the Knowledge Repository

20.12.1 Information for Help Desk Operations

20.13 ESD Summary


21 Network Defense


21.1 Expected Behavior

21.2 Introduction

21.3 Current Protection Approaches

21.3.1 Current: Unencrypted Traffic

21.3.2 Current: Encrypted Traffic

21.4 An Alternative to Private Key Passing

21.5 A Distributed Protection System

21.5.1 Appliance Functionality In-Line

21.5.2 Appliance Functionality as a Service

21.6 Next Steps for Appliances

21.6.1 Real Demilitarized Zone

21.6.2 Security Issue

21.6.3 Taking Advantage of Software-Only Functionality

21.6.4 Protecting the Server

21.6.5 Handlers in the Server

21.7 Appliances ­at Change Content

21.7.1 Wide Area Network Acceleration

21.7.2 An Introduction to WAN Acceleration

21.7.3 Current WAN Accelerator Approaches

21.7.4 An Alternative to Private Key Passing

21.7.5 Integrity in a TLS Session

21.7.6 Flows in a High Integrity System

21.7.7 Summary of WAN Acceleration

21.8 Appliances: A Work in Progress


22 Concluding Remarks


22.1 Where We Have Been and Where We Are Going

22.2 Understanding the Approach

22.3 About Th­ose Takeaways



Enterprise Level Security 2

Chapter 1.         The First 16 Years. 

1.1         The Beginning of Enterprise Level Security (ELS) 

1.2         Design Principles. 

1.3         Key Concepts. 

1.4         Implementation. 

Chapter 2.         A Brief Review of the Initial Book. 

2.1         Security Principles. 

2.2         ELS Framework. 

Chapter 3.         Minimal Requirements for the Advanced Topics. 

3.1         Needed Capabilities. 

3.2         Creating an Attribute Store. 

3.3         Registering a Service. 

3.4         Computing Claims. 

3.5         User Convenience Services. 

3.6         The Enterprise Attribute Ecosystem.

3.7         Summary. 

Identity and Access Advanced Topics. 

Chapter 4.         Identity Claims in High Assurance. 

4.1         Who Are You?. 

4.2         Entity Vetting. 

4.3         Naming.

4.4         Key and Credential Generation. 

4.5         Key and Credential Access Control.

4.6         Key and Credential Management.

4.7         Key and Credential Use. 

4.8         Some Other Considerations.

Chapter 5.         Cloud Key Management.

5.1         Clouds. 

5.2         ELS in a Private Cloud. 

5.3         The Public Cloud Challenge. 

5.4         Potential Hybrid Cloud Solutions. 

5.5         Proposed Secure Solutions. 

5.6         Implementation. 

5.7         Cloud Key Management Summary. 

Chapter 6.         Enhanced Assurance Needs. 

6.1         Enhanced Identity Issues. 

6.2         Scale of Identity Assurance. 

6.3         Implementing the Identity Assurance Requirement.

6.4         Additional Requirements. 

6.5         Enhanced Assurance Summary. 

Chapter 7.         Temporary Certificates. 

7.1         Users That Do Not Have a PIV.

7.2         Non-PIV STS/CA-Issued Certificate. 

7.3         Required Additional Elements.

7.4         Precluding the Use of Temporary Certificates. 

7.5         Temporary Certificate Summary. 

Chapter 8.         Derived Certificates on Mobile Devices. 

8.1         Derived Credentials. 

8.2         Authentication with the Derived Credential.

8.3         Encryption with the Derived Credential.

8.4         Security Considerations. 

8.5         Certificate Management.

Chapter 9.         Veracity and Counter Claims. 

9.1         The Insider Threat.

9.2         Integrity, Reputation, and Veracity. 

9.3         Measuring Veracity. 

9.4         Creating a Model & Counter-Claims. 

9.5         Veracity and Counter-Claims Summary. 

Chapter 10.      Delegation of Access and Privilege. 

10.1       Access and Privilege. 

10.2       Delegation Principles. 

10.3       ELS Delegation. 

10.4       Delegation Summary. 

Chapter 11.      Escalation of Privilege. 

11.1       Context for Escalation. 

11.2       Access and Privilege Escalation. 

11.3       Planning for Escalation. 

11.4       Invoking Escalation. 

11.5       Escalation Implementation within ELS. 

11.6       Accountability. 

11.7       Escalation Summary. 

Chapter 12.      Federation. 

12.1       Federation Technical Considerations. 

12.2       Federation Trust Considerations. 

12.3       Federation Conclusions. 

ELS Extensions – Content Management.

Chapter 13.      Content Object Uniqueness for Forensics. 

13.1       Exfiltration in Complex Systems. 

13.2       Product Identifiers. 

13.3       Hidden Messages. 

13.4       Content Management.

13.5       Content Object Summary.

Chapter 14.      Homomorphic Encryption. 

14.1       Full Homomorphic Encryption (FHE).

14.2       Partial Homomorphic Encryption (PHE).

14.3       PHE Performance Evaluation. 

14.4       Homomorphic Encryption Conclusions. 

ELS Extensions – Data Aggregation. 

Chapter 15.      Access and Privilege in Big Data Analysis. 

15.1       Big Data Access. 

15.2       Big Data Related Work. 

15.3       Big Data with ELS. 

15.4       Big Data Summary. 

Chapter 16.      Data Mediation. 

16.1       Maintaining Security with Data Mediation. 

16.2       The Mediation Issue. 

16.3       Approaches. 

16.4       Choosing a Solution. 

16.5       Mediation Summary. 

ELS Extensions – Mobile Devices. 

Chapter 17.      Mobile Ad Hoc. 

17.1       Mobile Ad Hoc Implementations. 

17.2       Network Service Descriptions. 

17.3       Other Considerations. 

17.4       Mobile Ad Hoc Summary. 

Chapter 18.      Endpoint Device Management.

18.1       Endpoint Device Choices. 

18.2       Endpoint Device Management.

ELS Extensions – Other Topics. 

Chapter 19.      Endpoint Agent Architecture.

19.1       Agent Architecture.

19.2       Related Work. 

19.3       ELS Agent Methods. 

19.4       Endpoint Agent Results. 

19.5       Endpoint Agent Conclusions. 

19.6       Endpoint Agent Extensions. 

Chapter 20.      Ports and Protocols. 

20.1       Introduction. 

20.2       Communication Models. 

20.3       Ports in Transport Protocols. 

20.4       Threats Considered. 

20.5       Assigning Ports and Protocols. 

20.6       Server Configurations. 

20.7       Firewalls and Port Blocking. 

20.8       Application Firewalls. 

20.9       Network Firewalls in ELS. 

20.10         Endpoint Protection in ELS. 

20.11         Handling and Inspection of Traffic. 

20.12         Additional Security Hardening. 

Chapter 21.      Asynchronous Messaging. 

21.1       Why Asynchronous Messaging?. 

21.2       Prior Work. 

21.3       Asynchronous Messaging Security. 

21.4       PSS Rock and Jewel.

21.5       Summary. 

Chapter 22.      Virtual Application Data Center.

22.1       Introduction. 

22.2       Enterprise Level Security and VADC Concepts. 

22.3       VADC Implementation. 

22.4       Resource Utilization. 

22.5       Distributed Benefits and Challenges. 

22.6       Virtual Application Conclusions. 

Chapter 23.      Managing System Changes. 

23.1       System Change. 

23.2       Current Approaches. 

23.3       The Vision. 

23.4       Realizing the Vision. 

23.5       Moving into the Future. 

23.6       Managing Information Technology Changes. 

Chapter 24.      Concluding Remarks. 

24.1       Staying Secure in an Uncertain World. 

24.2       The Model is Important 

24.3       Zero Trust Architecture. 

24.4       Computing Efficiencies. 

24.5       Current Full ELS System.

24.6       Future Directions. 

References and Bibliography. 

Acronyms  419

View More



Dr. Kevin E. Foltz, Institute for Defense Analyses, has over a decade of experience working to improve security in information systems. He has presented and published research on different aspects of enterprise security, security modeling, and high assurance systems. He also has degrees in Mathematics, Computer Science, Electrical Engineering, and Strategic Security Studies.

Dr. William R. Simpson, Institute for Defense Analyses, has over two decades of experience working to improve systems security. He has degrees in Aeronautical Engineering and Business Administration, as well as undergoing military and government training. He spent many years as an expert in aeronautics before delving into the field of electronic and system testing, and he has spent the last 20 years on IT-related themes (mostly security, including processes, damage assessments of cyber intrusions, IT security standards, IT security evaluation, and IT architecture).