David Venable

Last updated

David Venable
DaveVenable.jpg
Born (1978-01-11) January 11, 1978 (age 46)
Little Rock, Arkansas, U.S.
NationalityAmerican
EducationDoctor of Information Security, International Scientific and Technical University (h.c.)
Occupation(s)Intelligence Officer
Cyber Security
Author
Speaker
Espionage activity
AllegianceFlag of the United States.svg  United States of America
Service branch Seal of the U.S. National Security Agency.svg National Security Agency
U.S. Department of State official seal.svg Department of State

David "Dave" Venable (born January 11, 1978) is a former intelligence officer with the United States National Security Agency, and current cyber security professional and businessman. [1] [2] He is an author and speaker on the topics of cyber security, cyberwarfare, and international security; has developed security-related internet protocols; [3] [4] [5] [6] [7] is a US patent holder; [8] and has been named as one of the most influential people in security. [9]

Contents

Early life and education

Venable was born in and grew up in Little Rock, Arkansas, and later attended the University of Arkansas, majoring in mathematics. After college, he joined the United States Air Force and studied Korean at the Defense Language Institute in Monterey, California, a Department of Defense educational and research institution which provides linguistic and cultural instruction to the DoD and other Federal Agencies. Venable has also pursued graduate education in mathematics at the University of Texas, and international relations at Harvard University. [2] [10]

Career

Until 2005 Venable served in several intelligence roles with the National Security Agency, including Computer Network Exploitation, Cyberwarfare, Information Operations, and Digital Network Intelligence in support of global anti-terrorism operations. He has also taught about these subjects while serving as adjunct faculty at the National Cryptologic School, a school within the National Security Agency that provides training to members of the United States Intelligence Community. [2] [11] [12]

After leaving federal service Venable founded and served as CEO of Vanda Security, a Dallas-based security consultancy, which ultimately became the security professional services practice of Comcast Business Masergy, where he served as CISO for eight years. Venable regularly speaks at industry and government conferences including Black Hat Briefings and the Warsaw Security Forum, serves as a cyber security expert with think tanks and policy research institutes, serves on The Colony, Texas technology board, and is a cybersecurity expert and speaker with the United States Department of State. [13] [14] [15] [16] [17] [18]

Bibliography

Venable frequently contributes to and appears in Forbes , BBC , Harvard Business Review , Bloomberg Businessweek , InformationWeek , IDG Connect, and other media outlets in matters pertaining to cyber security, cyberwarfare, and international security. [10] [19] [20] [21]

Patents

USpatent 10469482,Venable, David,"Encrypted data retrieval systems and methods to provide access to encrypted data",issued 2019-11-05, assigned to Masergy, Inc. 

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Ransomware is a type of cryptovirological malware that permanently block access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem, and difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

<span class="mw-page-title-main">Eugene Kaspersky</span> Russian specialist in the information security field

Yevgeny Valentinovich Kaspersky is a Russian cybersecurity expert and the CEO of Kaspersky Lab, an IT security company with 4,000 employees. He co-founded Kaspersky Lab in 1997 and helped identify instances of government-sponsored cyberwarfare as the head of research. He has been an advocate for an international treaty prohibiting cyberwarfare.

<span class="mw-page-title-main">Narus Inc.</span> U.S. technology company

Narus Inc. was a software company and vendor of big data analytics for cybersecurity.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Mandiant is an American cybersecurity firm and a subsidiary of Google. It rose to prominence in February 2013 when it released a report directly implicating China in cyber espionage. In December 2013, Mandiant was acquired by FireEye for $1 billion, who eventually sold the FireEye product line, name, and its employees to Symphony Technology Group for $1.2 billion in June 2021.

<span class="mw-page-title-main">DB Networks</span>

DB Networks is a privately held Information Security company founded in the United States The company is headquartered in San Diego, California, and its regional offices are located in Palo Alto, California and Seattle, Washington.

The CryptoLocker ransomware attack was a cyberattack using the CryptoLocker ransomware that occurred from 5 September 2013 to late May 2014. The attack utilized a trojan that targeted computers running Microsoft Windows, and was believed to have first been posted to the Internet on 5 September 2013. It propagated via infected email attachments, and via an existing Gameover ZeuS botnet. When activated, the malware encrypted certain types of files stored on local and mounted network drives using RSA public-key cryptography, with the private key stored only on the malware's control servers. The malware then displayed a message which offered to decrypt the data if a payment was made by a stated deadline, and it threatened to delete the private key if the deadline passes. If the deadline was not met, the malware offered to decrypt data via an online service provided by the malware's operators, for a significantly higher price in bitcoin. There was no guarantee that payment would release the encrypted content.

Bureau 121 is a North Korean cyberwarfare agency, and the main unit of the Reconnaissance General Bureau of North Korea's military. It conducts offensive cyber operations, including espionage and cyber-enabled finance crime. According to American authorities, the RGB manages clandestine operations and has six bureaus.

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR), a view shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Cyber threat intelligence (CTI) is knowledge, skills and experience-based information concerning the occurrence and assessment of both cyber and physical threats and threat actors that is intended to help mitigate potential attacks and harmful events occurring in cyberspace. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is a Greek American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

Nyotron is an information-security company. It was established in 2009 by brothers Nir and Ofer Gaist. Nir Gaist is the CTO, and Sagit Manor became the CEO in 2017. The company is based in Santa Clara, CA, with an R&D office in Herzliya, Israel.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian, who target organizations rather than individual consumers.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. It is thought that they have been able to hack and extort money from around 90 companies in the USA alone. The group provides ransomware as a service.

<span class="mw-page-title-main">Ilya Sachkov</span> Russian entrepreneur

Ilya Sachkov is a Russian cybersecurity expert and founder and CEO of Group-IB, a cybersecurity company specialising in the detection and prevention of cyberattacks. He received an award from Russian President Vladimir Putin for his work in 2019. In September 2021, he was detained by the Russian government's Federal Security Service on treason charges.

Phil Venables is a computer scientist who has been the chief information security officer (CISO) at Google Cloud since 2020. He specializes in information and cyber security, as well as enterprise risk and technology risk. Previous to Venable's position at Google, he held a number of roles at Goldman Sachs and served on the Board of Goldman Sachs Bank. Since 2021, he has also been a member of the President’s Council of Advisors on Science and Technology (PCAST).

References

  1. Geer, David. "Why are there still so many website vulnerabilities?". CSO Online. CSO. Archived from the original on December 5, 2018. Retrieved October 19, 2016.
  2. 1 2 3 "Black Hat Europe 2016". blackhat.com. Retrieved October 19, 2016.
  3. Bruen, Garth (2016). WHOIS Running the Internet: Protocol, Policy, and Privacy. New York: John Wiley & Sons. pp. 132–133. ISBN   978-1-118-67955-5 . Retrieved October 19, 2016.
  4. Venable, David. "Ransomware: Why you mustn't pay the ransom". IDG Connect.
  5. Venable, David. "State-Sponsored Cybercrime: A Growing Business Threat". Dark Reading. Retrieved October 19, 2016.
  6. "The Exploitation Game". Computing Security. BTC.
  7. Alvarez, Dean (June 6, 2016). "Q&A with David Venable". IT Security Guru.
  8. "US Patent for Encrypted data retrieval systems and methods to provide access to encrypted data Patent (Patent # 10,469,482 issued November 5, 2019) - Justia Patents Search". patents.justia.com.
  9. "Security's Most Influential People in Security 2019 - David Venable". www.securitymagazine.com. September 1, 2019.
  10. 1 2 "David Venable - Authors & Columnists". InformationWeek. Archived from the original on September 16, 2021. Retrieved October 20, 2016.
  11. Solomon, Howard. "Web vulnerabilities need to be stamped out". IT World Canada. IT World Canada. Retrieved October 21, 2016.
  12. Howlett, William IV (June 2016). "The Rise of China's Hacking Culture: Defining Chinese Hackers". Electronic Theses, Projects, and Dissertations. (383): 6. Retrieved October 21, 2016.
  13. ढुंगाना, कृष्ण. "अमेरिका नेपाललाई साईबर सुरक्षामा सहयोग गर्न तयार छः डेब भेनावेल (अन्तर्वार्ता)". NepalKhabar.
  14. "Speakers". Warsaw Security Forum.
  15. "Team and partners". Strategikon. Archived from the original on October 15, 2016. Retrieved October 19, 2016.
  16. Baker, Pam. "Cyberwar Part 1: What IT Can Do To Survive". InformationWeek. Retrieved October 19, 2016.
  17. Winder, Davey (June 3, 2016). "The rise and rise of ransomware". SC Magazine UK. Retrieved October 19, 2016.
  18. "Technologies Board". thecolonytx.gov. Archived from the original on December 1, 2016. Retrieved October 19, 2016.
  19. Venable, David; McCown, Brigham. "China On The March: Cybersecurity And Hidden Risks". Forbes.
  20. Ward, Matthew Wall and Mark (May 19, 2017). "WannaCry: What can you do to protect your business?". BBC News.
  21. Lawrence, Dune. "North Korea's Bitcoin Play". www.bloomberg.com. Bloomberg Businessweek.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.