2013-09-18 CERIAS - Facebook: Protecting a billion identities without losing (much) sleep




Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 19, 2013

Recorded: 09/18/2013
CERIAS Security Seminar at Purdue University

Protecting a billion identities without losing (much) sleep

Mark Crosbie, Tim Tickel, Four Flynn, Facebook

The Facebook security team will share how we approach the securitychallenges involved in protecting the identities of over a billion userson our site. This talk is partly about our culture, and partly on how wetake a practical, risk-based approach to security. In the first part ofthe talk Mark Crosbie will give an overview of our culture, how we thinkabout security and what makes Facebook unique in the industry in thisregard. Then Tim Tickel and Four Flynn will give an in-depth look atFacebook's easy to use internal multi-factor authentication deployment.We will discuss our motivations, how our solution works, technical andsecurity trade-offs, deployment problems, and outstanding issues.

Mark Crosbie is head of information security for Facebook EMEA. His focusis on the areas of data protection, privacy, controlling access toinformation and intelligently managing risk for user data. He works withFacebook security, legal, policy and user operation teams worldwide onaddressing security challenges. Mark has 20 years experience ininformation security in multiple domains. Prior to joining Facebook Markled development of security policy for the IBM CIO where he also led ateam of ethical hackers who specialised in software penetration testing.Before joining IBM Mark was a member of the corporate security programoffice at Hewlett-Packard where he led a global program to delivere-Passport and national identity systems. Mark has done extensive work inthe areas of biometrics and intrusion detection, and holds numerouspatents on key security innovations. Mark graduated with an MsC fromPurdue University computer science under Prof. Gene Spafford in 1995, anda bachelors from Trinity College Dublin in 1993. Mark lives in Irelandwith his family and a very large pile of Lego.Tim Tickel is a security engineer specializing in enterprise securityand large-scale linux infrastructure. He currently works at Facebookwhere he spends much of his time solving auth problems at scale. Priorto Facebook, Tim worked as a security engineer at Google. Tim holds aMasters in Computer Science and Information Assurance from GeorgeWashington University and a Bachelors in Computer Science from PurdueUniversity.John "Four" Flynn is an expert in Information Security with over 10 yearsof experience in the field. At Google, he was the founder and leadarchitect of Google's innovative Intrusion Detection group which led tothe successful detection of the Aurora attack in December 2009. Four alsoled Google's Security Operations team where he pioneered innovativeapproaches to Enterprise IT Security. He is a technical advisor to both aprominent political campaign and a top tier Venture Capital firm. Fourholds a Masters in Computer Science and Information Assurance from GeorgeWashington University as well as a Bachelors in Computer Engineering fromthe University of Minnesota. Currently he works as a Security Engineer atFacebook. (Visit: www.cerias.purdue.edu)


to add this to Watch Later

Add to

Loading playlists...