Track 3
4 Feb 2022 3:00 PM - 4:00 PM

That’s what Daniel was told in May 2020, two months after starting a new job. In this talk, he’ll share the inside experience of how a small team of (mostly government!) infosec folks worked to secure the entire vaccine development, distribution, and supply chain, and the key takeaways for the larger infosec community from this crazy (and surprisingly successful) experience.

This talk will cover a few key topics. First, Daniel will share the overall story of the operation, some of the (nation state) attacks they saw, and how the team were able to help harden literally dozens of companies in a matter of months. He’ll cover the critical role that the infosec/hacker community played, between collaboration with CTI League and industry partners, as well as an effective use of bug bounties to rapidly secure a plethora of questionable apps developed by contractors. He’ll explain some of the problems and promises that industry faces when collaborating with government, from what role each agency plays to some of the barriers that were overcome. And he’ll dive into the vaccine supply chain and its vulnerabilities, and how badly we need the larger infosec community to help harden this rapidly ‘techifying’ space before the next bio-catastrophe hits.

Daniel Bardenstein
Tech Policy Fellow at the Aspen Institute, Partner at Foresight Partners.
@bardenstein

Daniel Bardenstein is just trying to help make the world be even just a little more secure. As a Tech Policy Fellow at the Aspen Institute, he is focusing on policies to improve cybersecurity across the energy sector and incentivize IoT manufacturers to natively secure their devices. At Foresight Partners, he volunteers infosec and disinformation training and support to political campaigns. At DoD's Defense Digital Service, Daniel led efforts including cybersecurity for the COVID-19 vaccines, the Hack the Pentagon program, and research into OT/ICS/SCADA security. Before government, he worked in the private sector, where he built tools to make security teams’ lives easier. Daniel also holds certifications as a GCFA (Windows Memory Forensics) and, begrudgingly, a CISSP, as well as a patent on network anomaly detection. When not learning about some new security issue, Daniel tries to unwind by playing drums, hiking with his dog (Bowie), and baking banana bread.