Humbling Lessons from the Law of Computer Data

The SANS Institute recognized its longest-serving instructors. As you see, SANS gave me a nifty clock for 10+ years of service.

It is hard to overstate how rewarding work at SANS has been. I've felt like the only lawyer in a bustling frontier town.

Though I am far from being the only lawyer who works on IT security and computer forensics, teaching at SANS conferences has given me a privileged bird’s eye view of the field.

Many hundreds of students from institutions all over the world have come to my SANS class. Those five days of give-and-take education are unlike any other professional enrichment in the world. Each time I teach I learn new problems, new interpretations, new war stories.

Over these years, very few lawyers have been exposed to such an expanse of practical knowledge about computer security/ investigations. The exposure humbles me. Cyber law faces perplexing problems, and I acknowledge how few real "answers" I have to offer.

Learning By Listening

At SANS conferences I pick up much wisdom by osmosis. For example, lunch with other SANS faculty members is fascinating. The SANS faculty are top experts in their technical fields. I learn by just sitting at the lunch table and listening to these guys talk shop.

The Honor of Learning About Heartbleed!

One of my students @SyberSec sent out this tweet during class two weeks ago: “#leg523 Ben Wright thinks it is an honor to see us run around like headless chickens remediating the heartbleed vulnerability. " She was correct. As a mere lawyer, I marveled at how the security community reacted to heartbleed. 

The vulnerability emerged during our week-long SANS 2014 conference. The whole community swung into overdrive to address this thing, holding special panels, webcasts and so on. 

I learn much about the practical reality of security by living with these people when they have a problem. Very few lawyer or public-policy-types are able to witness the whole security community in this way. Security becomes less of a theoretical ideal that you read about in a book and more of a down-in-the trenches exercise of win and lose. 

So in class I told my students it was a distinct “honor” to see the community scramble as it was scrambling over heartbleed.
@SyberSec then interpreted my statement with her (accurate) tweet.

#cyberlaw #dfir #sansinstitute
Photo
Shared publiclyView activity