Keith began his career in January 1985 with the U.S. Air Force and was assigned to manage and secure crypto keys and codes. While stationed at Hickam AFB in Hawaii and working in the Headquarters Pacific Air Forces crypto shop, one day he opened a box and told the Chief Master Sergeant, "I think this is a computer or something". He was told to figure out how to make it do something useful, he opened the manual and the rest is history. The Air Force was one of the first organizations to create a computer security program, which Keith was a part of. He has witnessed and was part of the dawn of the cybersecurity industry.
Following the Air Force, Keith joined AT&T/Lucent as a Senior Security Architect working on engagements with the DoD and the National Security Agency. Later, as Security Consulting Practice Manager for Sprint, Keith built and ran the second largest security consulting practice of its time. He was responsible for all Sprint security consulting worldwide and for leading dozens of security professionals on many consulting engagements across all business spectrums.
Keith has taught for various other organizations over the years and genuinely enjoys teaching. Early in his teaching career, he witnessed many "certification mills" - Classes designed to teach people how to pass a certification, but not how to be a security practitioner. He then sat through a few SANS classes, and the difference was apparent. SANS is an organization that was not merely spewing facts, but were passing on knowledge, ability, and skills. He decided that if he were going to teach, he wanted to teach for the best - for an organization that was making a difference in the world.
Keith is now the author and lead instructor of SEC301 - Introduction to Cyber Security. Over 98% of the students in that course are not only in their first security course; they are in their very first professional level Information Technology course. They are indeed at the beginning of their journey into Cyber Security. A former boss once told him that one of his strongest skills was taking extremely complex topics and explaining them in straightforward ways that anyone can understand. This is a skill that he brings to both writing and teaching SEC301. His experience in actively doing cybersecurity for over 35 years is a major contributing factor to the success of SEC301. He has seen A LOT in that time and passes that experience along to students. He gets to teach based on his experience and let them learn from his successes and failures.
The acceleration of technological change is probably the biggest challenge his students face. Cybersecurity has always evolved and will continue to do so, and Keith helps the students deal with this by making sure they are grounded in the fundamentals. Those fundamentals have not changed and never will. There is a reason that the first content slide of SEC301 explains the "Principle of Least Privilege", and the second explains "Confidentiality, Integrity, and Availability". He also wrote an @Night talk called the “14 Absolute Truths of Security”. These are things that never change about cybersecurity because they are the basic fundamental principles. If you understand the fundamentals really well, you can deal with the changes to technology much more easily.
In addition to teaching, authoring and running his security consulting business, Keith divides his remaining time between freelance writing and his family. He is an avid reader and also enjoys shooting skeet, trap and woodworking – and notes his specialty is making sawdust. The man is known for his Dad Jokes - several of which make their way into the classroom.
ADDITIONAL CONTRIBUTIONS BY KEITH PALMGREN:
SANS@MIC - The 14 Absolute Truths of Security, July 2020
SANS@MIC - CYA by Using CIA -- Correctly for a Change, June 2020
Introduction to SANS SEC301, June 2020
Blog: Instructor Spotlight: Keith Palmgren