Ken has always been interested in technology and criminal investigation, influenced by his uncle, an engineering executive, and his father, a detective. Kenneth Hartman’s first criminal forensic case was the 2008 murder trial of Charles Curtis Merriman. The case was unique because the alleged victim’s body was never found. As a result, the case left a big impression on him regarding the importance of digital forensics.
From 2002-2011, Ken helped launch and lead a company called Visonex. Visonex is a nationwide electronic medical record for dialysis patients. Visonex was the first Software-as-a-Service (SaaS) medical record solution. Before joining Visonex as the first non-founding employee, Kenneth worked for ten years at Kraft Foods as an Industrial Controls Engineer and Electrical Systems Manager, working on PLCs and SCADA systems for well-known products like Lunchables® and Oscar Mayer®.
After Visonex, Kenneth worked at Shopbop.com (an Amazon subsidiary) and OneNeck IT Solutions (a mid-size cloud provider) in Madison, Wisconsin, before moving to Silicon Valley. In the San Francisco Bay Area, Ken worked for Google, SAP Ariba, and Illumina—all the while working on the side as a confidential expert consultant on various digital forensic cases. While Ken was at Google, he wrote a SANS GIAC Gold Paper called “BitTorrent& Digital Contraband,” which summarized much of what was known publicly at the time regarding the technology used to investigate criminals distributing child sexually abusive media (CSAM).
While working as the leader of Illumina’s Cloud Security team, Ken helped develop and refine DFIR procedures for investigating security incidents on Amazon Web Services (AWS) Elastic ComputeCloud (EC2) virtual machines. This research led to another SANS GIAC Gold Paper, “Digital Forensic Analysis of Amazon Linux EC2 Instances.” This paper was the first publicly available guidance providing detailed steps for incident responders dealing with Amazon Linux virtual machines. Since publishing that paper in the SANS Reading Room in January 2018, the information has been updated and is available at https://forensicate.cloud.
In 2019, Ken left Illumina and transitioned into full-time independent security consulting to have more control over the type of projects he works on and to enable ample time for teaching and security research. An area of research interest for Ken is how to use cloud technologies, DevOps, and data science to automate the eDiscovery and forensic analysis processes. In 2022, Kenneth G. Hartman rebranded his consulting company as “Lucid Truth Technologies” to best reflect his passion for using cutting-edge technologies to advance his mission to “make the truth clear.”
Although he wanted to take a SANS course while still at Kraft in the late ’90s (thanks to the emails and brochures he’d been receiving), Ken’s first SANS course was MGT414: SANS Training Program for CISSP® Certification with Dr. Eric Cole in 2010. The class did not disappoint. He remembers seeing the energy, passion, and expertise of Dr. Cole and thought to himself, “I want to do that.”He mentored MGT414 twice and SEC401: SANS Security Essentials: Network, Endpoint, and Cloud once and promptly decided to enroll in the SANS Information Security Engineering master’s program. His application essay stated that his long-term goal was to become a Certified SANS Instructor. His words in that essay were, “As I have learned more about the SANS organization and have seen the caliber of the fellows and instructors, I knew that this was an organization that I wanted to be affiliated with.Serving as a mentor has helped to solidify this resolve and to make contacts that have validated my goals.” (8/25/2012).That decade-long goal was realized in mid-November 2019 when SANS promoted Ken to Certified Instructor after two years of teaching SEC545: Cloud Security Architecture and Operations (retired course).
The fact that Ken has worked for several cloud service providers in a variety of leadership and technical roles has equipped him to speak intelligently about the challenges facing today’s cloud security professionals. As the Cloud is rapidly evolving and constantly changing, innovation is frenetic. This requires cloud security professionals to continually upgrade their skills just to compete. This crucible brings the best and the brightest students to SANS courses. To add value and meet expectations, Ken is constantly upping his game – a challenge he loves. The Cloud is far too big for any one person to know everything about all cloud services or even those from a single provider. Instead of imparting facts or figures, Ken wants to teach students how to think holistically about cloud security from a perspective of risk management to help their organization achieve its mission. He wants to remove any trepidation students might have about jumping in, getting hands-on and tinkering with cloud technologies. He encourages his students to figure out what works and what doesn’t work the way it is expected to by experimentation and to leverage the self-service aspects of the cloud to chart their own adventures. Lastly, he wants to inspire students to share those learnings back with the cloud security community.
Ken was most satisfied when given opportunities to build high-performance cloud security teams with hand-picked folks he knew would coalesce around a common vision. “It was wonderful to create a climate where the team could grow, and each individual could become the best professional they aspired to be.” This is exactly the mentality he brings to his classroom. He teaches students to facilitate secure computing behaviors across their organization and not try to uphold the impossible role of the “cyber policeman.” Teaching students what to care about and what to focus on from a risk management perspective improves them as professionals while ensuring a stronger, safer organization.
Ken believes the biggest challenge students will face in cloud security is constant change. Every cloud service is being developed by semi-autonomous agile development teams. This means that the services they are using this month are slightly different from the same services they were using last month. Sometimes these changes break things. To boot, there are not enough trained security folks to adequately maintain a typical organization’s adoption of the cloud. Companies are rapidly moving to the cloud, but cyber security is generally an afterthought if it is considered at all. Ken shows students how to use and create automation to deal with the global scale of the cloud, while keeping them engaged with war stories of real-life situations he has encountered.
Ken holds a BS degree in Electrical Engineering from Michigan Technological University and a master’s degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, GCFA, GFCE, GWAPT, GCIH, GCIA, GSEC, GCCC, GCPM, as well as the GIAC Security Expert (GSE). Ken is also a Licensed PI in Michigan, as required by law to consult on criminal cases involving digital forensics.
While young at heart, Ken has also been around the block a few times and brings that sage wisdom from many lessons learned, often the hard way, to his classroom. When not working, Ken enjoys barbeques, boating, and riding his Harley with friends.
Here is a SANS Summit presentation by Kenneth G. Hartman:
ADDITIONAL CONTRIBUTIONS BY KENNETH G. HARTMAN
WEBCASTS AND VIDEOS
- BEWARE! Encryption Jedi Mind Trick, August 2023
- WORKSHOP: Docker Crash Course: How to Containerize Your Favorite Security Tools, June 2023
- Can You Really Be More Secure in the Cloud?, Nov 2022
- Head in the Clouds, short video series on SANS Cloud Security YouTube
- SANS 2022 Multicloud Survey: Exploring the World of Multicloud, Dec 2022
- Embrace Your Inner Hacker, June 2021
GIAC Gold Papers:
- Digital Forensic Analysis of Amazon Linux EC2 Instance, Jan 2018
- BitTorrent & Digital Contraband, May 2016
- What Every Tech Startup Should Know About Security, Privacy, and Compliance, Feb 2015
- Skype and Data Exfiltration, April 2014
- Understanding the Role of Trust in the Protection of Privacy, June 2012
- Auditing Essentials for Small Provider Organizations, Feb 2011
ARTICLES & PRESENTATIONS
- Data Protection in the Cloud, May 2019
- Digital Forensic Analysis of Amazon Linux EC2 Instance, Jan 2018
- Scripting_Cloud_Security_Capabilities, Nov 2017
- The Tyranny of the Urgent and the Transformational Security Leader, Nov 2016
- BitTorrent & Digital Contraband, March 2016
- What Every Tech Startup Should Know About Security, Privacy, and Compliance Feb 2015
- forensicate.cloud - an open source project devoted to the learning and communication of forensic tools and practices in the cloud
- torrentialdownpour.net – resources for the legal profession on the abuse of peer-to-peer networking technologies
- Personal Branding Workbook – A Guide for Infosec Professionals