While working as the leader of Illumina’s Cloud Security team, Ken helped develop and refine DFIR procedures for investigating security incidents on Amazon Web Services (EWS) Elastic Compute Cloud (EC2) virtual machines. This research led to a SANS GIAC Gold Paper, “Digital Forensic Analysis of Amazon Linux EC2 Instances.” This paper was the first publicly available guidance providing detailed steps for incident responders dealing with Amazon Linux virtual machines. Since publishing that paper in the SANS Reading Room in January 2018, the information has been updated and is available at https://forensicate.cloud. In 2019, Ken left Illumina and transitioned into full-time independent security consulting to have more control over the type of projects that he works on and to enable ample time for teaching and security research.
Like many others, Ken was initially intrigued by the mystique of hacking but as he learned more about the cyber security profession, he saw the high calling of protecting vulnerable sensitive information and helping his employers earn the trust of their customers by securing their information systems. Ken carries on that practice by helping his consulting clients do that, too. Professionally, Ken enjoys researching techniques to use the cloud to automate security workflows, particularly related to Digital Forensics & Incident Response (DFIR) and investigations into the abuse of peer-to-peer networking technology.
From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Prior to joining Visonex as the first non-founding employee, Kenneth worked for 10 years at Kraft Foods as an Industrial Controls Engineer and Electrical Systems Manager working on PLCs and SCADA systems for well-known products like Lunchables® and Oscar Mayer® Wieners.
Although wanting to take a SANS course while still at Kraft in the late 90’s, thanks to the emails and brochures he’d been receiving, Ken’s first SANS course was MGT414: SANS Training Program for CISSP® Certification with Dr. Eric Cole in 2010. The class did not disappoint. He remembers seeing the energy, passion, and expertise of Dr. Cole and thought to himself, “I want to do that.” He mentored MGT414 twice and SEC401: SANS Security Essentials Bootcamp Style once and promptly decided to enroll in the SANS Information Security Engineering master’s program. In his application essay, he stated that his long-term goal was to become a Certified SANS Instructor. His words in that essay were, “As I have learned more about the SANS organization and have seen the caliber of the fellows and instructors, I knew that this was an organization that I wanted to be affiliated with. Serving as a mentor has helped to solidify this resolve and to make contacts that have validated my goals.” (8/25/2012). That decade-long goal was realized in mid-November 2019, when SANS promoted Ken to Certified Instructor after two years of teaching SEC545: Cloud Security Architecture and Operations.
The fact that Ken has worked for a several cloud service providers in a variety of leadership and technical roles has equipped him to speak intelligently about the challenges facing today’s cloud security professional. As the Cloud is rapidly evolving and constantly changing, the pace of innovation is frenetic. This requires cloud security professionals to constantly upgrade their skills, just to compete. This crucible brings the best and the brightest students to SANS courses. To add value and meet expectations, Ken is continuously upping his game – a challenge he loves. The Cloud is far too big for any one person to know everything about all cloud services, or even those from a single provider. Instead of imparting facts or figures, Ken wants to teach students how to think holistically about cloud security from a perspective of risk management to help their organization achieve its mission. He wants to remove any trepidation students might have about jumping in, getting hands-on and tinkering with cloud technologies. He encourages his students to figure out what works and what doesn’t work the way it is expected to by experimentation and to leverage the self-service aspects of the cloud to chart their own adventures. Lastly, he wants to inspire students to share those learnings back with the cloud security community.
Ken was most satisfied when given the opportunity to build a high-performance cloud security team with hand-picked folks that he knew would coalesce around a common vision. “It was wonderful to create a climate where the team could grow, and each individual could become the best professional that they aspired to be.” This is exactly the mentality he brings to his classroom. He teaches students to facilitate secure computing behaviors across their organization and not try to uphold the impossible role of the “cyber policeman.” Teaching students what to care about and what to focus on from a risk management perspective improves them as professionals while ensuring a stronger, safer organization.
Ken believes the biggest challenge students will face in cloud security is the constant change. Every cloud service is being developed by semi-autonomous agile development teams. This means that the services they are using this month are slightly different than the same services they were using last month. Sometimes these changes break things. To boot, there are not enough trained security folks to adequately maintain a typical organization’s adoption of the cloud. Companies are rapidly moving to the cloud, but cyber security is generally an afterthought, if it is considered at all. Ken shows students how to use and create automation to deal with the global scale of the cloud.
Ken holds a BS degree in Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, GCFA, GFCE, GWAPT, GCIH, GCIA, GSEC, GCCC, GCPM, as well as the GIAC Security Expert (GSE). Ken is also a Licensed PI in Michigan, as required by law to consult on criminal cases involving digital forensics.
While young at heart, Ken has also been around the block a few times and brings that sage wisdom from many lessons learned, often the hard way, to his classroom. When not working, Ken enjoys barbeques, boating, and riding his Harley with friends.
Here is a SANS Summit presentation by Kenneth G. Hartman:
ADDITIONAL CONTRIBUTIONS BY KENNETH G. HARTMAN
The Best of Both Worlds: Cloud + SASE, June 2020
What To Do When Moving to The Cloud, March 2020
Scripting Cloud Security Capabilities, Nov 2017
GIAC Gold Papers:
- Digital Forensic Analysis of Amazon Linux EC2 Instance, Jan 2018
- BitTorrent & Digital Contraband, March 2016
- What Every Tech Startup Should Know About Security, Privacy, and Compliance, Feb 2015
- Skype and Data Exfiltration, April 2014
- Understanding the Role of Trust in the Protection of Privacy, June 2012
- Auditing Essentials for Small Provider Organizations, Feb 2011
ARTICLES & PRESENTATIONS
Data Protection in the Cloud, May 2019
Scripting_Cloud_Security_Capabilities, Nov 2017
BitTorrent & Digital Contraband, March 2016
forensicate.cloud - an open source project devoted to the learning and communication of forensic tools and practices in the cloud
torrentialdownpour.net – resources for the legal profession on the abuse of peer-to-peer networking technologies