Kenneth Hartman

Kenneth G. Hartman is a security consultant based in Traverse City, Michigan. Ken’s motto is “I help my clients earn and maintain the trust of their customers in its products and services.” Toward this end, he consults on a comprehensive program portfolio of technical security initiatives focused on securing client data in the public cloud. Ken has worked for a variety of Cloud Service Providers in both the Midwest and Silicon Valley in architecture, engineering, compliance, and security product management roles. An instructor for SEC545: Cloud Security Architecture and Operations and SEC488: Cloud Security Essentials, Ken has also been the co-chair of the 2019 SANS Cloud Security Operations Solutions Forum, the 2019 and 2020 SANS Cloud & DevOps Security Summits.

More About Kenneth
Specialties

Profile

While working as the leader of Illumina’s Cloud Security team, Ken helped develop and refine DFIR procedures for investigating security incidents on Amazon Web Services (EWS) Elastic Compute Cloud (EC2) virtual machines. This research led to a SANS GIAC Gold Paper, “Digital Forensic Analysis of Amazon Linux EC2 Instances.” This paper was the first publicly available guidance providing detailed steps for incident responders dealing with Amazon Linux virtual machines. Since publishing that paper in the SANS Reading Room in January 2018, the information has been updated and is available at https://forensicate.cloud.  In 2019, Ken left Illumina and transitioned into full-time independent security consulting to have more control over the type of projects that he works on and to enable ample time for teaching and security research.

Like many others, Ken was initially intrigued by the mystique of hacking but as he learned more about the cyber security profession, he saw the high calling of protecting vulnerable sensitive information and helping his employers earn the trust of their customers by securing their information systems. Ken carries on that practice by helping his consulting clients do that, too. Professionally, Ken enjoys researching techniques to use the cloud to automate security workflows, particularly related to Digital Forensics & Incident Response (DFIR) and investigations into the abuse of peer-to-peer networking technology.

From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Prior to joining Visonex as the first non-founding employee, Kenneth worked for 10 years at Kraft Foods as an Industrial Controls Engineer and Electrical Systems Manager working on PLCs and SCADA systems for well-known products like Lunchables® and Oscar Mayer® Wieners.

Although wanting to take a SANS course while still at Kraft in the late 90’s, thanks to the emails and brochures he’d been receiving, Ken’s first SANS course was MGT414: SANS Training Program for CISSP® Certification with Dr. Eric Cole in 2010. The class did not disappoint. He remembers seeing the energy, passion, and expertise of Dr. Cole and thought to himself, “I want to do that.”  He mentored MGT414 twice and SEC401: SANS Security Essentials Bootcamp Style once and promptly decided to enroll in the SANS Information Security Engineering master’s program. In his application essay, he stated that his long-term goal was to become a Certified SANS Instructor. His words in that essay were, “As I have learned more about the SANS organization and have seen the caliber of the fellows and instructors, I knew that this was an organization that I wanted to be affiliated with.  Serving as a mentor has helped to solidify this resolve and to make contacts that have validated my goals.” (8/25/2012).  That decade-long goal was realized in mid-November 2019, when SANS promoted Ken to Certified Instructor after two years of teaching SEC545: Cloud Security Architecture and Operations.

The fact that Ken has worked for a several cloud service providers in a variety of leadership and technical roles has equipped him to speak intelligently about the challenges facing today’s cloud security professional.  As the Cloud is rapidly evolving and constantly changing, the pace of innovation is frenetic. This requires cloud security professionals to constantly upgrade their skills, just to compete. This crucible brings the best and the brightest students to SANS courses. To add value and meet expectations, Ken is continuously upping his game – a challenge he loves. The Cloud is far too big for any one person to know everything about all cloud services, or even those from a single provider. Instead of imparting facts or figures, Ken wants to teach students how to think holistically about cloud security from a perspective of risk management to help their organization achieve its mission. He wants to remove any trepidation students might have about jumping in, getting hands-on and tinkering with cloud technologies.  He encourages his students to figure out what works and what doesn’t work the way it is expected to by experimentation and to leverage the self-service aspects of the cloud to chart their own adventures. Lastly, he wants to inspire students to share those learnings back with the cloud security community. 

Ken was most satisfied when given the opportunity to build a high-performance cloud security team with hand-picked folks that he knew would coalesce around a common vision. “It was wonderful to create a climate where the team could grow, and each individual could become the best professional that they aspired to be.”  This is exactly the mentality he brings to his classroom. He teaches students to facilitate secure computing behaviors across their organization and not try to uphold the impossible role of the “cyber policeman.”  Teaching students what to care about and what to focus on from a risk management perspective improves them as professionals while ensuring a stronger, safer organization. 

Ken believes the biggest challenge students will face in cloud security is the constant change.  Every cloud service is being developed by semi-autonomous agile development teams. This means that the services they are using this month are slightly different than the same services they were using last month. Sometimes these changes break things. To boot, there are not enough trained security folks to adequately maintain a typical organization’s adoption of the cloud. Companies are rapidly moving to the cloud, but cyber security is generally an afterthought, if it is considered at all.  Ken shows students how to use and create automation to deal with the global scale of the cloud.

Ken holds a BS degree in Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, GCFA, GFCE, GWAPT, GCIH, GCIA, GSEC, GCCC, GCPM, as well as the GIAC Security Expert (GSE). Ken is also a Licensed PI in Michigan, as required by law to consult on criminal cases involving digital forensics.

While young at heart, Ken has also been around the block a few times and brings that sage wisdom from many lessons learned, often the hard way, to his classroom.  When not working, Ken enjoys barbeques, boating, and riding his Harley with friends.

Here is a SANS Summit presentation by Kenneth G. Hartman:


ADDITIONAL CONTRIBUTIONS BY KENNETH G. HARTMAN

WEBCASTS
The Best of Both Worlds: Cloud + SASE, June 2020

What To Do When Moving to The Cloud, March 2020

Scripting Cloud Security Capabilities, Nov 2017


PUBLICATIONS

GIAC Gold Papers:

HIMSS Whitepapers:

Blogs:

ARTICLES & PRESENTATIONS

Data Protection in the Cloud, May 2019

Digital Forensic Analysis of Amazon Linux EC2 Instance, Jan 2018

Scripting_Cloud_Security_Capabilities, Nov 2017

The Tyranny of the Urgent and the Transformational Security Leader, Nov 2016

BitTorrent & Digital Contraband, March 2016

What Every Tech Startup Should Know About Security, Privacy, and Compliance   Feb 2015


MORE

www.kennethghartman.com

forensicate.cloud - an open source project devoted to the learning and communication of forensic tools and practices in the cloud

torrentialdownpour.net – resources for the legal profession on the abuse of peer-to-peer networking technologies

Personal Branding Workbook – A Guide for Infosec Professionals