As an English major, Tony Turner used to build websites for beer money. He never intended a career in technology but rolled into it in the 1990s when only a few people could do the work he found easy and exciting. Tony suffered from multiple malware incidents that made his life as an IT admin difficult, so he learned more about how adversaries operate to better understand how to defeat them.
“I have a bit of a sick mind and this way, I could think evilly but do so with a positive intent,” Tony says. A major catalyst in his career was the SWL Slammer infection in 2003, which prompted him to re-evaluate his career trajectory. “Shortly after that, I attended my first SANS course, and the rest is history.”
Tony’s passion lies in solution development; his empathy for the cyber defender drives everything he does. He has had various roles in his career, giving him the benefit of seeing the problems in the industry from a variety of perspectives. “My experience over the last few years, dissecting the security problems that plague our industry, and designing new approaches that defy current conventional logic, is enriching to me,” he says. Opswright, the company he founded, helps address the shortage of security engineering talent pool through the automation of consequences-oriented mission alignment and threat-informed defense.
Challenging assumptions is Tony’s second nature. He believes in teaching through understanding. “By dissecting the problem and evaluating multiple approaches, we can start to gain actionable understanding about how to address the problem,” he says. This means students will always be able to rely on Tony to bring real-world and actionable perspectives to the classroom.
According to Tony, the biggest challenge for cybersecurity professionals is that sometimes it can be hard to understand what to do about all the risks they identify. “Meaning that vendor risk issues are mostly the domain of the vendor to resolve, and technical security operators may suffer from a lack of soft skills needed to engage with vendor relationship people, contracting, and other areas of the business to action those risks.”
The good news is that risk can always be mitigated through technical means, but it requires a great deal of internal and external coordination, which may pose a challenge for some people. These topics are covered in Tony’s upcoming course, SEC547 Defending Product Supply Chains, including strategies for engagement with stakeholders.
In addition to being a SANS instructor, Tony is also the OWASP Orlando Chapter Founder and Lead as well as the Security B-Sides Orlando Founder and Past President. He also takes part in CWE/CAPEC ICS/OP Special Interest Group, CISA SBOM Working Groups, is an SBOM Forum Member, and co-authored Software Transparency, published by Wiley Press.
In his spare time, he is an avid martial artist with multiple state and national championships in Tae Kwon Do, a competitive swimmer, and a first-class Star Wars and Marvel Comics nerd. In addition, he remains a hobbyist in many technical domains, constantly pushing the boundaries of what is possible. “But these days, I mostly enjoy spending time with my family and our menagerie of wild animals and watching rocket launches from our beachside home in Florida.”
ADDITIONAL CONTRIBUTIONS BY TONY TURNER
Tony has spoken at S4, DerbyCon, B-Sides, and many other events.