As an English major, Tony Turner used to build websites for beer money. He never intended on a career in technology but rolled into it in the 1990s when only a few people could do the work he found easy and exciting. Tony suffered from multiple malware incidents that made his life as an IT admin difficult, so he learned more about how adversaries operate to better understand how to defeat them.
“I’ve always been extremely focused on identifying the root cause of issues and tackling the hard problems,” Tony says. A major catalyst in his career was the SWL Slammer infection in 2003, which prompted him to re-evaluate his career trajectory. “Shortly after that, I attended my first SANS course, and the rest is history.”
Tony’s passion lies in solution development; his empathy for the cyber defender drives everything he does. He has had various roles in his career, giving him the benefit of seeing the problems in the industry from a variety of perspectives. “My experience over the last few decades, dissecting the security problems that plague our industry, and designing new approaches that defy current conventional logic, is enriching to me,” he says. Opswright, the company he founded, helps address challenges with “insecure by design” by embedding security into engineering workflows to resolve the lack of time and knowledge that engineers face when designing new systems for critical infrastructure.
Challenging assumptions is Tony’s second nature. He believes in teaching through understanding. “By dissecting the problem and evaluating multiple approaches, we can start to gain actionable understanding about how to address the problem,” he says. This means students will always be able to rely on Tony to bring real-world and actionable perspectives to the classroom.
According to Tony, the biggest challenge for cybersecurity professionals is that sometimes it can be hard to understand what to do about all the risks they identify. “Meaning that vendor risk issues are mostly the domain of the vendor to resolve, and technical security operators may suffer from a lack of soft skills needed to engage with vendor relationship people, contracting, and other areas of the business to action those risks.”
The good news is that risk can typically be mitigated through technical means, but it requires a great deal of internal and external coordination, which may pose a challenge for some people. These topics are covered in Tony’s upcoming course, SEC547 Defending Product Supply Chains, including strategies for engagement with stakeholders.
In addition to being a SANS instructor, Tony is also the OWASP Orlando Chapter Founder and Lead as well as the Security B-Sides Orlando Founder and Past President. He also takes part in CWE/CAPEC ICS/OP Special Interest Group, ISA99 WG 14 for OT Profiles in Electric Power, is the chief editor for cyberinformedengineering.com wiki, CISA SBOM Working Groups, is an SBOM Forum Member, and co-authored Software Transparency, published by Wiley Press.
In his spare time, he is an avid martial artist with multiple state and national championships in Tae Kwon Do, a competitive swimmer, and a first-class Star Wars and Marvel Comics nerd. In addition, he remains a hobbyist in many technical domains, constantly pushing the boundaries of what is possible. “But these days, I mostly enjoy spending time with my family and our menagerie of wild animals and watching rocket launches from our beachside home in Florida.”
ADDITIONAL CONTRIBUTIONS BY TONY TURNER
Tony has spoken at S4, DerbyCon, B-Sides, and many other events.