Jeffrey James Bryan Carpenter

• General technical knowledge covering a wide variety of technical areas
• Specific technical knowledge on computer and network security issues
• Excellent critical thinking, analysis and problem solving skills
• Ability to communicate complex technical information both orally and in writing to both technical and non-technical audiences
• Find common ground among divergent views
• Take pride in producing high quality work
• Prioritize tasks and meet deadlines, including under pressure
• Excellent capability to support or manage crisis situations
• Work as part of a team or independently
• Mentor staff and ensure staff receive opportunities to grow
• Motivate others to work towards an objective
• Handle politically sensitive matters or matters requiring confidentiality
• Develop public relations messaging and conducting news media interviews
• Effective public speaker

CERT Coordination Center, Software Engineering Institute at Carnegie Mellon University, 1995-present

Created in 1988 after the first major internet worm, the Morris Worm, the CERT/CC works globally with those with national or economic security or critical infrastructure protection missions to protect critical systems, data, and infrastructure from cyber attacks. It focuses on technical issues relating to internet security by focusing on helping technology professionals better manage and defend their information technology and assets, and working with vendors to address security issues at the end of the software development life cycle.  

Technical Manager of the CERT/CC (2000-present)

Grew and managed a group from 10 to 32 employees ($4M to $12M/year budget) that is focused on working with industry, government, and academia to protect national and economic security and critical infrastructure by helping technology managers better protect their IT assets and manage cyber security risk.

• Managed a technical program of work including vulnerability, incident, network traffic, and malicious code analysis; creation of Computer Security Incident Response Teams (CSIRTs), and secure coding. Work includes operational analysis and applied research.
• Led the team that created (and still operates) the Department of Homeland Security’s (DHS) National Cyber Alert System (NCAS) in 2003.
• Assisted numerous countries in the creation of National CSIRTs. Supported international CSIRT outreach including through APEC TEL, OAS, FIRST, IWWN and ENISA. Created the phrase and concept, “CSIRT with National Responsibility” to describe a capability a nation or economy needs to protect national and economic security and critical infrastructure by managing the risk from cyber threats.
• Created and hosted five annual workshops for the technical staff of all National CSIRTs attended by approximately 70 people representing 30 countries.
• Negotiated a three-year, $23M contract with the DoD to be a strategic partner with the Defense Cyber Crime Center to support their DoD/Defense Industrial Base Collaborative Information Sharing Environment (DCISE), a program designed to work with defense contractors to better protect DoD sensitive but unclassified information from our adversaries.
• Created the malicious code analysis team to develop cutting edge tools, techniques, and training to make reverse engineers more effective and promote collaboration amongst those in the reverse engineering community.
• Led the development of relationships with more than 800 software vendor security teams or points of contact to coordinate the handling of software vulnerabilities.
• Successfully integrated law enforcement agents from the USSS and FBI into CERT/CC operations to support law enforcement technical investigative needs.
• Created a vulnerability discovery program to develop tools and techniques vendors can use in Q/A processes, and to increase collaboration in the vulnerability discovery community.
• Collaborated with customers with significant national and economic security missions involving cyber security, helping them meet their goals, including DHS, DoD, CIA, NSA, USSS, FBI, GSA, ictQatar, and JPCERT.

• Provided technical advice to organizations reporting incidents to the CERT/CC while CERT/CC served the role of incident response team of last resort. Reviewed submitted data including network and system logs, advised on how to determine what happened, how to recover, and how to prevent further attacks.
• Authored CERT Advisories and other documents on current incident threats based on incident reporting and information sharing with other organizations.
• Conducted outreach to technical and non-technical people on current threats, intruder activity, defenses, and best security practices in systems and network administration.
• Participated in the creation and operation of FedCIRC, the CSIRT for U.S. Government agencies before the creation of DHS.
• As team leader, led team of eight analysts in managing work flow, products, process improvements, and tool development.

Computing and Information Services (Computer Center), University of Pittsburgh

Systems Analyst (1988-1995)

• Lead system administrator for central network services including email, DNS, and file service, overseeing a team of five system administrators. Responsible for needs and capacity planning.
• Served on the team that developed a distributed UNIX-based computing infrastructure at the university. Developed a distributed architecture used to manage software installation and maintenance with minimum staff resources. The system was used to manage servers providing network services, faculty and staff desktop computers, and computing lab computers.
• On call to answer questions and problems in all supported environments. Performed initial diagnosis through observations and discussions with users. Problems were then resolved through consultation with other staff members. Voluntarily served as user consultant for Academic Computing’s help desk.
• Conducted investigations into security problems including serving as a liaison with other organizations and law enforcement. Evaluated the security exposure for services.
• Conducted training on new and existing services and wrote technical documentation on network services such as the infrastructure of the university network.

Establishing a National Computer Security Incident Response Team, John Haller, Jeffrey Carpenter, and Julia Allen. A podcast in CERT’s Podcast Series: Security for Business Leaders, August 19, 2010.

Tackling Security at the National Level: A Resource for Leaders, Jeffrey Carpenter and Julia Allen, August 7, 2007.  

Practical and Procedural Methods for Protecting Against Cybercrime and Cyber Fraud, and What’s next: Developing an Egyptian Computer Emergency Response Team Center, Jeffrey Carpenter. Electronic Signature And Information Security Conference; Cairo, Egypt, 2006.  

Vulnerabilities and Software Assurance, Jeffrey Carpenter. CN-CERT Conference; Beijing, China, 2005.

Public-Private Cooperation in operation and Functions of CSIRTs, Jeffrey Carpenter. Organization of American States, Inter-American Committee Against Terrorism, Meeting of Government Cyber Security Practitioners; Sao Paulo, Brazil, 2005.

Incident Handling and Network Monitoring, Jeffrey Carpenter. APEC TEL Incident Response and Forensics Workshop; Hong Kong, 2004.

Creating a National Alerting and Reporting Service,, Nienke van den Berg, Jeffrey Carpenter, and Graham Ingram. FIRST Conference; Ottawa, Canada, 2003.

CSIRTs: USA Experience and Future Trends, Jeffrey Carpenter. APEC TEL 27; Kuala Lumpur, Malaysia, 2003.

Vulnerability Handling: Analysis, Coordination, and Ethical/Legal Issues, Jeffrey Carpenter. AusCERT Conference; Gold Coast, Australia, 2003.

ISP Security Issues, Jeffrey Carpenter. OPASTCO ISP Workshop; Chicago, Illinois, April 12, 2002.

Computer Security Issues that Affect Federal, State, and Local Governments and the Code Red Worm, Jeffrey Carpenter. Testimony before the House of Representatives Committee on Government Reform, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, August 29, 2001.

CERT Advisory CA-2001-11 sadmind/IIS Worm, Chad Dougherty, Shawn Hernan, Jeff Havrilla, Jeff Carpenter, Art Manion, Ian Finlay, John Shaffer. Published May 08, 2001.

CERT Advisory CA-2000-03 Continuing Compromises of DNS servers, Jeffrey Carpenter. Published April 26, 2000.

Welcome To The Big City: Incident Reporting Helps the CERT™ Coordination Center Keep Pace with a Rapidly Expanding Internet, Jeffrey Carpenter. USENIX ;login: Magazine, published November 1999.

BIND Activity of March-June 1998, Jeffrey Carpenter and Shawn Hernan. FIRST Conference; Brisbane, Australia, 1999; and NISSC; Washington, DC, 1999.

Will the Real Owner of this IP Address, Please Stand Up? Jeffrey Carpenter and Brian Dunphy. Presented at the FIRST Conference; Brisbane, Australia, 1999.

Infrastructure: A Prerequisite for Effective Security, Bill Fithen, Steve Kalinowski, Jeffrey Carpenter, and Jed Pickel. USENIX LISA; Boston, MA, 1998.

Tackling the Infrastructure Problem, Jeffrey Carpenter and Jed Pickel. FIRST Conference; Monterrey, Mexico, 1998.

How the Domain Name System (DNS) Plays a Role in Incident Response, Jeffrey Carpenter and Brian Dunphy. FIRST Conference; Monterrey, Mexico, 1998.