Tim Morgan

Founder and Chief Technology Officer at DeepSurface Security

Tim Morgan is the founder and CTO of DeepSurface Security, an innovative new risk-based vulnerability management product that helps security teams gain a much deeper understanding of the complex relationships present in their digital infrastructures. After beginning his career as a software developer, he transitioned to a career in application security and vulnerability research and, over the last 24 years has worked as a penetration tester, digital forensics researcher and application security expert.

In addition to his day-to-day work, Tim has presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP’s AppSec USA, BSidesPDX, and BlackHat USA.

Presentation Abstract

Zero-Trust - The Paradigm Shift Required in a Post-pandemic World

The Biden administration’s May cybersecurity policy (Executive Order 14028) and mandate that all federal civilian executive branch agencies accelerate their pursuit of zero-trust architectures is a long-overdue step in the right direction. But practically implementing zero-trust requires a framework, infrastructure, and policies that will require significant perseverance to achieve. In the meantime, most companies will live in a hybrid world, incorporating zero-trust elements along with traditional “trusted” internal networks. How companies manage this transition will be critical to setting them up for both digital security and business success, or drastic failure.

In this session, Tim Morgan, CTO of DeepSurface Security and a former pentester and application security researcher will explore:

What we mean by “zero-trust” and how we can apply that mindset to different layers of the network, system, and application stack..
Answer the question “why now?” and discuss how this approach can actually be in better alignment with the operations of your organization PO,
What’s old is new again: how venerable technologies such as kerberos and public key cryptography have been misused and abused, leading to weakness in the implementations, but can easily be revitalized and repurposed in a zero-trust world.