The international non-profit, security research institute ISECOM has chosen Indianapolis as their U.S. base for projects and research. ISECOM is best known for freely providing the OSSTMM, a worldwide standard methodology for security testing which is used to hack computer systems, trick people, and get around home security sensors and alarms to test their effectiveness.
Indiana native, Chris Griffin, is responsible for getting ISECOM to come here. Griffin got involved with ISECOM in 2004 as a volunteer and worked his way to being a core team member where he assisted writing the Hacking Exposed Linux third edition. He then took the next step and flew to Barcelona, Spain, for a “train the trainer” session where security experts fly in from all over the world to attend an extremely intensive 3 day bootcamp of 16 hour days to pass 4 exams of 4 hours each. Certified in security testing and analysis, this qualified Griffin as an accredited ISECOM trainer, one of just 5 in the USA.
“I was working as a government contractor in security and I just couldn't believe it when I saw this incredibly new direction in Internet Security that was so effective and here we were still making the same mistakes by focusing on products instead of solutions,” says Griffin. “So I just knew we had to get that knowledge out to others here in the U.S. as quickly as possible.”
Griffin is not the first American to be impressed with ISECOM. Organizations such as the Department of Justice, FBI, NSA, and all the military branches have used the OSSTMM for security tests and have even trained some of their people. Companies like Walmart, Disney, IBM, and Intel have also trained people and applied the ISECOM methodology.
“Even the Vatican got their people trained,” says Griffin. “ISECOM know-how is in big demand but there was almost nobody here who can bring it. So I'm doing it.”
Griffin thinks bringing the ISECOM projects and research to Indiana is advantageous for the state in this knowledge economy since so much focus is needed to securing intellectual property. Therefore he is talking to other security organizations, government, and universities for collaboration. He will be teaching his first official class in OSSTMM Professional Security Analysis (OPSA) the week of September 21st at the new Public Agency Training Council building of Indianapolis. The class focuses on “critical security thinking and analysis”. According to ISECOM (isecom.org), much of the security models currently in use are built from best practices which have a way of not being best for everyone. The OPSA teaches people how to investigate, deconstruct, and measure the security of anything to assure it has the unique, and optimum solution it needs.
Griffin is also extending the ISECOM project, Hacker Highschool, to Indiana, which teaches teens resourcefulness and critical security thinking through hacking. The project provides schools free lesson books and access to a safe, hacker playground, a test network specifically for experimentation.
“We can't turn away from the curiosity these kids have about hacking and expect them to just drop it,” said Pete Herzog, the Managing Director of ISECOM, in a BBC interview. “We need to harness that enthusiasm and help them learn, guide them, and let them understand there are responsibilities and consequences that come with that kind of knowledge.”
Indiana high schools who want to get involved in the Hacker Highschool project or security professionals who are interested in the upcoming OPSA class should contact Griffin.