Lisa Wiswell, Bureaucracy Hacker, Defense Digital Service
Not that long ago, the Department of Defense started to evolve from security through obscurity to more open practices that welcome contributions from the outside world. A new “Hack the Pentagon” bug bounty pilot proved that outside hackers could help secure DoD systems. The DoD then launched a vulnerability disclosure policy so that researchers could point out general security issues. And a recent “Hack the Army” contest has further proven that bug bounties are an effective tool in the DoD’s security toolkit.
This talk will discuss 2016’s rocky road to get to where we are today. Though there is still work to be done, there are signs of life to report. Progress at the DoD will help legitimize practices for other sectors and finally provide more clarity on the gray areas of the Computer Fraud & Abuse Act. Security researchers and prosecutors alike will have a better understanding of what is and isn’t legal in the hacking realm.
Lisa Wiswell has worked for the better part of the past decade with the Department of Defense to shift its culture to interact more positively with the hacker community—and to applaud them for their impactful work. She presently works at the Defense Digital Service hacking the Department of Defense bureaucracy and its antiquated and restrictive policies and processes. Previously, she was an Obama Administration appointee, supporting senior DoD leaders by formulating and implementing strategies to improve DoD’s ability to operate in digital space, and worked at the Defense Advanced Research Projects Agency overseeing a portfolio of cyberwarfare initiatives.