- Privacy Talk at NACACS 15
- Welcome to my wiki. Here are some of my subject-specific sites:
- Research Interests
- Selected Invited Talks, Speaking Engagements and Paper Presentations
- Legislative Testimony
- In the Press (sample)
- Academic & Related Appointments
- Honors and Awards
- Sample Professional Organizations and Activities
- Professional Services: Technology and Business
- Social Services, Professional Activities and Organizations
- Photography and Videography
- Odds and Ends
- In Memoriam
Privacy Talk at NACACS 15
Hear my talk on privacy in Orlando, Florida, USA at NACACS, ISACA’s North America Computer Audit, Control and Security Symposium. I’m speaking jointly with Rebecca Herold, the Privacy Professor, a renowned privacy expert. ISACA is the International Information Systems Audit and Control Association.
Welcome to my wiki. Here are some of my subject-specific sites:
Academic: Computer Science, Information Security Technical and Legal Research Dissertation Website, MLAT.is, SecurityWatch
Professional: Technology and Business Services InmanTechnologyIT.com
Some of my nonprofit Organizations and Boards of Directors:
- Emerge Batterer Intervention Program (BIP), Director 2009-Present, Vice President 2014- Present and Clerk 2010-Present
- Employers Against Domestic Violence, Director 2010-Present
- Transition House Director 2013-Present, Clerk 2014-Present
- Cambridge Technology Violence Prevention Council co-Founder 2012- Present
- Each One Teach One Founder, Director, President 2012- Present
- Cambridge Family and Children’s Service (CFCS) Director 1996-2002
- Cambridge Ellis School - Director 1994-1997
Here are some photos:
- Sarah Cortes1
- Sarah Cortes2
- MIT Media Lab coDesign Studio Class with Andrew Lewman, Tor Project, Jude Mwenda and Yu Wang, MIT
- MIT Media Lab Class with Risa Medick, Transition House, Andrew Lewman, Tor Project, Jude Mwenda and Yu Wang, MIT
- MIT Media Lab coDesign Studio with Sasha Costanza-Chock, Jude Mwenda, MIT, and Andrew Lewman, Tor Project
Here are some videos:
@Sarah Cortes, MS, PMP, CISA, is President of Inman Technology. She earned her undergraduate degree at Harvard University, and holds an M.S. from Boston University, in Computer Science, Information Security. She is a PhD candidate in the Information Assurance program at Northeastern University’s College of Computing and Information Science. As a Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, a major global asset management firm and subsidiary of Marsh & McLennan, Sarah oversaw Putnam’s recovery on 9/11 when parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over 65 IT audits per year in that capacity. As a senior executive and later consultant responsible for Putnam’s and other Fortune 500 firms, Sarah managed major applications development, data center and other operations, staff and budgets.
A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team, as co-author of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume, that created the security and privacy laws section of the report. She served on the privacy use cases team for two years and has been a member of the NIST cybersecurity working group (CSWG) on Smart Grid privacy for five years. She has recently co-led Northeastern University Law School Legal Skills in Social Context (LSSC) Clinics on Surveillance Law, Privacy Tools, and Tor and Domestic Surveillance, Domestic Terrorism and Privacy and Anonymity Technology, as well as a 2014 MIT Co-Design Studio class at MIT Media Lab on Domestic Surveillance, Domestic Terrorism, Privacy and Anonymity Technology and Tor. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.
In addition to her work on various industry standards bodies, Sarah serves on the IEEE (Institute of Electrical and Electronics Engineers) P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group as subcommittee lead on research and use cases.
In her work to help end domestic violence and abuse, including cyberstalking and abuse through technology, Sarah serves on the Boards of Emerge, the first Abuser Intervention Program (BIP)(Vice President and Clerk), Transition House, one of the first domestic abuse shelters, and Employers Against Domestic Violence (EADV).
Sarah is the co-author of the industry leading technical treatise, with Paul Syverson, Aaron Jaggard, Aaron Johnson (US Naval Research Laboratory, Washington, DC) and Joan Feigenbaum (Yale University), entitled “20,000 in League Under the Sea, Anonymous Communication, Trust, MLATs, and Undersea Cables,” Proceedings on Privacy Enhancing Technologies (PETS-15th International Symposium). Volume 1, Issue 1, Pages 4–24, ISSN (Online) 2299-0984, DOI: 10.1515/popets-2015-0002, April 2015. She is also the author of the industry leading legal treatise, “Legalizing Domestic Surveillance: The Role of Mutual Legal Assistance Treaties in Deanonymizing TorBrowser Technology,” in the Richmond Journal of Law and Technology, 22 Rich. J.L. & Tech. 2 (2015), http://jolt.richmond.edu/v22i1/article2.pdf. You can follow her on @SarahCortes.
Aaron Jaggard, Aaron Johnson, Sarah Cortes, Paul Syverson, and Joan Feigenbaum, 20,000 in League Under the Sea, Anonymous Communication, Trust, MLATs, and Undersea Cables, [pdf] Proceedings on Privacy Enhancing Technologies (PETS-15th International Symposium). Volume 1, Issue 1, Pages 4–24, ISSN (Online) 2299-0984, DOI: 10.1515/popets-2015-0002, April 2015.
Sarah Cortes, Legalizing Domestic Surveillance: The Role of Mutual Legal Assistance Treaties in Deanonymizing TorBrowser Technology, 22 Rich. J.L. & Tech. 2 (2015), http://jolt.richmond.edu/v22i1/article2.pdf.
“Jurisdictional Arbitrage in Anonymous Network Path Selection” (with Andrew Lewman (The Tor Project), Aditya Rao and Christo Wilson (Northeastern University)) (submitted).
“Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with Rebecca Herold, Gal Shpantzer, Chris Veltsos and The Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2014 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid , 2014, pp. 8-21 (pp. 304-317).
“Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with Rebecca Herold, Gal Shpantzer, Chris Veltsos and The Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2010 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, 2010, pp. 7-15 (pp. 323-331).
PhD candidate, Northeastern University, College of Computing and Information Science, Boston, MA
- Graduate Advisor and PhD Committee:
- László Barabási (Northeastern University, College of Computing & Information Science)
- Engin Kirda (Northeastern University, College of Computing & Information Science)
- Thomas Koenig (Northeastern University)
- Paul Syverson (Center for High Assurance Computer Systems (CHACS) of the Naval Research Laboratory (NRL))
- Graduate Advisor and PhD Committee:
- MS Computer Science - Information Security, Boston University, Boston, MA
- Boston University Medical School, Department of Biomedical Forensic Sciences: Crime Scene Analysis
AB Harvard University, Cambridge, MA
- Boston University, Certificate in Private Investigation- educational requirement for Board Certified Criminal Defense Investigator (CCDI) from Criminal Defense Investigation Training Council
- PMP, Project Management Professional, Project Management Institute
- CISA, Certified Information Security Auditor, ISACA, the International Information Systems Audit and Control Association
- Security, including cybersecurity
- Anonymous Networks, Routing algorithms, Path Selection and Internet Communications
- Mutual Legal Assistance Treaties, MLATs
- Smart Grid, Smart Meters, Technology, Legal Frameworks and Case Law
- Data Breaches - Technical Analysis, Legal Frameworks and Case Law
- Cyberstalking - Technical Analysis, Legal Frameworks and Case Law
Selected Invited Talks, Speaking Engagements and Paper Presentations
- American Accounting Association Transformative Technologies Workshop, Chicago, IL
- PETS 15, Privacy Enhancing Technology Symposium, Philadelphia: 20,000 In League Under the Sea: Anonymous Communication, Trust, MLATs, and Undersea Cables
- Cybersecurity in the Financial Services Industry, University of Delaware, Lerner College of Business and Economics [View YouTube video]
- Generally Accepted Privacy Principles (GAPP): invited speaker to North America Computer Audit & Control Association Symposium, NACACS15, Orlando, Florida [View YouTube video]
- PETS 14, Privacy Enhancing Technology Symposium, Amsterdam: MLATs and Path Selection
- ECA 14 Eastern Communications Association Panel, Providence, RI: Invited panelist on DV and film with producer Garland Waller
- USENIX13 Workshop on Free and Open Communications on the Internet (FOCI13), Washington DC: Legal Hostility factors in Anonymous Network Routing
- EnergySecurity12 conference, Portland, OR: Legal Aspects and Case Law in Smart Grid Privacy: invited panelist
- B-Sides Las Vegas Security Conference at Defcon/Black Hat: SmartGrid, Surveillance & Subpoenas
- Northeastern University NIST SmartGrid Cybersecurity Conf., on Smart Grid Privacy Legal Frameworks: invited speaker
- Jubilee Christian Church, Boston, MA, invited speaker and panelist on Domestic Violence
- Babson College, Has IT Killed Privacy?, Wellesley, MA: invited speaker
- Boston University, Craigslist Killer and Location-Based Technology: invited speaker
- Project Management Institute (PMI) National Conference, Boston, MA: COBIT and IT Standards: invited speaker
- Bentley University Usability Forum, Waltham, MA: invited speaker
- Suffolk University: Project Management and OpenSource: MBA class, Sawyer School of Business, Boston, MA: invited speaker
- Project Management Institute (PMI) Annual Conference, Waltham, MA: COBIT and IT Standards: invited speaker
- Testimony (and text) before the Massachusetts Legislature on Data Breach Laws, Massachusetts General Law (MGL) Chapter 93H and its regulations, 201 CMR 17.00
- Testimony before the Massachusetts Office of Consumer Affairs & Business Regulation (OCABR) on Data Breach Laws, Massachusetts General Law (MGL) Chapter 93H and its regulations, 201 CMR 17.00
- Testimony before the Massachusetts Legislature on impact on employers of a bill amending MGL 149, which provides leave for victims
In the Press (sample)
6/26/15- SWIFT Institute and University of Delaware collaborate on cyber security challenges, SWIFT Institute blog
3/18/15-Experts: Consumer Privacy Bill of Rights may ease privacy compliance, TechTarget Media
Mass. legislator: Revisit data security law, Boston Business Journal
State moving to rework data security law, Boston Business Journal
Academic & Related Appointments
Northeastern University Law School, Legal Skills in Social Context Clinic (LSSC)
- co-Leader: Surveillance Law, Privacy Tools, and Anonymity w/ACLU 2014-15
- co-Leader: Domestic Surveillance, Privacy and Anonymity Technology w/Casa Myrna Vasquez Domestic Violence Agency 2012-13
MIT CoDesign Studio, MIT Media Lab 2013-14
The Tor Project, Inc. 2012-15
- Researcher – File/Analyze FOIAs/FOIPAs
- Collaborate with US Naval Research Laboratory (NRL) researchers on network path selection
Harvard Extension School 2011-13
Suffolk University, Sawyer Business School, Strategy and International Business Department 2009
- Guest lecturer, MBA class. Project Management and OpenSource
Legal Affairs Office, Department of Energy, US Federal Government Washington, DC
- Programmer Analyst- wrote programs to analyze price fluctuations to detect price gouging for litigation.
Harvard Senior Common Room, Cabot House 1990-2013
- Technology and Business Tutor. Appointed by Harvard House masters, SCR members are appointed as prominent achievers in their field to advise students. Advised students, helped them with their resumes, computer skills, and job search.
Prospect Hill Academy, Cambridge, MA 2014-Present
- Teaching Assistant, teaching high school youth computer programming and related skills.
Cambridge Ringe and Latin School, Cambridge, MA 2015-Present
- Teaching Assistant, teaching high school youth computer programming and related skills.
Honors and Awards
2013 World Bank Hack-a-Thon Team, First Prize, Washington DC
- First Prize for team development of an application, fuerza.is, to help fight domestic violence
Sample Professional Organizations and Activities
National Institute for Science and Technology (NIST) SGIP-CSWG: Smart Grid Interoperability Panel, Cyber Security Working Group
- Led the Legal sub-team that created, and then updated, the privacy laws section of NISTR report 2009-2014
- Privacy Use Cases sub-team 2009-2012
- Smart Grid Interoperability Panel Cyber Security Working Group (CSWG) 2009-present
IEEE P1912 – Institute of Electrical and Electronics Engineers, Privacy and Security Architecture for Consumer Wireless Devices Working Group, subcommittee lead on research and use cases.
Professional Services, for Fortune 500 companies and major Universities
- As Senior Vice President, Putnam Investments, a subsidiary of Marsh & McLennan, and SVP at the Boston Company, a subsidiary of Shearson Lehman and American Express, managed major business units for Fortune 500 asset management companies.
- As President of Inman Technology Consulting, provide wide range of services to Fortune 500 companies and major universities
- Executive Management- conducted strategic planning, goal-setting, management and execution for IT operations, IT Application Development and Client Services organizations
- Human Resources Management- have managed multiple groups with 200+ staff
- Operations Management- have managed Data Center Operations for mainframe and distributed platforms
- Information Security, Privacy - managed large IS operations, strategy and incident management teams
- Audit- Oversaw over 65 IT audits per year
- Disaster Recovery - responsible for all DR, including failover on 9/11
- Project Management- Major Application development
- Financial oversight- managed budgets of up to $50 million/year
- Some Sample Applications I have implemented for Fortune 500 clients or major educational institutions
- DNA Mixtures- Boston University Biomedical Forensic Sciences Department, BU Medical School
- Biopharmaceutical Clinical Trial System - major global Biopharmaceutical Company located in Cambridge, MA
- Global Equity, Fixed Income, Cash and Derivative Instruments MultiCurreny Accounting Systems - major Financial Services Company located in Boston, MA, New Hampshire and and Rhode Island
- Faculty Information System, Harvard Law School
- Held-Away Assets, for a major asset management company in the Boston area, Major complex application to incorporate all client assets from all financial institutions
- Global Multi-Currency Investment Company Fund Accounting system, for a major asset management company headquartered in the Boston area
- Cash Investment Company Fund Accounting system, for a major asset management company
- Employers Against Domestic Violence (EADV), Director, 2010-present
- Emerge Abuser Education, Director, Vice President, Clerk, 2009-present. Emerge is the first Batterer Intervention Program in the US, Court-Mandated and Voluntary, Domestic Violence(DV), Intimate Partner Abuse(IPA), Intimate Partner Violence (IPV), counseling and education, victim services, research, publications
- Transition House, Director, Clerk, Volunteer. Work with survivors providing computer training, resume and job search advice. One of the first Domestic Violence(DV) Shelters and service providers in the US
- Cambridge Technology Council, Founder. Technologists collaborating to end Domestic Violence(DV), Intimate Partner Abuse(IPA), Intimate Partner Violence (IPV)
- Each One Teach One, Founder, Board Vice President. Economic empowerment through job training and employment in technology.
- Northeastern Law School DV Clinic/LSSC - Collaborated on leading a Legal Skills in Social Context(LSSC) Program on Cyberstalking Law
- State of MA, Department of Children and Families (DCF), Community Advisory Board nominee
- Jubilee Christian Church, invited speaker and panelist on Domestic Violence
- Cambridge Family and Children’s Service (CFCS) Director 1996-2002.
- Cambridge Ellis School - Director 1994-1997
- Work with survivor and advocate referrals on cyberstalking and technology abuse cases
- Work with forensic scientists on evidence collection issues
- Work with members of the MA Legislature regarding bills affecting DV victims and State Agencies
- Educational Organizations
- Harvard University - Annual Giving Co-Chair, Reunion Giving Co-Chair
- National Cathedral School for Girls - Capital Campaign Special Gifts Committee
- Milton Academy - Annual Giving Committee, 2003-2014
- Shady Hill School - Capital Campaign Major Gifts Committee, 1996-2000.
- Cambridge Ellis School - Director 1994-1997. Capital Campaign Steering Committee
- Social Services Organizations
- Emerge, Inc. - various fundraising campaigns
- Transition House - Board Development campaigns
Photography and Videography
You can view my photography here
- Some samples of my photography:
You can view my videography here
Some sample videos I have produced:
- How the Trinity Women’s Squash Team Prepares
- Coding for Charity- How to Prepare for New England GiveCamp
- Dating & Relationships short