Front Page

Welcome to my wiki.

Some ways to contact me

  • via email: scortes@ccs.neu.edu or sarah.cortes@post.harvard.edu (PGP Key: 226CCE21)
  • via chat: sarah@ipvtech.is (OTR Key Fingerprint: 407E6144 40622F8E 011A6D6C 67D8EB70 51F82E87)
  • via Skype: sarah_cortes
  • via phone: 330-99-CYBER
  • via Twitter: @SarahCortes
  • via LinkedIn: www.linkedin.com/in/SarahCortes

Leader and cybersecurity expert with track record over 20 years of experience in information security leading large, globally dispersed teams. Financial services, biotech, biopharma, higher education, and defense industries. Extensive Middle East and Europe business experience in Stockholm, Reykjavik, Berlin, Paris, London, Cairo. Researcher with technology expertise in a variety of domains, including information security, security operations, privacy and security engineering, audit and compliance, security incident management and response, privacy, privacy law, the darknet, network security and Mutual Criminal Assistance Treaties (MLATs). Public speaking and technical presentations at conferences, invited speeches, and extensive peer-reviewed publications.

My other websites

Photos and videos

Biography

@Sarah Cortes, MS, CISA, AAFS, is President of Inman Technology. She earned her undergraduate degree at Harvard University, and holds an M.S. from Boston University, in Computer Science, Information Security. She is ABD PhD in Computer Science, Information Assurance at Northeastern University’s College of Computing and Information Science, and studied Forensic Science at Boston University Medical School. Her research focuses on the darknet, network security, criminal legal treaties (MLATs), and digital forensics.

Prior to undertaking her Ph.D, Sarah was a Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, an investment management firm with over $400 billion in assets under management, 79 mutual funds, 96 institutional clients, and over seven million shareholders and retirement plan participants. She oversaw Putnam’s recovery on 9/11 when then-parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over 65 IT audits per year as well as incident investigations in that capacity. As a senior executive and later consultant for Putnam and other Fortune 500 firms, Sarah also had responsibility for major applications development, data center and other operations, with over 100+ staff and $50m budgets. Before that, Sarah was a Sr. VP for Data Center and Security Operations with BNY Mellon Bank, a global investments company with $1.6 trillion in assets under management, previously a part of Shearson/Lehman/American Express, the giant financial services conglomerate.

Sarah has published extensively on computer security, privacy, mutual criminal legal assistance treaties (MLATs), and the darknet, including *MLAT.is World Treaty Cartel Internet Overlay for Darknet and Digital Traffic Analytics) for MLAT.is, featured in the 2017 IEEE International Symposium on Technologies for Homeland Security (HST17). She regularly serves as a referee for Computers & Security Journal.

She has implemented numerous computer applications in use today. Together with Department Chair, Boston University School of Medicine, Department of Biomedical Forensic Sciences and former Cellmark lab director Dr. Robin Cotton et al., Sarah implemented the DNA Mixtures online tool, with a grant from the US Department of Justice. DNA Mixtures was highlighted in the Executive Office of the President, President’s Council of Advisors on Science and Technology (PCAST), Report to the President: Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-Comparison Methods in 2016.

A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team, as co-author of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume, that created the security and privacy laws section of the report. She served on the privacy use cases team for two years and the NIST cybersecurity working group (CSWG) on Smart Grid privacy for seven years. She has co-led Northeastern University Law School Legal Skills in Social Context (LSSC) clinics on surveillance law and online privacy tools and technology, as well as an MIT Co-Design Studio class at MIT Media Lab. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.

In addition to her work on various industry standards bodies, Sarah serves on the IEEE (Institute of Electrical and Electronics Engineers) P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group. While completing her PhD, Sarah interns at the Alameda County Sheriff’s Office Crime Lab in Digital and Multimedia Evidence. In her work to help end cyberstalking and abuse through technology, Sarah serves on the Boards of Emerge, the first Abuser Intervention Program (BIP), and Each One Teach One, dedicated to training for technology employment.

Work Experience

Inman Technology IT 2004-Present
See Professional Services: Litigation Support/Expert Witness Launched and run IT company providing consulting to Fortune 500 firms. Provide hands-on services in the following areas: • Security Incident Management and Response • Security Operations • Security Engineering • Information Security and Privacy • IT Audit, Compliance • Complex Application Development and Implementation • Disaster Recovery/High Availability • Data Center Operations Management • Program/Project Management • Darknet • Threat Intelligence • Data Breach • Litigation support

Clients include: ∙ Fidelity Management & Research ∙ Fidelity Brokerage Company ∙ Draper Laboratory ∙ Sanofi Genzyme ∙ Biogen Idec ∙ Harvard Law School ∙ Harvard University Information Systems ∙ Boston University ∙ Venable LLC

Alameda County Sheriff’s Office Digital and Multimedia Evidence Crime Lab, Oakland, CA 2017-Present - Digital and Multimedia Evidence Crime Lab - Sample tools: Cellebrite, EnCase, FTK - Internship while completing PhD - Evidence identification, preservation, extraction, and analysis, report preparation - Hands-on crime scene processing: evidence and onsite extractions, including CCTV - Software validation testing, Cellebrite Physical Analyzer, UFED Digital Forensics tools - Criminal cases include financial crimes, fraud, homicide, sexual assault, child porn, robbery, identity theft - Examine warrants and ensure legal compliance

Putnam Investments, Boston, MA 1993-2004
A subsidiary of Great-West Lifeco (Power Corporation of Canada); previously, Marsh & McLennan
Investment management firm, with over $400 billion in assets under management, 79 individual mutual fund offerings, 96 institutional clients, and over seven million shareholders and retirement plan participants.
∙ Sr Vice President, IT Security Operations, SOC, Security Engineering, Security Incident Management and Response, Disaster Recovery/High Availability, Audits & Client Transmissions
∙ Vice President, Investment Trading and Analytics Systems

The Boston Company/Shearson/Lehman/American Express, Boston, MA
A subsidiary of BNY Mellon Bank, a global investments company with $1.6 trillion in assets under management. Previously a subsidiary of Shearson/Lehman/American Express, a financial services conglomerate with brokerage, asset management and investment banking services.
∙ Sr Vice President, Data Center Operations (1992-1993)
∙ Vice President, Disaster Recovery Planning
∙ AVP, Manager of Mutual Fund System Development and Support
∙ AVP, Manager, Portfolio Accounting Operations and Services
∙ Manager of Mutual Fund Performance and Analysis Services
∙ Management Training Program, Executive Assistant to CEO of The Boston Company, and Vice Chairman of Shearson Lehman

US Department of Energy, Office of Hearings and Appeals, US Federal Government Washington, DC
∙ Programmer Analyst- wrote programs to analyze price fluctuations to detect price gouging.
∙ Law clerk and legal analyst for cases heard regarding charges of violations of US Energy Department Regulations and US laws

Publications

Sarah Cortes, MLAT World Treaty Cartel Internet Overlay for Digital Traffic Analytics for MLAT.is, Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security (HST17), April 2017.

Aaron Jaggard, Aaron Johnson, Sarah Cortes, Paul Syverson, and Joan Feigenbaum, 20,000 in League Under the Sea, Anonymous Communication, Trust, MLATs, and Undersea Cables, [pdf] Proceedings on Privacy Enhancing Technologies (PETS-15th International Symposium). 1(1), pp 4–24, (2015). ISSN (Online) 2299-0984, DOI: 10.1515/popets-2015-0002.

Sarah Cortes, Legalizing Domestic Surveillance: The Role of Mutual Legal Assistance Treaties in Deanonymizing TorBrowser Technology, Richmond Journal of Law and Technology, Vol. 22 #2 (December 2015), pp. 1-99, http://jolt.richmond.edu/2015/12/05/v22i1article2.

Sarah Cortes, Cyberterrorism. In The SAGE Encyclopedia of War: Social Science Perspectives, Ed. Paul Joseph (2016) DOI: http://dx.doi.org/10.4135/9781483359878.n174.

Robin W. Cotton, Catherine Grgicak, Sarah Cortes, Margaret Terrill, Charlotte J. Word, DNA Mixtures, www.DNAmixtures.com. Boston University School of Medicine, Biomedical Forensic Sciences. This project was supported by Award No. 2008-DN-BX-K158 awarded by the National Institute of Justice, Office of Justice Programs, U. S. Department of Justice. Note: This application was highlighted in Executive Office of the President, President’s Council of Advisors on Science and Technology (PCAST), Report to the President: Forensic Science in Criminal Courts: Ensuring Scientific Validity of Feature-Comparison Methods, September 20, 2016, p. 83. https://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_forensic_science_report_final.pdf.

Sarah Cortes, CircuitBlasTor: Practical Privacy Optimizing for Real-life Proprietary Information Protection, (submitted).

“Jurisdictional Arbitrage in Anonymous Network Path Selection” (with Andrew Lewman (The Tor Project, Norse, Farsight Security), Aditya Rao and Christo Wilson (Northeastern University)) (under publication review).

Sarah Cortes, Rebecca Herold, Gal Shpantzer, Chris Veltsos, “Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with the Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2014 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, 2014, pp. 8-21 (pp. 304-317).

Sarah Cortes, Rebecca Herold, Gal Shpantzer, Chris Veltsos, “Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with the Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2010 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, 2010, pp. 7-15 (pp. 323-331).

Software Applications

Some sample applications I have implemented for Fortune 500 clients or major educational institutions

  • DNA Mixtures- Boston University Biomedical Forensic Sciences Department, BU Medical School- supported by Award No. 2008-DN-BX-K158 awarded by the National Institute of Justice, Office of Justice Programs, U. S. Department of Justice
  • Biopharmaceutical Clinical Trial System - major global Biopharmaceutical Company located in Cambridge, MA
  • Global Equity, Fixed Income, Cash and Derivative Instruments MultiCurrency Accounting Systems - major Financial Services Company located in Boston, MA, New Hampshire and and Rhode Island
  • Faculty Information System, Harvard Law School
  • Held-Away Assets, for a major asset management company in the Boston area, Major complex application to incorporate all client assets from all financial institutions
  • Global Multi-Currency Investment Company Fund Accounting system, for a major asset management company headquartered in the Boston area
  • Cash Investment Company Fund Accounting system, for a major asset management company

Education

  • ABD PhD, Northeastern University, (Ph.d expected Dec. 2017) College of Computing and Information Science: Computer Science: Information Assurance

  • Northeastern CCIS profile
  • dissertation

    PhD Committee:
    • László Barabási (Northeastern University, College of Computing & Information Science)
    • Engin Kirda (Northeastern University, College of Computing & Information Science)
    • Thomas Koenig (Northeastern University)
    • Paul Syverson (Center for High Assurance Computer Systems (CHACS) of the Naval Research Laboratory (NRL))

    • Software Vulnerabilities, Computer Networking, Network Security
    • Operating Systems, Social Computing
    • Physics 5116: Dynamical Processes on Complex Networks
    • Physics 7331: Network Science Data
    • Cyberlaw

  • Boston University Medical School, Department of Biomedical Forensic Sciences 2015-16
    Dr. Robin Cotton, Department Chair, Advisor
    • M. S. - level classes in the M. S. Biomedical Forensic Sciences Program
    • Forensic Sciences: Crime Scene Analysis
    • Forensic Sciences: Criminal Ethics and Law- Evidence
    • Forensic Sciences: Criminal Law II-Expert Witness
  • MS Boston University, Computer Science - Information Security, 2011

    • Software Security, Database Security, Network Security, Information Security, IT Security Policies
    • Data and Telecommunications
    • Database Management, Data Mining
    • Java Programming, Data Structures, Analysis of Algorithms
    • Digital Forensics, Biometrics
  • AB Harvard University
    • Languages. Coursework in:
    • Applied Mathematics
    • Computer Engineering
    • Circuit Board Engineering
    • Assembly Language
    • Managerial Finance
    • John Harvard Scholar
    • Agassiz Scholar
    • Harvard Crimson Daily newspaper, editorial editor

Certifications

  • Boston University, Certificate in Private Investigation- 2010
    • Met educational requirement for Board Certified Criminal Defense Investigator (CCDI) from Criminal Defense Investigation Training Council
    • Investigative research, Investigative Interviewing, Investigative Surveillance
    • Instructor: Former Chief of Police, Town of Winthrop & Town of Spencer, Massachusetts
  • CISA, Certified Information Security Auditor, ISACA, the International Information Systems Audit and Control Association, 2008
    • Information systems audit, control and security auditing practices and techniques
    • Gathering and preserving evidence in forensic investigations
    • Control objectives and reporting techniques
    • Applicable laws and regulations affecting investigation scope, evidence collection and preservation
    • Evidence collection techniques (e.g., observation, inquiry, inspection, interview, data analysis
    • Forensic investigation techniques, computer-assisted audit techniques (CAATs) used to gather, protect and preserve evidence

Information systems audit, control and security auditing practices and techniques Gathering and preserving evidence in forensic investigations Control objectives and reporting techniques Applicable laws and regulations affecting investigation scope, evidence collection and preservation Investigate financial fraud and other financial crimes Evidence collection techniques (e.g., observation, inquiry, inspection, interview, data analysis, forensic investigation techniques, computer-assisted audit techniques [CAATs]) used to gather, protect and preserve audit evidence

Research Interests

Selected Invited Talks, Speaking Engagements and Paper Presentations

2017:

2016:

  • NACACS, ISACA’s North America Computer Audit, Control and Security Symposium, Orlando, FL. Invited speaker jointly with Rebecca Herold, the Privacy Professor, a renowned privacy expert. ISACA is the International Information Systems Audit and Control Association.

2015:

2014:

2013:

2012:

2011:

2010:

2009:

  • Bentley University Usability Forum, Waltham, MA: invited speaker
  • Suffolk University: Project Management and OpenSource: MBA class, Sawyer School of Business, Boston, MA: invited speaker
  • Project Management Institute (PMI) Annual Conference, Waltham, MA: COBIT and IT Standards: invited speaker

Legislative Testimony

Academic & Related Appointments

Northeastern University Law School, Legal Skills in Social Context Clinic (LSSC)

MIT CoDesign Studio, MIT Media Lab 2013-14

The Tor Project, Inc. 2012-15

  • Researcher – File/Analyze FOIAs/FOIPAs
  • Collaborate with US Naval Research Laboratory (NRL) researchers on network path selection

Harvard Extension School 2011-13

Suffolk University, Sawyer Business School, Strategy and International Business Department 2009

  • Guest lecturer, MBA class. Project Management and OpenSource

Harvard Senior Common Room, Cabot House 1990-2013

  • Technology and Business Tutor. Appointed by Harvard House masters, SCR members are appointed as prominent achievers in their field to advise students.
  • Advised students, helped them with their resumes, computer skills, and job search.

Prospect Hill Academy, Cambridge, MA 2014-Present

  • Teaching Assistant, teaching high school youth computer programming and related skills.

Cambridge Ringe and Latin School, Cambridge, MA 2015-Present

  • Teaching Assistant, teaching high school youth computer programming and related skills.

Honors and Awards

2013 World Bank Hack-a-Thon Team, First Prize, Washington DC

  • First Prize for team development of an application, fuerza.is, to help fight domestic violence

Sample Professional Organizations, Activities and Affiliations

Alameda County Sheriff’s Office Digital and Multimedia Evidence Crime Lab 2017-Present
American Academy of Forensic Sciences (AAFS)- Member 2017-Present
High Technology Crime Investigation Association (HTCIA)- Member 2017-Present
IEEE P1912 – Institute of Electrical and Electronics Engineers, Privacy and Security Architecture for Consumer Wireless Devices Working Group 2015-present
National Institute for Science and Technology (NIST) SGIP-CSWG: Smart Grid Interoperability Panel, Cyber Security Working Group

  • Led the Legal sub-team that created, and then updated, the privacy section of NISTR report 2009-2014
  • Privacy Use Cases sub-team 2009-2012
  • Smart Grid Interoperability Panel Cyber Security Working Group (CSWG) 2009-present

Journalism

Fundraising

  • Educational Organizations
    • Harvard University - Annual Giving Co-Chair, Reunion Giving Co-Chair
    • National Cathedral School for Girls - Capital Campaign Special Gifts Committee
    • Milton Academy - Annual Giving Committee, 2003-2014
    • Shady Hill School - Capital Campaign Major Gifts Committee, 2000-2004
    • Cambridge Ellis School - Director 1994-1997. Capital Campaign Steering Committee
  • Social Services Organizations
    • Emerge, Inc. - various fundraising campaigns
    • Transition House - Board Development campaigns

Community Service

Some of my nonprofit organizations, fundraising and Boards of Directors:

Lobbying

  • Work with members of the MA Legislature on bills affecting employers and cyberstalking

In the Press

(Sample)
5/15/17- ‘Dangerous’ ransomware campaign roils global computer networks, EENews
6/26/15- SWIFT Institute and University of Delaware collaborate on cyber security challenges, SWIFT Institute
3/18/15-Experts: Consumer Privacy Bill of Rights may ease privacy compliance, TechTarget Media
Mass. legislator: Revisit data security law, Boston Business Journal
State moving to rework data security law, Boston Business Journal

Languages

Advanced: French. Some: Italian, Russian, Latin, Greek, Arabic, Swedish

Skills/Expertise

Other Training

Photography and Videography

Sports

Contact