Front Page

Privacy Talk at NACACS 15

Hear my talk on privacy in Orlando, Florida, USA at NACACS, ISACA’s North America Computer Audit, Control and Security Symposium. I’m speaking jointly with Rebecca Herold, the Privacy Professor, a renowned privacy expert. ISACA is the International Information Systems Audit and Control Association.

Welcome to my wiki. Here are some of my subject-specific sites:

Academic: Computer Science, Information Security Technical and Legal Research Dissertation Website, MLAT.is, SecurityWatch
Professional: Technology and Business Services InmanTechnologyIT.com
LinkedIn.com/in/SarahcCortes
Also: www.SarahCortes.is
Some of my nonprofit Organizations and Boards of Directors:

Journalism: CCTV, Security Watch, TechTarget Media, Squashsite.co.uk, Harvard Crimson
Fundraising

Here are some photos:

Here are some videos:

Smart Grid Technology Reveals Your Activities in Your Home: Privacy Panel Raises CyberSecurity Concerns
Sarah Cortes on NIST SmartGrid Cybersecurity NEU

Biography

@Sarah Cortes, MS, PMP, CISA, is President of Inman Technology. She earned her undergraduate degree at Harvard University, and holds an M.S. from Boston University, in Computer Science, Information Security. She is a PhD candidate in the Information Assurance program at Northeastern University’s College of Computing and Information Science. As a Senior Vice President for Security, IT Audit and Disaster Recovery at Putnam Investments, a major global asset management firm and subsidiary of Marsh & McLennan, Sarah oversaw Putnam’s recovery on 9/11 when parent company Marsh & McLennan’s World Trade Center 99th floor data center was destroyed. She also supervised over 65 IT audits per year in that capacity. As a senior executive and later consultant responsible for Putnam’s and other Fortune 500 firms, Sarah managed major applications development, data center and other operations, staff and budgets.

A former analyst for the US Department of Energy, she led the National Institute for Science and Technology (NIST) Cybersecurity Working Group sub-team, as co-author of the 2014 NIST: Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, as well as the 2010 volume, that created the security and privacy laws section of the report. She served on the privacy use cases team for two years and has been a member of the NIST cybersecurity working group (CSWG) on Smart Grid privacy for five years. She has recently co-led Northeastern University Law School Legal Skills in Social Context (LSSC) Clinics on Surveillance Law, Privacy Tools, and Tor and Domestic Surveillance, Domestic Terrorism and Privacy and Anonymity Technology, as well as a 2014 MIT Co-Design Studio class at MIT Media Lab on Domestic Surveillance, Domestic Terrorism, Privacy and Anonymity Technology and Tor. She has helped draft data breach laws, and testified before the Massachusetts legislature and regulatory agencies.

In addition to her work on various industry standards bodies, Sarah serves on the IEEE (Institute of Electrical and Electronics Engineers) P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group as subcommittee lead on research and use cases.

In her work to help end domestic violence and abuse, including cyberstalking and abuse through technology, Sarah serves on the Boards of Emerge, the first Abuser Intervention Program (BIP)(Vice President and Clerk), Transition House, one of the first domestic abuse shelters, and Employers Against Domestic Violence (EADV).

Sarah is the co-author of the industry leading technical treatise, with Paul Syverson, Aaron Jaggard, Aaron Johnson (US Naval Research Laboratory, Washington, DC) and Joan Feigenbaum (Yale University), entitled “20,000 in League Under the Sea, Anonymous Communication, Trust, MLATs, and Undersea Cables,” Proceedings on Privacy Enhancing Technologies (PETS-15th International Symposium). Volume 1, Issue 1, Pages 4–24, ISSN (Online) 2299-0984, DOI: 10.1515/popets-2015-0002, April 2015. She is also the author of the industry leading legal treatise, “Legalizing Domestic Surveillance: The Role of Mutual Legal Assistance Treaties in Deanonymizing TorBrowser Technology,” in the Richmond Journal of Law and Technology, 22 Rich. J.L. & Tech. 2 (2015), http://jolt.richmond.edu/v22i1/article2.pdf. You can follow her on @SarahCortes.

Publications

Aaron Jaggard, Aaron Johnson, Sarah Cortes, Paul Syverson, and Joan Feigenbaum, 20,000 in League Under the Sea, Anonymous Communication, Trust, MLATs, and Undersea Cables, [pdf] Proceedings on Privacy Enhancing Technologies (PETS-15th International Symposium). Volume 1, Issue 1, Pages 4–24, ISSN (Online) 2299-0984, DOI: 10.1515/popets-2015-0002, April 2015.

Sarah Cortes, Legalizing Domestic Surveillance: The Role of Mutual Legal Assistance Treaties in Deanonymizing TorBrowser Technology, 22 Rich. J.L. & Tech. 2 (2015), http://jolt.richmond.edu/v22i1/article2.pdf.

“Jurisdictional Arbitrage in Anonymous Network Path Selection” (with Andrew Lewman (The Tor Project), Aditya Rao and Christo Wilson (Northeastern University)) (submitted).

“Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with Rebecca Herold, Gal Shpantzer, Chris Veltsos and The Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2014 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid , 2014, pp. 8-21 (pp. 304-317).

“Chapter 3: Legal Frameworks for Smart Grid Privacy,” (with Rebecca Herold, Gal Shpantzer, Chris Veltsos and The Smart Grid Interoperability Panel Cyber Security Working Group (CSWG)) NIST: NISTIR 7628 2010 Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid, 2010, pp. 7-15 (pp. 323-331).

Preparation

  • PhD candidate, Northeastern University, College of Computing and Information Science, Boston, MA

    • Graduate Advisor and PhD Committee:
    • László Barabási (Northeastern University, College of Computing & Information Science)
    • Engin Kirda (Northeastern University, College of Computing & Information Science)
    • Thomas Koenig (Northeastern University)
    • Paul Syverson (Center for High Assurance Computer Systems (CHACS) of the Naval Research Laboratory (NRL))
  • MS Computer Science - Information Security, Boston University, Boston, MA
  • Boston University Medical School, Department of Biomedical Forensic Sciences: Crime Scene Analysis
  • AB Harvard University, Cambridge, MA

Certifications

Research Interests

Selected Invited Talks, Speaking Engagements and Paper Presentations

2016:

2015:

2014:

2013:

2012:

2011:

2010:

2009:

  • Bentley University Usability Forum, Waltham, MA: invited speaker
  • Suffolk University: Project Management and OpenSource: MBA class, Sawyer School of Business, Boston, MA: invited speaker
  • Project Management Institute (PMI) Annual Conference, Waltham, MA: COBIT and IT Standards: invited speaker

Legislative Testimony

In the Press (sample)

6/26/15- SWIFT Institute and University of Delaware collaborate on cyber security challenges, SWIFT Institute blog
3/18/15-Experts: Consumer Privacy Bill of Rights may ease privacy compliance, TechTarget Media
Mass. legislator: Revisit data security law, Boston Business Journal
State moving to rework data security law, Boston Business Journal

Academic & Related Appointments

Northeastern University Law School, Legal Skills in Social Context Clinic (LSSC)

MIT CoDesign Studio, MIT Media Lab 2013-14

The Tor Project, Inc. 2012-15

  • Researcher – File/Analyze FOIAs/FOIPAs
  • Collaborate with US Naval Research Laboratory (NRL) researchers on network path selection

Harvard Extension School 2011-13

Suffolk University, Sawyer Business School, Strategy and International Business Department 2009

  • Guest lecturer, MBA class. Project Management and OpenSource

Legal Affairs Office, Department of Energy, US Federal Government Washington, DC

  • Programmer Analyst- wrote programs to analyze price fluctuations to detect price gouging for litigation.

Harvard Senior Common Room, Cabot House 1990-2013

  • Technology and Business Tutor. Appointed by Harvard House masters, SCR members are appointed as prominent achievers in their field to advise students. Advised students, helped them with their resumes, computer skills, and job search.

Prospect Hill Academy Cambridge, MA 2014-Present

  • Teaching Assistant, teaching high school youth computer programming and related skills.

Honors and Awards

2013 World Bank Hack-a-Thon Team, First Prize, Washington DC

  • First Prize for team development of an application, fuerza.is, to help fight domestic violence

Sample Professional Organizations and Activities

National Institute for Science and Technology (NIST) SGIP-CSWG: Smart Grid Interoperability Panel, Cyber Security Working Group

  • Led the Legal sub-team that created, and then updated, the privacy laws section of NISTR report 2009-2014
  • Privacy Use Cases sub-team 2009-2012
  • Smart Grid Interoperability Panel Cyber Security Working Group (CSWG) 2009-present

IEEE P1912 – Institute of Electrical and Electronics Engineers, Privacy and Security Architecture for Consumer Wireless Devices Working Group, subcommittee lead on research and use cases.

Professional Services: Technology and Business

  • Professional Services, for Fortune 500 companies and major Universities

    • As Senior Vice President, Putnam Investments, a subsidiary of Marsh & McLennan, and SVP at the Boston Company, a subsidiary of Shearson Lehman and American Express, managed major business units for Fortune 500 asset management companies.
    • As President of Inman Technology Consulting, provide wide range of services to Fortune 500 companies and major universities
    • Executive Management- conducted strategic planning, goal-setting, management and execution for IT operations, IT Application Development and Client Services organizations
    • Human Resources Management- have managed multiple groups with 200+ staff
    • Operations Management- have managed Data Center Operations for mainframe and distributed platforms
    • Information Security, Privacy - managed large IS operations, strategy and incident management teams
    • Audit- Oversaw over 65 IT audits per year
    • Disaster Recovery - responsible for all DR, including failover on 9/11
    • Project Management- Major Application development
    • Financial oversight- managed budgets of up to $50 million/year
  • Some Sample Applications I have implemented for Fortune 500 clients or major educational institutions
    • DNA Mixtures- Boston University Biomedical Forensic Sciences Department, BU Medical School
    • Biopharmaceutical Clinical Trial System - major global Biopharmaceutical Company located in Cambridge, MA
    • Global Equity, Fixed Income, Cash and Derivative Instruments MultiCurreny Accounting Systems - major Financial Services Company located in Boston, MA, New Hampshire and and Rhode Island
    • Faculty Information System, Harvard Law School
    • Held-Away Assets, for a major asset management company in the Boston area, Major complex application to incorporate all client assets from all financial institutions
    • Global Multi-Currency Investment Company Fund Accounting system, for a major asset management company headquartered in the Boston area
    • Cash Investment Company Fund Accounting system, for a major asset management company

Social Services, Professional Activities and Organizations

Professional Organizations

Advocacy

  • Work with survivor and advocate referrals on cyberstalking and technology abuse cases
  • Work with forensic scientists on evidence collection issues

Legislative Testimony

Testimony before the Massachusetts Legislature on impact on employers of a bill amending MGL 149, which provides leave for victims to attend court

Lobbying

  • Work with members of the MA Legislature regarding bills affecting DV victims and State Agencies
  • Video
  • Journalism
  • Training

Journalism

Fundraising

  • Educational Organizations
    • Harvard University - Annual Giving Co-Chair, Reunion Giving Co-Chair
    • National Cathedral School for Girls - Capital Campaign Special Gifts Committee
    • Milton Academy - Annual Giving Committee, 2003-2014
    • Shady Hill School - Capital Campaign Major Gifts Committee, 1996-2000.
    • Cambridge Ellis School - Director 1994-1997. Capital Campaign Steering Committee
  • Social Services Organizations
    • Emerge, Inc. - various fundraising campaigns
    • Transition House - Board Development campaigns

Sports

Photography and Videography

You can view my photography here

  • Some samples of my photography:

You can view my videography here

Odds and Ends

In Memoriam

Contact