Certified Information System Security Professional
Certified Cloud Security Professional
Certified Information Security Manager
BS, Cyber Security
20+ Years Of Experience
Cyber Security and Generative AI Risk Expert
Steve Packard is one of the few experienced, fully credentialled cyber security experts out there. In a world dominated by IT clowns, insurance underwriters, geriatric politicians and clueless law enforcement, Steve Packard offers something few else can: sanity, when it comes to cyber security. That’s because to a legitimate expert like he is, cyber security is neither perplexing nor even difficult.
For more than 20 years, Steve Packard has been both an enthusiast and lover of cyber security culture, and a hard working supporter of the profession. He’s seen it all, and has worked at some of the largest and most important organizations in the world, lending his talent to system recovery, preparation, investigations and enforcement.
Risk Economics, Financials and Underwriting:
Steve Packard has been called the world’s number 1 expert in cyber loss control and the financial underwriting of cyber security risk. As a third generation Connecticut risk manager, he knows how to properly qualify and assess cyber security risks. Steve has been advocating for accountability by insurance companies, many of whom began paying ransom in the mid 2010’s with the intent of making money off of the underwriting profits.
In the years since then, Steve Packard has been a lone voice of sanity, tirelessly working to stop the irresponsible and negligent practices by cyber security insurance providers and has called for the prosecution of cyber insurance underwriters who have knowingly fund terrorism.
Steve has advocated for the use of the Sarbanes-Oxley act to hold insurance companies accountable for the risks they cause their shareholders, their policyholders and national security. As someone who is much older than most mainstream cyber security insurance, he’s repeatedly expressed his disgust at the lack of ethics in the sector.
Expert in Quantitative Risk Analysis of Cyber Risk:
Steve Packard is an expert in the assessment of cyber security defenses and mitigating controls in order to achieve the highest levels of security. He’s developed some of the most accurate methods for the assessment and analysis of organizations and technologies. Using a methodological approach, it is possible to determine the risk of cyber loss and how to properly mitigate it.
The funny thing is that many seem to doubt that it is possible to figure out cyber security risk. Obviously, that’s just not true. It’s as easy to understand as any other artificial, technical risk, which is what makes it entirely possible to determine cyber risk with an extreme amount of accuracy and precision.
Steve’s method of quantitative analysis is based on a deep understanding of the costs associated with cyber security incidents, and from expertise in evaluation of defensive matters. This approach leverages threat and vulnerability modeling and requires a full spectrum understanding of how cyber incidents happen from start to finish, but is the only reliably accurate way to do so.
Ransomware Expert:
Steve Packard first encountered crypto ransomware in 2014, while attempting to recover a computer for a law firm, which had been infected by an early version. Although he had previously been aware of similar schemes, he recognized right away that this was a problem that was going to explode and grow exponentially. He also was one of the first in the world to recognize the pivotal role that insurance would play in ransomware. Unfortunately, his activism fell on deaf ears.
With ten years of work studying ransomware, how it propagates and what can be done to stop it, Steve Packard is one of the world’s foremost experts in the area of ransomware and its prevention. He’s developed strategies to help reduce its impact, detect it right away and stop it in its paths. He’s also an expert in the economics, the dynamics of ransomware gangs and the way in which it can infect systems.
There’s really nothing about ransomware Steve Packard does not know, and that’s why he’s so concerned about it. It’s clear that ransomware is a growing threat. As an expert, Steve Packard is aware that ransomware is entirely preventable, and that it can be wiped out of existence with a few basic measures.
Steve is not afraid of answering the tough questions that others are afraid of, like the ethics of paying ransom and what that ransom pays for. He’s been a strong opponent of appeasement and is one of the most vocal critics of those who treat ransomware gangs with a sense of fear.
Generative AI Risk Expert:
Steve Packard is one of the only experienced risk managers to have evaluated generative AI at a major developer. With generative AI getting so much attention, and the potential for rapid growth and expansion of the sector, many are padding their way to claim that they are “AI Risk Experts.” Steve is the real deal. He has worked at Google Labs and elsewhere, helping developers and scientists better understand the risks that AI presents.
Even in the AI sector, those truly familiar with the safety and security of AI are few and far between, with quite a few skewing toward the deep end. However, as a trained and experienced data risk manager and business analyst, he’s worked to better document and manage risks related to AI deployment.
He’s one of the few experts around who can tell you this: The danger with generative AI are not that it will take over the world or turn evil. The danger is that it will malfunction due to poor testing, shoddy oversight and lack of awareness. The danger is that generative AI will generate something that will get a company sued. The danger is that the liabilities associated with AI issues poorly established.
There are real, present-time risks that need to be dealt with to assure that generative AI does not result in huge losses, and Steve Packard is one of the few people who is qualified to test, analyze and mitigate these risks.
Steve Packard is also an avid AI developer, with a passion for natural language processing and diffusion modeling. One of his favorite hobbies is transforming images into AI art in Stable Diffusion.
Tireless Advocate for Professionalization of Cyber Security:
Above all else, Steve Packard advocates that Cyber Security must be treated like the mature profession it is, and credentialed experts must be trusted for the important and high risk issues. He’s seen how badly the world is doing, due to insurance companies, healthcare organizations and others refusing to accept the need for true expertise.
One of the biggest myths about cyber security is that it is so new, so unknown, so uncharted, that even the greenest amateurs can be used, because we are all just trying to figure it out. That’s absolutely ridiculous. In realty, what many organizations are doing is akin to practicing medicine without a license. Given what is at stake, why risk it when properly credentialled experts are avaiable?
Steve holds multiple certification, such as the CISSP, the single most important mark of quality and expertise in cyber security professionals. While certifications have been criticized for “Only proving you can take a test,” that seems to be more than most people can do. In reality, it shows a sense of commitment and buy-in to the profession and demonstrates that the individual is willing to be held to professional standards of quality control.
More than just a Cyber Security Professional:
Of course, Steve is far more than just a cyber security professional. There’s a lot more to his life, and while he may be enthusiastic for hacking and security, he also loves the wilderness and going on long hikes, boondocking in random places in the Rockies and exploring. Steve Packard is a great fan of history, which he finds great inspiration in and is also deeply interested in economics and science. His hobbies include being a space flight enthusiast and experimenting with software defined radios.
Steve is a huge proponent of nuclear energy, as a way of achieving better a better environment and lower CO2 emissions, while providing the ample energy mankind needs. He’s championed it as the next great achievement of mankind and reminds people that moving toward nuclear energy, from chemical energy, is a vital step in the advancement of mankind. He’s also interested in the effects of nuclear reactions and how ionizing radiation an be used to measure systems indirectly. He collects and repairs geiger counters for fun.
Steve is also a lover of dogs and loves spending time and playing with his best friend Ben, a 10 year old mixed breed rescue. He’s done a great deal of advocacy and volunteer work with animal shelters and is a huge promoter of the adoption of rescue dogs.
He’s also a fan of classic cars, enjoys repairing and modifying his own car, and loves classic vehicles of all kinds. He’s a huge fan of classic rock and loves the cinema. He’s a also big fan of retro media and advocates for its protection. He is also a fan of classic mensware, zany humor and he loves long walks on the beach talking about cyber security.
Steve has blogged in the past, but has taken the past few years off. He looks forward to including some of his old writings, though updated, to this blog.