Skip to main content



Find us on

facebook youtube flickr twitter itunes u logo

Upcoming Events

Sal Stolfo

Salvatore J. Stolfo Columbia University
A Brief History of Symbiote DefenseTuesday, October 31st
Rockefeller 003
5:00 PM

 Fright Night Imge

Wanna See Something REALLY Scary?
ISTS Looks at the Dark Web on Halloween Night
Tuesday, October 31st
Sudikoff  045 Trust Lab (dungeon)
7:30 PM - RSVP
Space is Limited 


Recent Talks

Dan Wallach

STAR-Vote: A Secure, Transparent, Auditable and Reliable Voting System

Professor Dan Wallach
Rice University
Thursday April 27, 2017
Carson L01, 5:00 PM

Ben Miller Dragos

Pandora's Power Grid - What Can State Attacks Do and What Would be the Impact?

Ben Miller
Chief Threat Officer, Dragos, Inc.
Tuesday May 2, 2017
Kemeny 007, 4:30 PM
Brendan Nyhan




Factual Echo Chambers? Fact-checking and Fake News in Election 2016.

Professor Brendan Nyhan
Dartmouth College
Thursday May 4, 2017
Rocky 001, 5:00 PM

Dickie George


Espionage and Intelligence

Professor Dickie George
Johns Hopkins University
Thursday May 11, 2017
Rocky 001, 5:00 PM

Dan Wallach

A Nation Under Attack: Advanced Cyber-Attacks in Ukraine

Ukrainian Cybersecurity Researchers
Thursday April 6, 2017
Oopik Auditorium 5:30 PM

ISTS Information Pamphlet



Institute for Security, Technology, and Society
Dartmouth College
6211 Sudikoff Laboratory
Hanover, NH 03755 USA
HomeEvents >

Evaluating, Promoting and Managing Expectations of Emerging Security Technologies in the Enterprise

Enno Rey
February 19, 2008


In the last few years, enterprise and government organizations concerned with choosing long-term IT security strategies have had to deal with a wide variety of choices, from the recently developed technologies such as Trusted Computing, massive OS virtualization, and new non-IP network architectures, to the resurgent paradigms such as the Mandatory Access Control policies and Multi-level security systems. Not surprisingly, a perfect fit between a given security technology and the security goals of a particular organization is an extremely rare occasion; most often an external assessment is necessary to assess whether a chosen combination of technologies actually fits the company's or government agency's security needs. Moreover, the security researchers' job is not done when the technical part of an assessment is over, because it is crucial for them to communicate its results to the enterprise leaders in such a way that they can understand them and make informed decisions.

In this talk, I will discuss our experiences of conducting practical vulnerability research into the latest enterprise IT technologies, and bringing it to our enterprise and government customers, both helping technologies conducive to achieving the customer's actual goals to get traction, and dissuading customers from popular choices that did not appear to be a good match for their needs.


Enno Rey is a German security researcher who runs a company specialized in performing security assessments for large corporations and governmental agencies. Amongst his main interests are network technologies (e.g. MPLS, VoIP) and operating system security architectures. He's a regular speaker at hacker conferences (Black Hat, ShmooCon and the like) and network events (including FutureNet, Carrier Ethernet World Congress) and author of several books and articles.

Last Updated: 4/21/10