NERSCPowering Scientific Discovery Since 1974

Craig Lant

Craig Lant
Security Analyst
Networking, Servers and Security Group
Phone: (510) 423-3373
Fax: (510) 486-6459
1 Cyclotron Road
Mailstop: 59R4010A
Berkeley, CA 94720 US

Biographical Sketch

Craig has more than 10 years of experience in a variety of computer security positions, with four years at Berkeley Lab and six years with UC Berkeley. His expertise includes firewalls, network intrusion detection systems, detecting compromised systems, and securing Internet accessible production systems, along with experience in incident response and network-based analysis to reconstruct intrusion attempts to develop appropriate defenses. At Cal, where Craig led the Campus System and Network Security Office, he also chaired the Campus Information Security Committee, which developed, reviewed and oversaw the deployment of information security policy.

Journal Articles

Abe Singer, Shane Canon, Rebecca Hartman-Baker, Kelly L. Rowland, David Skinner, Craig Lant, "What Deploying MFA Taught Us About Changing Infrastructure", HPCSYSPROS19: HPC System Professionals Workshop, November 2019, doi: 10.5281/zenodo.3525375

NERSC is not the first organization to implement multi-factor authentication (MFA) for its users. We had seen multiple talks by other supercomputing facilities who had deployed MFA, but as we planned and deployed our MFA implementation, we found that nobody had talked about the more interesting and difficult challenges, which were largely social rather than technical. Our MFA deployment was a success, but, more importantly, much of what we learned could apply to any infrastructure change. Additionally, we developed the sshproxy service, a key piece of infrastructure technology that lessens user and staff burden and has made our MFA implementation more amenable to scientific workflows. We found great value in using robust open-source components where we could and developing tailored solutions where necessary.