Craig Lant

Biographical Sketch
Craig has more than 10 years of experience in a variety of computer security positions, with four years at Berkeley Lab and six years with UC Berkeley. His expertise includes firewalls, network intrusion detection systems, detecting compromised systems, and securing Internet accessible production systems, along with experience in incident response and network-based analysis to reconstruct intrusion attempts to develop appropriate defenses. At Cal, where Craig led the Campus System and Network Security Office, he also chaired the Campus Information Security Committee, which developed, reviewed and oversaw the deployment of information security policy.
Journal Articles
Abe Singer, Shane Canon, Rebecca Hartman-Baker, Kelly L. Rowland, David Skinner, Craig Lant, "What Deploying MFA Taught Us About Changing Infrastructure", HPCSYSPROS19: HPC System Professionals Workshop, November 2019, doi: 10.5281/zenodo.3525375
NERSC is not the first organization to implement multi-factor authentication (MFA) for its users. We had seen multiple talks by other supercomputing facilities who had deployed MFA, but as we planned and deployed our MFA implementation, we found that nobody had talked about the more interesting and difficult challenges, which were largely social rather than technical. Our MFA deployment was a success, but, more importantly, much of what we learned could apply to any infrastructure change. Additionally, we developed the sshproxy service, a key piece of infrastructure technology that lessens user and staff burden and has made our MFA implementation more amenable to scientific workflows. We found great value in using robust open-source components where we could and developing tailored solutions where necessary.