2023 Conference Talks for Charles Herring

The following abstracts are available for delivery at security meetings and conferences. Additionally, archived talks outlined in the 2021 Talks are also available.


Charles Herring is co-Founder and Chief Technology Officer at WitFoo. WitFoo was founded to enable the sharing of information and operations across the craft of Cybersecurity. Charles leads research and development of the WitFoo Precinct platform that utilizes Apache Cassandra as a fundamental component in its architecture. Precinct ingests trillions of messages each day across hundreds of clusters to detect cybercrime and provide secure methods of sharing data and operations across corporations, organizations, law enforcement, national security and insurers.

Charles regularly speaks on research at conferences including DEFCON, Secure360 and GrrCON. Charles began his career in cybersecurity analytics in 2022 while in the US Navy serving as the Network Security Officer for the Naval Postgraduate School. After leaving active duty in 2005, he ran a consulting company that focused on data and operations sharing across private and public sector organizations. In 2012, Charles joined network behavioral and anomaly company, Lancope designing and deploying advanced network security solutions. In 2015, Charles joined Cisco Systems through the Lancope acquisition and supported the Global Security Sales Organization until launching WitFoo in 2016.

When Charles is not researching challenges in big-data and cybersecurity, he enjoys SCUBA diving, travel and long dinners with his wife, Mai.

Building a Global CyberGrid on Cassandra

Detecting, catching and successfully prosecuting cybercrime requires collaboration across private sector, law enforcement, insurance companies and national security agencies. Even small organizations produce gigabytes to terabytes of evidence across their internal and cloud instances. Much of this signal evidence contains information protected by law. 

Law enforcement needs to collect evidence from victim organizations without spending hundreds of labor hours. Organizations need a manner to package and share evidence with law enforcement without creating undo risk. Insurers need effective ways of underwriting policies and adjusting claims associated with cybercrime.

In this session, Charles Herring, co-founder and Chief Technology Officer of WitFoo, will detail how terabytes of data collected across hundreds of independent Cassandra clusters each day or safely leveraged to meet the goals of reducing cybercrime and its associated costs.

Charles will cover, build Cassandra schemas to enable cross-organizational sharing, using REST API for facilitating transport across clusters, leaning into Cassandra TTL for data garbage collection and best practices to ensure resilience and performance in diverse environments.

Deterring Cybercrime via a Global CyberGrid

Detecting, catching and successfully prosecuting cybercrime requires collaboration across private sector, law enforcement, insurance companies and national security agencies. In this session, approaches to collect, analyze, store and share digital evidence will be examined. Methods of safely transmitting data between private sector and law enforcement will be discussed. Demonstration of workflows between investigators, law enforcement, prosecutors and insurance adjusters will be covered.

SECOPS Driving Criminal Prosecution

At a key point in the history of cybersecurity operations, it was passively decided that SECOPS is an extension of IT OPS. This session will examine the thesis that SECOPS is an extension of the craft of Law Enforcement and the consequences of building SECOPS on IT models (that were derived from manufacturing models.) Approaches from Law Enforcement that can accelerate and improve SECOPS will be examined. Methods of safely leveraging law enforcement to reduce cyber risk and costs will also be demonstrated.