Neal O’Farrell is widely regarded as one of the world’s longest-serving security and privacy experts, with nearly 40 years in the industry. Which is not quite as long as he’s struggled with a variety of mental health challenges that have walked in lockstep with his security career.
As Neal transitions from a four-decade career in security to a focus on mental health and wellness, he’s leading a number of initiatives including the creation of the first mental health cluster for the NIST/GCTC Smart and Security Cities initiative, to examine how our future smart cities can support and improve the mental health of their residents.
He’s also leading The PsyberResilience Project and an effort to address the chronic levels of stress and burnout being reported amongst our digital first responders, the cybersecurity workforce.
A Dress Maker, Not A Code Maker
Although he’s advised governments, banks, the intelligence community, and Fortune 500 companies, Neal has never written a line of code in his life. Instead, he studied marketing in his home town of Dublin, Ireland so he could be the third generation to take over a hundred-year-old family fashion business whose clients included a who’s who of the world’s rich and famous – from Coco Chanel and Yves St Laurent to the Duchess of Westminster and the Queen of Siam.
His fallback plan was filmmaking. His Grand Uncle, author Michael Farrell, made Maureen O’Hara’s first movie, when she was just 14 years old. His cousin Michelle Dockery played Lady Mary Crawley on the hit TV series Downton Abbey. A Humphrey Bogart fan from when he was a young teenager, when he was seventeen Neal ran away from home and hitchhiked his way through Europe and Morocco in search of Casablanca (he made it as far as Marrakesh).
Neal got hooked on security in 1980 when a college friend showed him how a simple floppy disk could be used to steal passwords. In the late 1980s, while still in his twenties, Neal was awarded the first contract to encrypt Ireland’s joint banks national ATM network. That was the same year he helped develop an alternative to the Irish government’s aging secure telephone system, and later to an invitation from the Irish Department of Defense to develop a European rival for the NSA’s STU 3 ultra secure telephone terminal. That led to a direct conflict with the NSA, an experience chronicled in his upcoming book The Man from Intrepid.
Today he’s regarded as one of the world’s first security and privacy experts and has been fighting cybercrime and identity theft around the world for more than 35 years. And after more than 20 years living in places like London and San Francisco, he now calls Cincinnati Ohio his home.
Neal was one of the first experts to focus on the increasingly important connection of ethics, and specifically data ethics, to cybersecurity and privacy. He first became interested in the potential role of ethics in security when he was the only security expert invited to advise the Congressionally-mandated Stock Act panel in 2013 (an amendment to the Ethics in Government Act) empanelled to study the security and privacy implications of greater financial transparency by members of Congress and senior federal employees.
As part of that study, over a period of six months Neal participated in in-depth interviews on national security, privacy, and ethics issues with nearly sixty organizations including the Department of Defense, Department of Homeland Security, Department of Justice, the Office of National Counterintelligence, Office of the White House General Counsel, SEC, FTC, FBI and nearly twenty other executive branch agencies.
Neal is credited with developing the first Data Ethics Workplace Code of Conduct, as well as the first employee data ethics training program. He currently serves as Data Ethics Advocate for a growing number of organizations, promotes the teaching of data ethics at the university and high school level, and is helping in the development of an ethics cluster for the NIST/DHS GCTC Smart and Secure Cities and Communities Initiative.
Neal is passionate about the importance of educating users to defeat cyber threats, and in 1988 co-hosted with IBM one of Europe’s first network security conferences. In 2000 he was appointed the first ever Director of Education for a security company (Zone Labs, now Check Point).
Shortly after that he started building employee security awareness courses, for firms like bebe Stores and Cost Plus World Market, and went on to co-found the Center for Information Security Awareness, a partnership with FBI/InfraGard to provide free employee security awareness training for individuals and small businesses. Neal created the entire course, test, and certification, and that course has since been accessed by thousands of organizations.
In 2001 Neal wrote a series of articles for SearchSecurity.com urging a greater focus on “the human perimeter” as a defense against all kinds of cyber threats. His article “Security Training: A Call To Arms,” was selected by SearchSecurity.com as one of the Top 10 Executive Briefings.
That same year, Neal was invited to Chair the first “Cybercrime on Wall Street” conference hosted by the Institute for International Research (IIR). In 2002 he launched Hacademia, a partnership with security publisher Syngress (now part of Elsevier) to turn their collection of Hack Proofing guides into online security training courses. Hackademia is now part of the University of Washington. Neal served as Technical Editor for one of the first in the Hack Proofing series, “Hack Proofing Your Wireless Network.”
In 2002 Neal launched the nation’s very first Cyber Secure City, a unique experiment to raise the security awareness of an entire city – residents, businesses, schools, even the Mayor and city council. The program slogan was “Think Security First!”, a mantra that is even more important more than 15 years later. Partners in the yearlong initiative included Microsoft, Cisco, McAfee, and AT&T, and received the endorsement of the US Chamber of Commerce, the Department of Homeland Security, and the International Information Systems Security Certification Consortium, Inc. (ISC)².
Neal was also a member of the advisory board of the nation’s first Cybersecurity Apprenticeship Program, launched in California in 2016, and is currently a member of the OC3 Education and Workforce Subcommittee, an initiative of the Ohio National Guard, as well as the National Initiative for Cybersecurity Education (a part of NIST) K12 subcommittee.
His most ambitious program so far is Foster Warriors, and a plan to help foster youth and young adults pursue studies and careers in cybersecurity.
Identity Theft Expert
In 2003 Neal was the first expert to train an entire police department in identity theft awareness. He went on to lead the Identity Theft Council, an award-winning non-profit that has assisted thousands of victims of identity theft. Through his work with the Council, Neal has helped set new standards in the way victims of identity theft are treated and supported, and in how law enforcement is trained.
He has worked with hundreds of police departments, Neighborhood Watch groups and community action organizations. He also takes on complex cases referred to him by the FBI and U.S. Secret Service. In 2011 the Council was honored with the 2011 Editors Choice Award from SC Magazine, one of the cyber security industry’s most prestigious awards. Previous winners include the NSA.
His book on identity theft has been used by three of the top five U.S. banks to educate their customers on identity theft prevention. Neal is also the Executive Producer of the documentary series In the Company of Thieves that goes inside the world of professional identity thieves, and has appeared on the Discovery Channel’s Investigation Discovery series.
Neal is a member of the Online Trust Alliance IoT working group, and in 2015 he was honored as the first ever recipient of the Eigen Award, presented by the International Association of Certified Fraud Examiners at the headquarters of Wells Fargo Bank in San Francisco.
Neal has acted as advisor to numerous security firms including ZoneAlarm (now Check Point), Surf Control (now Websense), Ntru Cryptosystems, Securify, and SiteLock, and identity protection firms like PrivacyMatters, EZ Shield, IdentityGuard, and Credit Sesame. He was an advisor to blockchain startup Civic, one of the first startups to complete a successful Initial Coin Offering (ICO), and is currently an advisor to Adaptable Security, biometrics startup Taliware, and a Fellow of the EP3 Foundation.
Speaker and Trainer
Neal has taught security to numerous audiences including Facebook, Morgan Stanley Smith Barney, Ameriprise, Merrill Lynch, Stifel Nicolaus, US Bank, US Trust, BKR International, the Credit Union National Association (CUNA), and the National Association of Secretaries of State, as well as the Association of Certified Fraud Examiners, the High Tech Crimes Investigators Association (HTCIA), the California Financial Crimes Investigators Association (CFCIA), the California High Technology Crime Advisory Committee (HTCAC), and the International Association of Financial Crimes Investigators.
He has authored more than a thousand blogs and articles on security and privacy and has been quoted in numerous publications around the world including the New York Times, Forbes, Inc., the Wall St. Journal, the Huffington Post, CNN Money, BusinessWeek, USA Today, SmartMoney, CNET, Information Week, the National Law Journal, Today.com, NBC, CBS, CNBC, Fox Business, and the South China Morning Post.
A Deep Background in Security
In the 1980s, at the birth of the cybersecurity industry, Neal was helping governments, banks, and intelligence agencies protect their most sensitive communications. In the mid-1980s, after a phone tapping scandal, he developed a telephone privacy system for the Irish government, and later went on to work with Nokia to incorporate privacy and security into their first generation of cell phones.
In 1988 Neal won the first contract to encrypt Ireland’s entire national ATM network, the same year he installed the first two-factor authentication system in an Irish bank. He also co-hosted with IBM one of Europe’s first network security conferences.
In 1989 he started the Intrepid project, a government supported program to develop a European rival for the NSA’s Secure Telephone System (STU3), considered the world’s most secure, secure telephone system. The result of the project was the launch of Milcode, widely considered the most secure secure telephone of its time. That project brought Neal into direct conflict with the NSA and that story is chronicled in his upcoming book The Man from Intrepid.
Neal also developed Faxcode, the world’s first fully encrypting fax machine, and resulted in his selection as the first Irish entrepreneur to be invited to participate in the Export to Japan study program hosted by the Japanese government.
Neal later went on to work with a number of British defense companies to develop a new generation of telephone privacy and encryption systems, and was the first Irishman invited to visit GCHQ, Britain’s ultra secretive spy center. He also worked with Britain’s largest bank to develop the first generation of voice verification biometrics for the bank’s telephone banking system.