Steven Bay, who served as Snowden’s boss when he worked as a NSA contractor with Booz Allen Hamilton from April 1 to May 20, 2013, told The Cipher Brief he has decided to publicly discuss his brief time working with the NSA leaker to fill out a "gap in the history" and combat what he calls a wealth of "misinformation that’s out there."
Along with his recent departure from Booz Allen Hamilton, Bay said the release this week of Oliver Stone’s "Snowden" movie also served as a spur to discuss his time with Snowden.
Bay was speaking Tuesday at the Rock Stars of Cybersecurity conference in Seattle. Speaking to The Cipher Brief he detailed how companies can "protect themselves from both your average employee with no ill-intent as well as your malicious insider." As Snowden showed, Bay said, "the insider threat is real," and although it is rarer, a malicious actor working within a company has the potential to do "far more damage" than an external hacker.
"I wanted to not only be able to tell the story, but apply it to what companies can do to protect themselves," Bay said of his presentation on Tuesday. Businesses need to accept that they can never be totally protected from rogue employees, but Bay said he wanted to highlight that there are a few technical solutions that can help.
Digitally classifying data and tracking its movement, employing network monitoring and building rule sets that send alerts when classified data leaves the network, and blocking file sharing websites that are not specifically approved by the company are three ways to help deal with the challenge of an insider threat, according to Bay. Offering training programs and being open with employees about cybersecurity and malicious activity are also key to helping staffers stay vigilant, he noted.
Bay said he started his career with the Air Force, working as a Persian-Farsi linguist and network intelligence analyst through 2007. He then moved over to Booz Allen Hamilton as a contractor doing intelligence analysis for the NSA in Maryland until 2011, at which point he moved to Hawaii to lead the work there. During that time, he hired Snowden.
Bay said his official title was "lead associate," and he was a network intelligence analyst. There were about 10-13 people on his Booz Allen team in Hawaii, including Snowden, according to Bay, and "we were spread throughout the agency, the facility, with different NSA teams and missions, doing different work."