Aaron Alva | technologist (and lawyer)

Aaron Alva is a technologist and tech advisor at the Federal Trade Commission. At the FTC, he advises the Director of the Bureau of Consumer Protection and case teams on a variety of technical issues including data minimization and deletion, multifactor authentication, health privacy, and ad tech.

Before the FTC, Aaron conducted cybersecurity research on a variety of topics ranging from cloud forensics to digital evidence admissibility to surgical robotics security. He is also a recipient of the NSF CyberCorps Scholarship for service for his joint Masters in Information Management and J.D. at the University of Washington.

Selected Experience

Federal Trade Commission / Technologist 09/15-present

• Advise leaders and attorneys on technical aspects of security, privacy, and fraud investigations. Substantially contributed to multiple investigations leading to novel security & privacy actions and remedies. These contributions have resulted in over $5 billion in settlements, and consent orders that improve security & privacy for hundreds of millions of US consumers.
• Conduct technical research on security & privacy topics that impact consumers.
• Educate attorneys and investigators on i) relevant technical research; ii) investigative techniques for security, privacy, and fraud investigations; iii) foundational technical concepts; and more.

CyberAware, LLC / Founder 10/14–09/15

• Founded company devoted to providing cybersecurity consulting services with a focus on cybersecurity & critical infrastructure policy issues. Successfully completed large project for a Fortune 100 tech company. The client was satisfied with the work completed and noted that my work was beneficial for the client.

Microsoft / Trustworthy Computing Intern 06/14-09/14

• Provided specific guidance on how the NIST Cybersecurity Framework could be used for Microsoft’s cloud services. Shortly after, Microsoft publicly stated that its cybersecurity risk management practices align with the Framework for its cloud services.
• Conducted a comprehensive analysis of national cybersecurity strategies that helped inform international cybersecurity policy decisions. Analysis of each strategy yielded a comprehensive mapping of what nations publicly state they plan to do about cybersecurity.

CERT at Carnegie Mellon University / Graduate Researcher 06/13-09/13

• Researched strengthening security requirements through contractual relationships between critical infrastructure organizations and service providers.

Cloud Security Alliance / Graduate Intern, Global Research 04/12-09/12

• Facilitated global industry-led research projects as project manager.

Pacific Northwest National Laboratory (PNNL) / Technical/Business Student 06/07-08/08, 12/08, 05/09-08/09, 01/10, 05/10-08/10

• Conducted information security research as part of strategic (high-risk, high-reward) initiative, and led multi-part security tool evaluation as project manager.

Education

Juris Doctor / University of Washington 2012-2015

• Student contributor to UW Tech Policy Lab (founding year)

M.S. Information Management / University of Washington 2011-2014

• Awarded National Science Foundation Scholarship for Service

B.A. Political Science | Minor Secure Computing / Univ. of Central Florida 2008-2011

• Awarded Order of Pegasus (University’s highest honor)

Selected Presentations

Aaron Alva and Terrell McSweeney, “So You Want to Market Your Security Product…,” Black Hat USA (2017). Link

Aaron Alva and Whitney Merrill, “Goodnight Moon & the House of Horrors: A look at the current IoT ecosystem and the regulations trying to control it,” ShmooCon (2017). Video

Aaron Alva and Mark Eichorn, “IoT Updates to Help Protect Consumers,” IoT Village at DEF CON 25 (2017).

Aaron Alva and Terrell McSweeney, “Ransomware, Drones, Smart TVs, Bots: Protecting Consumers in the Age of IoT,” RSA Conference (2017).

Selected Publications

Justin Brookman, Phoebe Rouge, Aaron Alva, and Christina Yeung. “Cross-device tracking: Measurement and disclosures.” Proceedings on Privacy Enhancing Technologies (2017). Link

Tamara Bonaci, Aaron Alva, Jeffrey Herron, Ryan Calo, Howard Jay Chizeck, “I Did It My Way: On Law and Operator Signatures for Teleoperated Robots.” Paper presented at the We Robot Conference on Robotics, Law & Policy, Seattle, WA (Apr. 2015). Link

Aaron Alva and Lisa Young, “L-SQUARE: Preliminary Extension of the SQUARE Methodology to Address Legal Compliance.” Paper presented at the 1st International Workshop on Evolving Security & Privacy Requirements Engineering (ESPRE), Karlskrona, Sweden (IEEE, Aug. 2014).

Dan Arnaudo, Aaron Alva, Phillip Wood, Jan Whittington. “The Political & Economic Implications of Authoritarian Control of the Internet: The Case of Egypt During the Arab Spring,” Critical Infrastructure Protection VII (2013). Link

Ivan Orton, Aaron Alva, Barbara Endicott-Popovsky, “Legal Process and Requirements for Cloud Forensic Investigations,” Cybercrime and Cloud Forensics: Applications for Investigation Processes, ed. Keyun Ruan (2013). (Book chapter)

Nicolai Kuntze, Carsten Rudolph, Aaron Alva, Barbara Endicott-Popovsky, John Christiansen, Thomas Kemmerich. “On the Creation of Reliable Digital Evidence,” Advances in Digital Forensics VIII (2012). Link

Selected Certifications

Certified Information Systems Security Professional (CISSP) 04/2020

Contact me

@aalvatar