Eric Smith
FireOak’s Chief Technologist & Information Security Officer

Meet Eric
Chief Technologist and Information Security Officer
Eric Smith is FireOak’s Chief Technologist and Information Security Officer, where he provides technical oversight for client projects and internal initiatives. With over twenty years of experience in information security, cloud computing, systems administration, and network engineering, Eric brings a wealth of strategic, tactical, and technical expertise to FireOak and our clients.
Since joining FireOak Strategies, Eric has launched the FireOak Tech Lab, where he can likely be found with a soldering iron in his hand, fine-tuning one of our 3D printers, or making parts for a FireOak Acorn on the laser cutter.
Eric serves as the technical lead for our consulting engagements. In this capacity, he is often traveling to client sites to meet with staff, examine a client’s technical infrastructure, or conduct a cybersecurity assessment.
Prior to becoming FireOak’s Chief Technologist, Eric Smith served in various roles in information technology in higher education, most recently as the Chief Information Security Officer (CISO) for Franklin & Marshall College, Susquehanna University, and Bucknell University. Eric began his career as a network engineer in the private sector.
In his spare time, Eric is likely spending time rearing queens for his honeybee colonies and working on developing technical solutions to beekeeping-related challenges. Eric is a certified Master Beekeeper.
Certifications, Awards, and Memberships
Industry Certifications
Eric Smith holds a number of industry certifications including:
- (ISC)2 Certified Information Systems Security Professional (CISSP)
- Amazon Web Services (AWS) Solutions Architect
- RedHat Linux Certified Engineer (RHCE)
- Cisco Certified Network Professional (CCNP)
- Microsoft Certified Systems Engineer (MCSE)
- Salesforce Administrator & Platform Developer
Defcon Black Badge
Eric also holds a Defcon Black Badge, awarded for winning the wireless security competition at the world’s largest and longest-operating information security conference.

InfraGard Member
Eric is a member of InfraGard, a public-private partnership with the FBI, a community of practice for individuals working in security-related areas, designed to encourage knowledge sharing and exchange to promote the security of the U.S. critical infrastructure.
Master Beekeeper
Eric has been a Master Beekeeper, certified by the Eastern Apiculture Society (EAS), since 2012.

Research, Writing, and Presentations
Eric’s current research focuses on designing systems to enhance the findability and discoverability of knowledge while protecting the confidentiality, integrity, and availability of data assets. He has written several articles and presented at various national and regional security-focused events.
Recent presentations include:
- “Issues Surrounding Security, Privacy, and Ethics in Enterprise Search,” a panel at KMWorld
- “Spotlight on Solutions” at the Office 365 Symposium
- “Technologies of Privacy and Analysis,” a session at the CGIAR Big Data in Agriculture Convention
- “Security Presentations that Keep Your Campus Awake at Night,” a presentation at the Coalition of Liberal Arts Colleges (CLAC) Annual Meeting
- “Bring Your Own Cloud,” a presentation at the Educause Security Conference
Recent articles and blog posts:
- “Scan This or Scan Me? User Privacy & Barcode-Scanning Applications,” a guest blog post on Freedom to Tinker
- “The Security Dilemma: Desktop Access to ERP System,” published in Educause Review
- “iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers,” a white paper that was highlighted in Ars Technica, Engadget, Slashdot, and other international tech news venues

Eric’s Recent FireOak Blog Posts
-
Optimize your VPN for Office 365
Increase performance and reduce system load by automatically excluding Office 365 traffic from your organization’s split tunnel VPN.
-
Email and website security for the 2020 presidential candidates
What’s the state of email security for the 2020 presidential candidates? And what about the security of candidates’ websites? Read more for our analysis!
-
Deleted Epstein Video Exposes 4 Cybersecurity Failures
4 ways in which the deleted Epstein surveillance video highlights gaps in an organization’s cybersecurity program, and what you can do to prevent such nightmares at your organization.
-
Collection 01 Password Analysis
In January 2019, a massive database of email addresses and passwords was released on the internet. The collection included over 773 million unique email addresses and 21 million unique passwords, credentials that were assembled from many data breaches.
-
Exporting and Importing AWS EC2 Server Disk Images
We are heavy users of Amazon Web Services (AWS) Elastic Cloud Computing (EC2) and regularly help clients transition their on-premises systems to the cloud.
-
Part 1: Create and Export an AWS EC2 Volume Image
In this post, I’ll demonstrate a technique using standard Linux tools to export an AWS volume to another cloud provider or on-prem storage.
-
Part 2: Restore and Boot from an AWS EC2 Volume Image
In this post, I’ll demonstrate a technique using standard Linux tools to create a bootable AWS EC2 instance from an imported AWS volume image.
-
Part 3: Automate the Creation and Export of EC2 Volume Images
In Part One, I reviewed the steps required to create and export an image of an AWS EC2 volume. This process works well, but it is somewhat cumbersome and time-consuming for sysadmins, especially when waiting for large images to compress.
-
LastPass Multifactor Authenticator Review on Daily Tech News Show (DTNS)
We’re thrilled that Eric’s technical review of the new LastPass Multifactor Authenticator got a shout-out as pick-of-the-day on the Daily Tech News Show (DTNS)!
-
Are Printers Ruining Your Security?
On March 24, 2016 printers at several colleges and universities around the world were used to print racist and anti-Semitic messages. The FireOak team suggests several ways to prevent such incidents from happening at your organization.
-
LastPass Authenticator Security Evaluation
In March of 2016, LastPass announced the availability of LastPass Authenticator, an app that provides push-based multi-factor authentication (MFA) for users of their password management service.
-
LastPass Authenticator Security Review: Part 2
Part 2 of our in-depth review of the LastPass Authenticator.