Rapid7 Public Policy

Consumers, businesses, and governments increasingly rely on interconnected and complex technologies. Enabling society to safely reap the benefits of this progress requires strong cybersecurity policies, practices, and awareness. To advance this cause, Rapid7 works with governments, companies, non-profits, and experts to shape policies, standards, and legislation that benefit consumers and defend responsible cybersecurity practitioners.

Recent Highlights

Public Policy
Incident Reporting Regulations Summary and Chart
Read Full Post
Public Policy
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
Read Full Post
Public Policy
Navigating the Evolving Patchwork of Incident Reporting Requirements
Read Full Post
Public Policy
New US Law to Require Cyber Incident Reports
Read Full Post

Our Policy Work

Computer Access Laws

Laws restricting computer access and use should carefully balance the need to combat cybercrime with the value of supporting security research, innovation, and other legitimate activity.

DMCA

The Digital Millennium Copyright Act (DMCA) can hinder good faith security research by restricting the ability to analyze software for vulnerabilities. We support changes to extend protections for security researchers without diminishing copyright.

CFAA

Independent security research is valuable for advancing cybersecurity, but the Computer Fraud and Abuse Act (CFAA) makes little distinction between beneficial research and malicious hacking. We support responsible CFAA reforms and clarifications to protectshield security researchers and internet users from overbroad liability.

UK Computer Misuse Act

The UK's Computer Misuse Act (CMA) imperils the sharing of defensive security tools, provides no acknowledgement of the importance of good faith security research, and fails to define what constitutes authorization for access to systems. Rapid7 supports sensible reforms that clarify these issues and advance cybersecurity without creating opportunities for abuses.

States

Rapid7 occasionally advises states on computer access laws to protect consumers and businesses while avoiding obstacles to research and innovation.

Hack Back

Authorizing private entities to take active measures in retaliation against hacking risks undermining cybersecurity and causing collateral damage.

Meet the Team

Deral Heiland
Principal Security Consultant

Deral Heiland CISSP, serves as a Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.

Sabeen Malik
Vice President of Global Government Affairs and Public Policy

Sabeen Malik is the Vice President of Global Government Affairs and Public Policy at Rapid7. She has spent her education and career pursuits becoming a thought leader on digital economy and tech policy issues, law and economic development, innovation economies, and next-generation emerging technology and economic trends. Sabeen has worked in the private and public sector, including at Thumbtack, Google, and the United States Department of State where she served as a senior tech advisor to the Under Secretary of State for Economic Growth, Energy, and the Environment. Along with a passion for global technology trends in business and economic issues, she also is an expert on bridging differences with the public and private sector to create international partnerships that solve global problems. Sabeen serves on several boards and is a Truman National Security Fellow, Aspen Socrates Fellow, Atlantic Council Non Resident Fellow, and Stimson Loomis Council member. She has spoken at the World Bank, the UN, and the White House.

Tas Giakouminakis
Co-Founder & Chief Technology Officer

Tas Giakouminakis leads Rapid7’s Office of the CTO, focusing on security research, data science and public policy initiatives to better the security community through open and collaborative engagement. As Rapid7's co-founder and CTO, Tas previously led the development and integration of Rapid7’s award-winning solutions, driving the technical direction to enable customers through quality, simplicity, and innovation. Prior to founding Rapid7, Tas helped form Percussion Software, where he led the development of Percussion's first product. He has also developed software in the security and risk areas for CitiCorp. Tas serves on the Information Systems Technical Advisory Committee (ISTAC) at the U.S. Dept. of Commerce, where he advises on export controls related to information security products.