Duncan Sparrell

Cyber security expert at sFractal Consulting

Duncan Sparrell is a seasoned (aka old) software developer and network security evangelist. He graduated from RPI back when computers were the size of buildings and programmed with punch cards. After a 35-year career with AT&T, he is semi-retired and trying to give back to the community while pursuing his interests in cloud security, agile, secure software development, and erlang. Most of his cyber experience is blue team (defense) but he kick-started his cyber chops as part of a AFIWC cyber attack team during first Gulf War. Besides various certs (CSSIP, CSSLP, CCSK, PE), he was awarded the Intelligence Community Seal Medallion, and the AT&T Science and Technology Medal.

Past Activities

Duncan Sparrell
06 Mar 2020
10.35 - 11.20

Making IoT safer with BEAM/OTP

In this talk, Duncan will:

  • Explain the safety impact of cyber-physical systems in the Internet of things
  • Explain advantages of quantitative risk analysis for security decision making
  • Extol the advantages of "One Tough Platform" for developing secure software
  • Present pitfalls to avoid and best practices to follow
  • Evangelize OTP for cybersecurity and cyber-physical safety and
  • Demonstrate open-source on a Raspberry Pi showing how future IoT will adapt to threats in real-time






The audience should leave with:

  • Awareness of the safety impact of cyber-physical systems in the Internet of Things,
  • Understanding why OTP is great for cybersecurity and cyber-physical safety, and
  • Where to find open source projects on how future IoT will adapt to threats in real-time.


IoT developers, cybersecurity engineers, hackers

Duncan Sparrell
Code BEAM SF 2018
15 Mar 2018
13.50 - 14.35

Let it Be Hacked

Cyber-attacks are increasing in terms of sophistication, speed and dynamics. Defenses are not keeping up. Why does the attacker have such an advantage? Because most software is not designed with 'let it fail' in mind. Our community has a significant advantage in the area and we should capitalize on it. The talk will start with some cybersecurity fundamentals. I'll explain the advantages of OTP from a cybersecurity perspective. There are still pitfalls and I'll cover some of them as well as present some best practices to help your code be more secure. I'll do a survey of the open source software available as well as touch on areas where work is needed. The goal is to promote the "let it be hacked" mentality - which will both promote erlang/elixir and be good for cybersecurity.


This talk aims to:

  • educate everyone (at least a little bit) in cybersecurity
  • explain why beam/erlang/elixir are great for developing cybersecurity software
  • give some ptifalls to avoid and best practices to follow
  • present a survey of cybersecurity open source software from a BEAM perspective (ie both what is there, and what is needed)
  • an unabashed plea for helping promote beam for cybersecurity


Security-conscious Erlang & Elixir developers as well as managers of software projects